Setting Passwords: - There are five passwords used to
secure your Cisco routers: console, auxiliary, telnet (VTY), enable password,
and enable secret.
Enable Passwords
You set the enable passwords from global configuration mode like
this:
Router(config)#enable ?
last-resort :- Define enable action if no
TACACS servers
respond
Password:- Assign the privileged level password
Secret:- Assign the privileged level secret
use-tacacs:- Use TACACS to check enable
passwords
The following points describe the enable password parameters:
Last-resort:- Allows you to still enter the router if you set up authentication
through a TACACS
server and it’s not available. But it isn’t used if the TACACS
server is working.
Password :- Sets the enable password on older,
pre-10.3 systems, and isn’t ever used if an enable
secret is set.
Secret :- encrypted password that overrides the enable
password if it’s set.
Use-tacacs This tells the router to authenticate
through a TACACS server. It’s convenient if you
have anywhere from a dozen to multitudes of routers, because,
well, would you like to face the fun
task of changing the password on all those routers? If you’re
sane, no, you wouldn’t. So instead,
just go through the TACACS server, and you only have to change the
password:
Router(config)#enable secret cisco
User mode password:- User-mode passwords are assigned by
using the line command:
Router(config)#line ?
<0-70> First Line number
aux Auxiliary line
console Primary terminal line
tty Terminal controller
vty Virtual terminal
Auxiliary Password
To configure the auxiliary password, go into global configuration
mode and type line
aux ?.
Router#config t
Enter configuration commands, one per line. End with
CNTL/Z.
Router(config)#line aux ?
<0-0> First Line number
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password cisco
It’s important to remember
the login command, or the auxiliary port won’t
prompt for
Authentication.
Console Password
To set the console password, use the line console 0 command.
Router(config)#line console 0
Router(config-line)#
password cisco1
Router(config-line)#
login
Additional Commands
Router(config)#line con 0
Router(config-line)#exec-timeout ?
<0-35791>
Timeout in minutes
Router(config-line)#exec-timeout 0 ?
<0-2147483>
Timeout in seconds
<cr>
Router(config-line)#exec-timeout 0 0
Router(config-line)#logging synchronous
The exec-timeout
0 0 command sets the
timeout for the console EXEC session to zero, which basically means to never
time out. The default timeout is 10 minutes
Logging synchronous stops annoying console messages from popping up and disrupting the
input you’re
trying to type. The messages still pop up, but you are returned to
your router prompt without your input interrupted.
Telnet Password
To set the user-mode password for Telnet access into the router
use the following command
Router(config-line)#line vty 0 ?
<1-4> Last
Line Number
<cr>
Router(config-line)#line vty 0 4
Router(config-line)#
password cisco2
Router(config-line)#
login
Encrypting Your Passwords
By default only secret password is
encrypted, all other passwords are in plain text. To encrypt all passwords we
have use following command
Router(config)#service password-encryption
No comments:
Post a Comment