How to Set Cisco Router Passwords, Setup Enable, Secret, Auxiliary, Console and Telnet Password

Securing Router using passwords: How to Set Cisco Router Passwords, Setup Enable, Secret, Auxiliary, Console and Telnet Password

Routers play a vital role in the network. If a router is compromised with vulnerability, one can gain access over the entire network with ease. Hence protecting a router from the unauthorized people accessing it is very important.

Securing router using passwords is one of the best ways to protect router from attacks. A hacker can access a router in anyone of the following ways:

  1. Access through console port
  2. Access through Auxiliary port
  3. Access through telnet session

It is important to block the access of unauthorized people to routers. Hence they must be password protected.

Assigning password to console port:

To enter a router using console, we must have a direct connection with router using roll over cable. This can be done most of the time people from inside the organization. To assign a password to console port, follow the following steps

CISCO-ROUTER> enable (enter Privileged EXEC mode from user EXEC mode)

CISCO-ROUTER# configure terminal (enter global configuration mode)

CISCO-ROUTER (config)# line console 0 (enter line configuration mode)

CISCO-ROUTER (config-line)# password <desired password>

CISCO-ROUTER (config-line)# login

CISCO-ROUTER (config-line)# end ( this command helps you to go directly to the Privileged EXEC mode)

Login command states router that it has to ask for a password if someone wants to have access over the router using console port.

Assigning password to auxiliary port:

Auxiliary port is used to have a console connection when the router is in remote location. Auxiliary port can be secured using password by using following commands

CISCO-ROUTER> enable

CISCO-ROUTER# configure terminal

CISCO-ROUTER (config)# line aux 0

CISCO-ROUTER (config-line)# password <desired password>

CISCO-ROUTER (config-line)# login

CISCO-ROUTER (config-line)# end

Assigning password to telnet session:

More often administrators access routers using remote connection protocols like telnet, ssh etc. Telnet transfers data as plain text, hence not very secured. To restrict unauthorized access using telnet, we must assign a password over vty lines. Telnet uses five lines from 0 to 4. To configure password over all the line,

CISCO-ROUTER> enable

CISCO-ROUTER# configure terminal

CISCO-ROUTER (config)# line vty 0 4

CISCO-ROUTER (config-line)# password <desired password>

CISCO-ROUTER (config-line)# login

CISCO-ROUTER (config-line)# end

Privileged EXEC mode provides total access over router. If once passes the passwords check before we can restrict them entering them from User EXEC mode to privileged EXEC mode by assigning password.

CISCO-ROUTER# configure terminal

CISCO-ROUTER (config)# enable password CISCO

CISCO is the assigned password.

We can also assign an encrypted password using the command

CISCO-ROUTER(config)# enable secret CISCO

All the configurations done are saved in running configuration file. These configurations have to be saved in startup configuration file. To do that,

CISCO-ROUTER# write memory

Note: The above command saves running configuration in to startup configuration file .

Read more

   CCNA Tutorial

   CCNA Practice Test