Day-23: Securing Cisco Devices By Configuring Passwords.

By | June 7, 2022

In this blog, we will discuss, How we can configure the password in our cisco devices for preventing unauthorized access.

IOS has a command hierarchy

  • Router> – User (or EXEC) mode
  • Router# – Privileged EXEC (or Enable) mode

Configuration modes

  • Router(config)#  – Global Configuration Mode.
  • Router(config-if)# – Interface Configuration Mode.
  • Router(config-router)#     – Router Configuration Mode.

Once you will be in global configuration mode you are allowed to change anything you want.

Now let’s see how we can secure our cisco switch or router.

First, Let’s change the console password.

1. Console Password Setting.

Switch(config)#line console 0
Switch(config-line)#password cisco          
Switch(config-line)#login

Once you will configure a password (cisco) for console accessing and it will ask you the password next time when you will try to log in. Let’s log in and see.

Switch con0 is now available

Press RETURN to get started.

User Access Verification

Password: 
Switch>

Username and Password configuration.

you can configure usernames and passwords instead of configuring only the password. This is a better option if you have multiple people that need to access your router or switch. Lets see it in CLI .

Switch(config)#line console 0
Switch(config-line)#login local
Switch(config-line)#exit
!
Switch(config)#username admin password cisco

Now let’s Verify.

Switch con0 is now available

Press RETURN to get started.

User Access Verification

Username: admin
Password: 
Switch>

Enable Mode Password Configuration.

we can set a password to enable the mode also.

Switch(config)#enable password cisco

verification

Switch>enable
Password:

Password Encryption

By default, if you don’t encrypt the password, The password will show you in clear text when you will look at your running configuration . Let’s see it.

Switch#show running-config | include password

enable password cisco

let’s configure the encryption and verify.

Switch(config)#service password-encryption


Switch#show running-config | include password
service password-encryption
enable password 7 13061E010803
username admin password 7 110A1016141DNow 

Enable Secret.

The main difference is that,

Enable password – it will enable a password that is based on a clear text, unlike,

Enable secret – it will enable a password and password encryption that is based on the md5 hashing algorithm. This is is the most recommended command to supply while enabling a password to any cisco network devices.

Now let’s configure and verify .

Switch(config)#enable secret cisco

Switch#show running-config | include secret
enable secret 5 $1$CANW$U9Y8O6KeFhrFR4l1Qo07h/

you can change the hashing algorithm if you want. the default is MD5.

Switch(config)#enable algorithm-type ?
  md5     Encode the password using the MD5 algorithm
  scrypt  Encode the password using the SCRYPT hashing algorithm
  sha256  Encode the password using the PBKDF2 hashing algorithm

Leave a Reply

Your email address will not be published.