Skip to main content

Configuring router passwords

Configuring router passwords
3.1.3 This page will explain how router passwords are configured and why they are important.


Passwords restrict access to routers. Passwords should always be configured for virtual terminal (vty) lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.

The following commands are used to set an optional but recommended password on the console line:

Router(config)#line console 0

Router(config-line)#login

Router(config-line)#password

A password must be set on one or more of the vty lines for users to gain remote access to a router through Telnet. Most Cisco routers support five vty lines numbered 0 through 4. Other hardware platforms support different numbers of vty connections. The same password is generally used for all vty lines. However, a unique password can be set for one line to provide a fall-back entry to the router if the other four connections are in use. The following commands are used to set a password on vty lines:

Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password

The enable password and enable secret commands are used to restrict access to the privileged EXEC mode. The enable password is only used if the enable secret has not been set. The enable secret command should be used because the enable secret command is encrypted. The enable password command is not encrypted. The following commands are used to set the passwords:

Router(config)#enable password
Router(config)#enable secret

Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands. This command is used to encrypt passwords in configuration output:

Router(config)#service password-encryption

The service password-encryption command applies a weak encryption to all unencrypted passwords. The enable secret command uses a strong MD5 algorithm for encryption.

The next page will examine show commands.

Comments

Post a Comment

Popular posts from this blog

OSI layers / Peer-to-peer communications / TCP/IP model

OSI layers 2.3.4 This page discusses the seven layers of the OSI model. The OSI reference model is a framework that is used to understand how information travels throughout a network. The OSI reference model explains how packets travel through the various layers to another device on a network, even if the sender and destination have different types of network media. In the OSI reference model, there are seven numbered layers, each of which illustrates a particular network function. - Dividing the network into seven layers provides the following advantages: • It breaks network communication into smaller, more manageable parts. • It standardizes network components to allow multiple vendor development and support. • It allows different types of network hardware and software to communicate with each other. • It prevents changes in one layer from affecting other layers. • It divides network communication into smaller parts to make learning it easier to understand. In the foll...
Post a Comment
Read more

Advantages and disadvantages of link-state routing

Advantages and disadvantages of link-state routing 2.1.5  This page lists the advantages and disadvantages of link-state routing protocols. The following are advantages of link-state routing protocols:  Link-state protocols use cost metrics to choose paths through the network. The cost metric reflects the capacity of the links on those paths. Link-state protocols use triggered updates and LSA floods to immediately report changes in the network topology to all routers in the network. This leads to fast convergence times. Each router has a complete and synchronized picture of the network. Therefore, it is very difficult for routing loops to occur. Routers use the latest information to make the best routing decisions. The link-state database sizes can be minimized with careful network design. This leads to smaller Dijkstra calculations and faster convergence. Every router, at the very least, maps the topology of it...
Post a Comment
Read more

Ports for services

Ports for services 10.2.2  Services running on hosts must have a port number assigned to them so communication can occur. A remote host attempting to connect to a service expects that service to use specific transport layer protocols and ports. Some ports, which are defined in RFC 1700, are known as the well-known ports. These ports are reserved in both TCP and UDP.  These well-known ports define applications that run above the transport layer protocols. For example, a server that runs FTP will use ports 20 and 21 to forward TCP connections from clients to its FTP application. This allows the server to determine which service a client requests. TCP and UDP use port numbers to determine the correct service to which requests are forwarded. The next page will discuss ports in greater detail.
Post a Comment
Read more