This article is all about Router security.Here in this lab we will discuss about console password,auxiliary password,enable password,enable secret password,telnet password with telnet configuration,username with clear text password,username with encrypted password,service password-encryption on router.

So to demonstrate all above security on router I am going to use cisco packet Tracer software.This is one of important portion for ccna certification students and also important with networking  point of view because it is directly related with router security and as we all know Routers are the backbone of every IT company.

First thing i will do is Draw a topology diagram using packet Tracer and then show every security one by one.

passwords on router

So as you can easily see in above topology that I have taken two routers and configured default routing.

Now one by one I am going to implement all security policy on these Routers.

 

How to assign console password on router.

R1(config)#line console 0

R1(config-line)#password satish123

R1(config-line)#login

R1(config-line)#exit

 

How to assign aux password on  router

R1(config)#line aux 0

R1(config-line)#password 123

R1(config-line)#login

 

How to assign enable password

R1(config)#enable password ccna123

 

How to assign enable secret password.

R1(config)#enable secret ccna

 

How to encrypt all text password using service password-encryption command.

status of Router before running service  password encryption

 

R1#show run

Building configuration...

Current configuration : 873 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname R1



enable secret 5 $1$mERr$Bok4KDfVutXOJolNq009M/

enable password ccna123



username alex password 0 ccna12345

username ccna password 0 linux

username ccnp secret 5 $1$mERr$IHOzHv5eeqXHAtmE5NSgl1

username satish password 0 12345



interface FastEthernet0/0

ip address 1.0.0.1 255.0.0.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 2.0.0.1 255.0.0.0



!

ip classless

ip route 0.0.0.0 0.0.0.0 2.0.0.2

 0

password satish123

login

!

line aux 0

password 123

login

!

line vty 0 4

login local

 

You can clearly see the all simple text format password.

hence we can say its still not secure completely.

Now make it encrypted and more secure go ahead and run the below command.

 

Now run service password-encryption command.

R1#config t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#service password-encryption

 

No status after running service password-encryption command

R1#show run

Building configuration...

Current configuration : 926 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

service password-encryption

!

hostname R1

!

!

!

enable secret 5 $1$mERr$Bok4KDfVutXOJolNq009M/

enable password 7 08224F4008485744



username alex password 7 08224F4008485744465E

username ccna password 7 082D45401C01

username ccnp secret 5 $1$mERr$IHOzHv5eeqXHAtmE5NSgl1

username satish password 7 08701E1D5D4C



interface FastEthernet0/0

ip address 1.0.0.1 255.0.0.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 2.0.0.1 255.0.0.0

duplex auto

speed auto




ip classless

ip route 0.0.0.0 0.0.0.0 2.0.0.2

!

i

line con 0

password 7 08324D5A000A0D464058

login

!

line aux 0

password 7 08701E1D

login

!

line vty 0 4

login local

 

now you can easily see all simple text passwords are encrypted now. and hence it is more secure than before now.

How to configure telnet on router with password protection.

R1(config)#username satish password 12345

R1(config)#username alex password ccna12345

R1(config)#line vty 0 4

R1(config-line)#login local

R1(config-line)#exit


How to create local user and password database in simple text format on cisco router.

R1(config)#username ccna password linux

 

How to create username with encrypted password on cisco router.

R1(config)#username ccnp secret ccnp123

 

Advertisements
Comments
  1. Loopy says:

    To add to password security flaws (service password-encryption is definitely your best friend), did you know you can see VTPv2 passwords with the commands “show vtp password” in plain text and even more info (including PW) in “more:vlan.dat” file output.

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.