Setting Router Passwords
The router has a number of ports that allow access to the router, on each of
these ports you can specify passwords to provide a layer of security to the
router. There is also the option of disabling login password checking to
any of the ports by entering the command to get to the Router(config-line)#
section of the port and entering the no login command. In the
examples the password is set to ccna with the enable secret password set
to ccna2.
- Setting the enable and enable secret password:
- Router(config)#enable ccna
- Router(config)#enable secret ccna2
The enable secret password is the password you use to
gain access to enable mode and to the global configuration mode on the
router and is encrypted. The enable password is used when you do not
specify a enable secret password. The enable password should be
different from the enable secret password.
- Setting the auxiliary port password:
- Router(config)#line aux 0
- Router(config-line)#login
- Router(config-line)#password ccna
The auxiliary port is on the back of the router and is
commonly used to connect a modem to. It is used to allow a remote user
access to the configuration of the router. If a modem is connected to the
port, it should definitely have a password specified for it.
- Setting the console password:
- Router(config)#line con 0
- Router(config-line)#login
- Router(config-line)#password ccna
The console port is also on the back of the router and is
used to directly connect a console to the router for configuring the router.
The console is usually a PC running a program like HyperTerminal set to 8 N 1.
The PC connects to the console port from the PC's COM port, the COM port uses a
9 pin to RJ45 connector, the connector uses a rolled CAT 5 cable (reversed on
one end) to connect to the RJ45 port on the back of the router. This port
should allow logins with passwords if the router is physically secured.
The port should be disabled if it is not regularly used or the router is not
securable. This port can be very useful especially when configuring a new
router or a corrupted router as you don't have to rely on IP addresses being
correct or the interfaces being up.
- Setting the Virtual Terminal (Telnet) password:
- Router(config)#line vty 0 4
- Router(config-line)#login
- Router(config-line)#password ccna
The vty ports are specified with the command line vty
0 4 depending on your router you might have more than five (0,1,2,3,4)
virtual terminals available, in that case use the command line vty 0 X
where X is the number of terminals -1. You can also specify less than the
maximum, which will limit the number of sessions that can exist on the router.
The Virtual Terminal ports are just that, virtual, as you can't physically see
them. They are the ports that allow users to remotely access the router.
If they are enabled then anyone on any of the networks that the router knows
about can attempt to login. If you aren't going to be doing remote
configurations on the router yourself, the vty ports should be disabled and the
console port should be enabled. You can also apply a standard IP access
list to the VTY ports.
|
Longest
Duration Camp
