Different Types of password Protection on router (ccna lab)

This article is all about Router security.Here in this lab we will discuss about console password,auxiliary password,enable password,enable secret password,telnet password with telnet configuration,username with clear text password,username with encrypted password,service password-encryption on router.

So to demonstrate all above security on router I am going to use cisco packet Tracer software.This is one of important portion for ccna certification students and also important with networking  point of view because it is directly related with router security and as we all know Routers are the backbone of every IT company.

First thing i will do is Draw a topology diagram using packet Tracer and then show every security one by one.

passwords on router

So as you can easily see in above topology that I have taken two routers and configured default routing.


Now one by one I am going to implement all security policy on these Routers.

How to assign console password on router.


R1(config)#line console 0
R1(config-line)#password satish123
R1(config-line)#login
R1(config-line)#exit

How to assign aux password on  router


R1(config)#line aux 0
R1(config-line)#password 123
R1(config-line)#login

How to assign enable password


R1(config)#enable password ccna123

How to assign enable secret password.


R1(config)#enable secret ccna

How to encrypt all text password using service password-encryption command.


status of Router before running service  password encryption


R1#show run
Building configuration...Current configuration :
 873 bytes version 12.4 no service timestamps log datetime msec
no service timestamps debug datetime msec no service password-encryption

!
hostname R1
enable secret 5 $1$mERr$Bok4KDfVutXOJolNq009M/
enable password ccna123
username alex password 0 ccna12345
username ccna password 0 linux
username ccnp secret 5 $1$mERr$IHOzHv5eeqXHAtmE5NSgl1
username satish password 0 12345
interface FastEthernet0/0
ip address 1.0.0.1 255.0.0.0
duplex auto speed
 auto!
Interface FastEthernet0/1
ip address 2.0.0.1 255.0.0.0
ip classless
ip route 0.0.0.0 0.0.0.0 2.0.0.2
password satish123
Login
line aux 0
password 123
login
!line vty 0 4
login local

You can clearly see the all simple text format password.

hence we can say its still not secure completely.

Now make it encrypted and more secure go ahead and run the below command.


Now run service password-encryption command.


R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#service password-encryption

No status after running service password-encryption command


R1#show run
Building configuration...Current configuration : 926 bytes
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
hostname R1
enable secret 5 $1$mERr$Bok4KDfVutXOJolNq009M/
enable password 7 08224F4008485744
username alex password 7 08224F4008485744465E
username ccna password 7 082D45401C01
username ccnp secret 5 $1$mERr$IHOzHv5eeqXHAtmE5NSgl1
username satish password 7 08701E1D5D4C
interface FastEthernet0/0
ip address 1.0.0.1 255.0.0.0

duplex auto
speed auto
!interface FastEthernet0/1
ip address 2.0.0.1 255.0.0.0
duplex auto
speed auto
ip classless
ip route 0.0.0.0 0.0.0.0 2.0.0.2
line con 0
password 7 08324D5A000A0D464058
login
line aux 0
password 7 08701E1D
login
line vty 0 4
login local

now you can easily see all simple text passwords are encrypted now. and hence it is more secure than before now.

How to configure telnet on router with password protection.


R1(config)#username satish password 12345
R1(config)#username alex password ccna12345
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#exit

How to create local user and password database in simple text format on cisco router.


R1(config)#username ccna password linux

How to create username with encrypted password on cisco router.


R1(config)#username ccnp secret ccnp123

3 thoughts on “Different Types of password Protection on router (ccna lab)

  1. To add to password security flaws (service password-encryption is definitely your best friend), did you know you can see VTPv2 passwords with the commands “show vtp password” in plain text and even more info (including PW) in “more:vlan.dat” file output.

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.