How to Set Cisco Router Passwords, Setup Enable, Secret, Auxiliary, Console and Telnet Password
Securing Router using passwords: How to Set Cisco Router Passwords, Setup Enable, Secret, Auxiliary, Console and Telnet Password
Routers play a vital role in the network. If a router is compromised with vulnerability, one can gain access over the entire network with ease. Hence protecting a router from the unauthorized people accessing it is very important.
Securing router using passwords is one of the best ways to protect router from attacks. A hacker can access a router in anyone of the following ways:
- Access through console port
- Access through Auxiliary port
- Access through telnet session
It is important to block the access of unauthorized people to routers. Hence they must be password protected.
Assigning password to console port:
To enter a router using console, we must have a direct connection with router using roll over cable. This can be done most of the time people from inside the organization. To assign a password to console port, follow the following steps
CISCO-ROUTER> enable (enter Privileged EXEC mode from user EXEC mode)
CISCO-ROUTER# configure terminal (enter global configuration mode)
CISCO-ROUTER (config)# line console 0 (enter line configuration mode)
CISCO-ROUTER (config-line)# password <desired password>
CISCO-ROUTER (config-line)# login
CISCO-ROUTER (config-line)# end ( this command helps you to go directly to the Privileged EXEC mode)
Login command states router that it has to ask for a password if someone wants to have access over the router using console port.
Assigning password to auxiliary port:
Auxiliary port is used to have a console connection when the router is in remote location. Auxiliary port can be secured using password by using following commands
CISCO-ROUTER> enable
CISCO-ROUTER# configure terminal
CISCO-ROUTER (config)# line aux 0
CISCO-ROUTER (config-line)# password <desired password>
CISCO-ROUTER (config-line)# login
CISCO-ROUTER (config-line)# end
Assigning password to telnet session:
More often administrators access routers using remote connection protocols like telnet, ssh etc. Telnet transfers data as plain text, hence not very secured. To restrict unauthorized access using telnet, we must assign a password over vty lines. Telnet uses five lines from 0 to 4. To configure password over all the line,
CISCO-ROUTER> enable
CISCO-ROUTER# configure terminal
CISCO-ROUTER (config)# line vty 0 4
CISCO-ROUTER (config-line)# password <desired password>
CISCO-ROUTER (config-line)# login
CISCO-ROUTER (config-line)# end
Privileged EXEC mode provides total access over router. If once passes the passwords check before we can restrict them entering them from User EXEC mode to privileged EXEC mode by assigning password.
CISCO-ROUTER# configure terminal
CISCO-ROUTER (config)# enable password CISCO
CISCO is the assigned password.
We can also assign an encrypted password using the command
CISCO-ROUTER(config)# enable secret CISCO
All the configurations done are saved in running configuration file. These configurations have to be saved in startup configuration file. To do that,
CISCO-ROUTER# write memory
Note: The above command saves running configuration in to startup configuration file .
Read more
- How to Set Hostname, MOTD Banner and Router DNS Lookup on Cisco Router
- Cisco Router Show Commands Cheat Sheet
- Short cut keys in Command Line Interface of IOS of Cisco Router and Switch
- Interface Naming Convention of Cisco Router