Cisco iOS Basics: Passwords

Before starting any configuration on your network equipment it is essential to protect it with passwords.

Every single interface that you have on your router or switch has to be password protected.

There are few commands regarding passwords – console, aux, telnet (vty) enable password and enable secret.

Here are commands:

(config)#enable password test – Sets the enable password to test

Zeljko(config)#enable secret test1 – Sets the enable secret password to test1. Supersedes the enable password.

Zeljko(config)#line line – Changes to line mode to configure the console, aux, and VTY (Telnet).

Zeljko(config-line)#password password – The line password for aux, console, and VTY (Telnet) are all set in line configuration mode.

Zeljko(config-line)#login – When a line is configured to use a password, the login command must be set to prompt for login.

Zeljko(config)#service password- encryption – Encrypts the passwords in the clear text configuration file (both running-config and startup-config).

Lets see commands in action:
Zeljko(config-line)#enable password test
Zeljko(config)#enable password test
Zeljko(config)#enable secret test1
Zeljko(config)#line aux ?
<0-0>  First Line number
Zeljko(config)#line aux 0
Zeljko(config-line)#password aux
Zeljko(config-line)#login
Zeljko(config-line)#exit
Zeljko(config)#line con ?
<0-0>  First Line number
Zeljko(config)#line con 0
Zeljko(config-line)#password console
Zeljko(config-line)#login
Zeljko(config-line)#exit
Zeljko(config)#line vty ?
<0-15>  First Line number
Zeljko(config)#line vty 0 15
Zeljko(config-line)#password telnet
Zeljko(config-line)#login
Zeljko(config-line)#exit
Zeljko(config)#

Cisco_Pass

If I enter
Zeljko(config)#do show run
Passwords that I set can be seen in plain text

Cisco_Pass1

Cisco_Pass2

Command that needs to be run is:
Zeljko(config)#service password-encryption

After that, If we run show config and look at the configuration
Zeljko(config)#do show run
Passwords cannot be seen anymore

Cisco_Pass3

Cisco_Pass4

Other command that are great addition to your password setup are:
To configure the inactive session timeout on the console port or the virtual terminal, use the exec-timeout command.
Zeljko(config-line)#exec-timeout
When enabled on a console, logging synchronous causes all router status messages to be displayed on a new line.
Zeljko(config-line)#logging synchronous

 

Disclaimer