This objective covers the five different password types, how to configure them, how to place router identifiers such as the router’s hostname, and how to configure a banner.
Critical Information
There are five different types of passwords used in securing Cisco routers: enable secret, enable, virtual terminal (VTY), auxiliary, and console. These are their functions:
Enable Secret Password
This is a one-way cryptographic secret password used in versions 10.3 and up. It takes precedence over the enable password. You can configure it when setting up your router or at any time after that.
Enable Password
This is used when there is no enable secret password, and when you are using older software and some boot images. The administrator manually encrypts it. You can define this within setup mode or anytime after that.
Virtual Terminal (VTY) Password
This is used for Telnet sessions to the router. You can change the VTY password at any time, but it must be specified or you won’t be able to telnet to the router. You can specify this type of password during setup or anytime after that.
Auxiliary Password
This is used for the auxiliary port, which is used to connect a modem to a router for remote console connections. This must be set up manually.
Console Password
This is used for the console port, and sets up a password for anyone who connects directly to your router’s console port. It must be set up manually.
MOTD Banner
The MOTD (message of the day) banner, configured with the banner motd command, is the first message displayed when any user connects to the router.
Router Identification
A router’s identifying information consists of two things: its hostname and its interface. You can set an interface description by using the description command.
Hostname
You can change the hostname your router displays by using the hostname command. For example, to change the name of a router to RouterC, you would type hostname RouterC.
Necessary Procedures
You need to practice some commands. This section reviews the processes for setting passwords, the MOTD banner, and the hostname, and for setting the identification of an interface using the description command.
Setting Passwords
The following examples show how to set Cisco router passwords. Of course, you should choose your own passwords in place of the ones used in the examples.
Enable Secret Password
To set the enable secret password, type the following commands:
Router#config t
Enter configuration commands, one per line. End Æ’with CNTL/Z.
Router(config)#enable secret sean
Router(config)#^Z
Enable Password
To set the enable password, type the following commands:
Router#config t
Enter configuration commands, one per line. End with Æ’CNTL/Z.
Router(config)#enable password sean
The enable password you have chosen is the same as your Æ’enable secret.
This is not recommended. Re-enter the enable password.
Router(config)#enable password sean
Router(config)#^Z
Notice that if you type the same password as the enable secret password, you get a warning message. If, despite the warning, you choose the same password again, the router would accept it but neither the secret nor the enable password would work. Can you say password recovery?
Virtual Terminal (VTY) Password
To set your VTY password, type the following commands:
Router#config t
Enter configuration commands, one per line. End Æ’with CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password sean1
Router(config-line)#^Z
The command line vty 0 4 specifies the number of Telnet sessions allowed in the router. You can also set up a different password for each line by typing line vty port number. The login command tells the router to prompt for a assword. If no login command is used, users can gain access via the VTY port without being prompted for a password.
Auxiliary Password
To set the auxiliary password, use the following commands:
Router#config t
Enter configuration commands, one per line. End Æ’with CNTL/Z.
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password sean2
Router(config-line)#^Z
Console Password
Finally, to set the console password, use these commands:
Router#config t
Enter configuration commands, one per line. End Æ’with CNTL/Z.
Router(config)#line con 0
Router(config-line)#login
Router(config-line)#password sean3
Router(config-line)#^Z
Configuring Banners
You can add a MOTD banner that is displayed whenever anyone logs in to your Cisco router. The command is banner motd delimiter. You must start the banner with a delimiting character of your choice. Here¡¯s an example using the octothorp (#) as a delimiter:
RouterC(config)#banner motd #
Enter TEXT message. End with the character ‘#’.
If you are not authorized to be in Acme’s router, Æ’log out immediately! Violators will be prosecuted!
#[Enter]
RouterC(config)#end
The output for this example will look like this when users either telnet to the router or connect to a console port:
Router con0 is now available
Press ENTER to get started.
If you are not authorized to be in Acme.com router, Æ’log out immediately!
User Access Verification
Password:
This output shows an example of what you’d see when connecting to your router’s console port. It tells you that the router is available, and then to press Enter to get started. You will see the MOTD banner and then be asked for the user-mode password, if one is configured.
Changing Router Identification
You can change the name your router displays by using the hostname command. For example, to change the name of a router to RouterC, type the following commands:
Router#config t
Enter configuration commands, one per line. End Æ’with CNTL/Z.
Router(config)#hostname RouterC
RouterC(config-line)#^Z
Notice that there is no space in the command hostname.
Related posts:
- Control Router Passwords
- Initial Configuration in Router Using the Setup Command
- Log in to a Router in Both User and Privileged Modes
- Manage Router Configuration Files from the Privileged EXEC Mode
- Examine Router Elements
- Context-Sensitive Help Facility
- Command History and Editing Features
- Configure IP Addresses
- Monitor and Verify Selected Access list Operations on the Router
- Commands to Monitor Frame Relay Operation in the Router
