Wednesday, May 12, 2010

Configuring router passwords

Configuring router passwords
3.1.3 This page will explain how router passwords are configured and why they are important.


Passwords restrict access to routers. Passwords should always be configured for virtual terminal (vty) lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.

The following commands are used to set an optional but recommended password on the console line:

Router(config)#line console 0

Router(config-line)#login

Router(config-line)#password

A password must be set on one or more of the vty lines for users to gain remote access to a router through Telnet. Most Cisco routers support five vty lines numbered 0 through 4. Other hardware platforms support different numbers of vty connections. The same password is generally used for all vty lines. However, a unique password can be set for one line to provide a fall-back entry to the router if the other four connections are in use. The following commands are used to set a password on vty lines:

Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password

The enable password and enable secret commands are used to restrict access to the privileged EXEC mode. The enable password is only used if the enable secret has not been set. The enable secret command should be used because the enable secret command is encrypted. The enable password command is not encrypted. The following commands are used to set the passwords:

Router(config)#enable password
Router(config)#enable secret

Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands. This command is used to encrypt passwords in configuration output:

Router(config)#service password-encryption

The service password-encryption command applies a weak encryption to all unencrypted passwords. The enable secret command uses a strong MD5 algorithm for encryption.

The next page will examine show commands.

No comments:

Post a Comment