In this blog, we will discuss, How we can configure the password in our cisco devices for preventing unauthorized access.
IOS has a command hierarchy
- Router> – User (or EXEC) mode
- Router# – Privileged EXEC (or Enable) mode
Configuration modes
- Router(config)# – Global Configuration Mode.
- Router(config-if)# – Interface Configuration Mode.
- Router(config-router)# – Router Configuration Mode.
Once you will be in global configuration mode you are allowed to change anything you want.
Now let’s see how we can secure our cisco switch or router.
First, Let’s change the console password.
1. Console Password Setting.
Switch(config)#line console 0 Switch(config-line)#password cisco Switch(config-line)#login
Once you will configure a password (cisco) for console accessing and it will ask you the password next time when you will try to log in. Let’s log in and see.
Switch con0 is now available Press RETURN to get started. User Access Verification Password: Switch>
Username and Password configuration.
you can configure usernames and passwords instead of configuring only the password. This is a better option if you have multiple people that need to access your router or switch. Lets see it in CLI .
Switch(config)#line console 0 Switch(config-line)#login local Switch(config-line)#exit ! Switch(config)#username admin password cisco
Now let’s Verify.
Switch con0 is now available Press RETURN to get started. User Access Verification Username: admin Password: Switch>
Enable Mode Password Configuration.
we can set a password to enable the mode also.
Switch(config)#enable password cisco verification Switch>enable Password:
Password Encryption
By default, if you don’t encrypt the password, The password will show you in clear text when you will look at your running configuration . Let’s see it.
Switch#show running-config | include password enable password cisco
let’s configure the encryption and verify.
Switch(config)#service password-encryption Switch#show running-config | include password service password-encryption enable password 7 13061E010803 username admin password 7 110A1016141DNow
Enable Secret.
The main difference is that,
Enable password – it will enable a password that is based on a clear text, unlike,
Enable secret – it will enable a password and password encryption that is based on the md5 hashing algorithm. This is is the most recommended command to supply while enabling a password to any cisco network devices.
Now let’s configure and verify .
Switch(config)#enable secret cisco Switch#show running-config | include secret enable secret 5 $1$CANW$U9Y8O6KeFhrFR4l1Qo07h/
you can change the hashing algorithm if you want. the default is MD5.
Switch(config)#enable algorithm-type ? md5 Encode the password using the MD5 algorithm scrypt Encode the password using the SCRYPT hashing algorithm sha256 Encode the password using the PBKDF2 hashing algorithm