How to configure passwords to secure Cisco Router.

Posted: March 5, 2017 in CCNA
Tags: , , , ,

Working as a Network Admin or Network engineer you need to know how to secure router and switches.here in this article we will learn how to secure cisco router. Securing cisco router means secure it in all the possible way, whether it is console based security by providing console password or enable password security or enable secret security.you also should configure router auxiliary password.When we talk about securing router from remote users or users in network then we must configure telnet password and ssh password along with all above passwords.

How to limit password length on Cisco router.

 

r1(config)#security passwords min-length 9

r1(config)#username satish password redhat

% Password too short - must be at least 9 characters. Password not configured.

r1(config)#username satish password redhat123456

Now you can see you cannot assign password whose lenght is less than 9 character.

 

How to password protect Console Port.

To configure the console password, follow these steps.

 

Router(config)# line console 0
 Router(config-line)# password CISCO
 Router(config-line)# login
 Router(config-line#Ctrl-Z
 Router#
How to password protect Auxilary (AUX Port) Port

 

To configure the auxilary password, follow these steps.

 Router#config t
 Router(config)#line aux 0
 Router(config-line)#password cisco
 Router(config-line)#login
 Router(config-line)# Ctrl-Z
 Router#
How to password protect VTY Ports (Telnet Ports)

 

Configuring the VTY password is very similar to doing the Console and Aux ones. The only difference is that there are 5 VTY virtual ports, which are named 0, 1, 2, 3, and 4. You can use the shortcut 0 4 (a zero, a space, and 4) to set all 5 passwords at the same time.

To configure the VTY password, follow these steps.
 Router#config t
 Router(config)#line vty 0 4
 Router(config-line)#password cisco
 Router(config-line)#login
 Router(config-line)# Ctrl-Z
 Router#
How to password protect Privileged Mode

 

The Enable Password is the old form of the password for “Privileged Mode”. Here the password is stored un-encrypted.

 Router#config t
 Router(config)#enable password cisco
 Router(config-line)# Ctrl-Z
 Router#
Enable Secret provides better security since password is kept encrypted.

 

Router#config t
 Router(config)#enable secret cisco
 Router(config-line)# Ctrl-Z
 Router#

 

 

Encrypting Passwords

 

You want to encrypt passwords so that they do not appear in plain-text in the router configuration file.

To enable password encryption on a router, use the service password-encryption configuration command:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#enable password ccna123
Router(config)#line vty 0 4
Router(config-line)#password ccna
Router(config-line)#line con 0
Router(config-line)#password linux
Router(config-line)#line aux 0
Router(config-line)#password hacking
Router(config-line)#exit
Router(config)#service password-encryption
Router(config)#end
Router#
router security


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s