One of the basic configurations when setting up a Cisco Router or a Cisco Switch is setting the passwords. This includes, setting the passwords for the Console, Telnet/SSH and the Enable (Enable Secret)
The following procedure will help starters set up passwords in Cisco Routers and Switches running Cisco IOS.
Enable Password Encryption
By default, except for the "enable secret" password, all other passwords are stored in blank texts in the running config. So, anyone who gets access to the Privilege EXEC mode has access to all passwords. This can be prevented by a global configuration which encrypts all passwords in the running-config.
From the Global Configuration mode
ciscorouter# conf term
ciscorouter(config)# service password-encryption
Set Console Password
Enter the Line Console configuration mode
ciscorouter# conf term
ciscorouter(config)# line con 0
Enable Login and set password
ciscorouter(config-line)# login
ciscorouter(config-line)# password MyConsolePassword
where "MyConsolePassword" is the password. Set something that is more secure.
Set Telnet/SSH password
If you are using SSH or Telnet to logon to the Cisco Routers or Switches remotely then it is important to set the password for this access
ciscorouter# conf term
ciscorouter(config)# line vty 0 4
ciscorouter(config-line)# login
ciscorouter(config-line)# password MyRemotePassword
where "MyRemotePassword" is the password. The above will enable logins and set the passwords for the remote consoles "0" to "4". In simple terms, the first 5 terminal connections are set and passwords are assigned. However, the newer versions have upto 16 terminal consoles. These can also be set with the same passwords or with a different set of passwords.
ciscorouter# conf term
ciscorouter(config)# line vty 5 15
ciscorouter(config-line)# login
ciscorouter(config-line)# password MyOtherRemotePassword
Enable Password
The enable password is required to be set to protect the Privilege Exec mode. Also, Privilege Exec mode will not be accesible if the enable password is not set.
From the global configuration mode
ciscorouter# conf term
ciscorouter(config)# enable password MyEnablePassword
However, it is even more secure to set an encrypted password for the Enable login.
Set Enable Secret Password
ciscorouter# conf term
ciscorouter(config)# service password-encryption
Set Console Password
Enter the Line Console configuration mode
ciscorouter# conf term
ciscorouter(config)# line con 0
Enable Login and set password
ciscorouter(config-line)# login
ciscorouter(config-line)# password MyConsolePassword
where "MyConsolePassword" is the password. Set something that is more secure.
Set Telnet/SSH password
If you are using SSH or Telnet to logon to the Cisco Routers or Switches remotely then it is important to set the password for this access
ciscorouter# conf term
ciscorouter(config)# line vty 0 4
ciscorouter(config-line)# login
ciscorouter(config-line)# password MyRemotePassword
where "MyRemotePassword" is the password. The above will enable logins and set the passwords for the remote consoles "0" to "4". In simple terms, the first 5 terminal connections are set and passwords are assigned. However, the newer versions have upto 16 terminal consoles. These can also be set with the same passwords or with a different set of passwords.
ciscorouter# conf term
ciscorouter(config)# line vty 5 15
ciscorouter(config-line)# login
ciscorouter(config-line)# password MyOtherRemotePassword
Enable Password
The enable password is required to be set to protect the Privilege Exec mode. Also, Privilege Exec mode will not be accesible if the enable password is not set.
From the global configuration mode
ciscorouter# conf term
ciscorouter(config)# enable password MyEnablePassword
However, it is even more secure to set an encrypted password for the Enable login.
ciscorouter(config)# enable secret MySecretPassword
This encrypts the password and directly overides the "Enable" password and is encrypted.