How to set passwords on Cisco Router
How to set passwords on Cisco Router
The router can be made secure by preventing others from accessing it. The first step towards security is to make it password protected at all the connections. The password authentication can be done at user level, console and telnet.
- User level password
Norman_Router> enable
Norman_Router# configure terminal
Norman_Router(Config)# enable password norman123
Norman_Router(Config)# enable secret norman123 (recommended)
What is the difference between the “password” and “secret”?
In password, the password string “norman123” gets encrypted, and it is stored in the router’s running-config. These Encrypted Strings can also be decrypted, which means the attacker can attack if you have kept the password. While in secret, the secret string “norman123” is converted to HASH, which is irreversible – which means it cannot be revealed by reversing the formula. Secret is more secure, and there are no changes to crack the HASH Code, because no one in the world has cracked the HASH Code. I recommend you use “secret” instead of “password”.
Verifying the Password
Norman_Router(Config)# exit
Norman_Router# exit
Norman_Router>enable
Password:norman123 (after entering this secret you will able to access privilege mode)
Norman_Router#
- Console and Telnet password
For Console password
Norman_Router# configure terminal
Norman_Router(Config)# line console 0
Norman_Router(Config-line)#password norcon123 (using different passwords for different connections increases the security)
Norman_Router(Config-line)# login (verifying password at login time)
Norman_Router(config-line)# exit
For Telnet
Norman_Router# configure terminal
Norman_Router(Config)# line vty 0 1 ( 0 1 which means two lines are open at a time, so two people can access the router through telnet simultaneously.)
Norman_Router(config-line)#password nortel123 (using different passwords for different connections increases the security)
Norman_Router(Config-line)# login (verifying password at login time)
Norman_Router(config-line)# exit
After this
Norman_Router(Config)# service password-encryption
(which will encrypt the above simple password)
Console and Telnet interface do not allow to enter “Secret”.
Verifying the CONSOLE Passwords
Norman_Router(Config)#exit
Norman_Router#exit
User Access Verification
Password:norcon123 (entering the console password)
Norman_Router> enable
Password:norman123 (entering the secret password)
Norman_Router#
Verifying the TELNET Passwords
The telnet password can work with devices with telnet enabled on them. From a PC, we can access the router, and also configure it through a TELNET port, but only from those which are connected with that router.
As shown below: Accessing the router from Norman Laptop:
It will prompt you to enter TELNET password – i.e., nortel123.
From the PC command prompt:
PC> telnet 192.168.1.1 (which is IP address of Norman_Router)
Trying 192.168.1.1 ……Open
User Access Verification
Password: nortel123 (TELNET password)
Norman_Router> enable
Password:norman123 (Router Secret password)
Norman_Router#
Read more
- What is IOS
- Router Memory
- Router Startup
- Understanding of Router Prompts
- Help Features of Router
- How to Configure Hostname, Clock and set banner on Cisco Router
- Configuring Fast Ethernet and Serial Interfaces on Cisco Router
- How to save router configurations
- How to Backup Cisco Router IOS
- Cisco Router Password Recovery
- Router IOS Commands and Basic Router Configuration
- Access Lists