As a network professional once you must be familiar with how to secure the Cisco Devices (router and switches) in possible ways either it is console-based, enable password, enable security or router auxiliary password. When the devices are to be accessed remotely it is required to configure Line password, while console password is required when the device is to be accessed through the console, keep in mind the first time devices are accessed through the console.

Setting a password on a network device should be the fundamental aim, not only a password but it should be a very strong password consisting of both alpha-numeric values and symbols.

In order to configure the console password, use the following command.

Configuring console password

Encrypting the password

Remember that by default CISCO devices did not encrypt the password and in case someone gets access to router configuration file all the password can be seen. In order to encrypt the password, use the following command in configuration mode.

Router # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#service password-encryption

Also, read…

How to protect the auxiliary port

The auxiliary port is used for connecting the device to an external modem, it is used to get dial-in access to the router, in order to protect the auxiliary port, use the following command.

Router# configure terminal

Router(config)#line aux 0

Router(config-line) #password C!SCO

How to protect VTY ports (Telnet ports)

VTY lines are virtual terminal lines that are being used to access the router remotely either through telnet or SSH. The Cisco router has sixteen (0-15) VTY lines enabling the 16 concurrent connection to be established.

Configuring VTY password

How to protect privileged mode

Privilege password is used in order to protect access to privileged mode.

security privilege mode

As the best security measure enables password command should not be used the reason behind it is that it used vigenere Cipher (a very simple algorithm) that can be cracked very easily.

If you are creating users do not use the command R1(config)# username abc password C! SC0 rather use R1(config)#username ABC secret C! SC0.

Enable secret provides better security as the password is encrypted by using the level-5 irreversible algorithm like MD5.

password protect privilege mode

Timeout for router-lines

to logout, the user from in-active line either from the console, auxiliary, or VTY the timeout for the line can be configured “exec-timeout minute second” command will terminate the in-active connection.

Router(config)#line vty 0 5

Router(config-line)#exec-timeout 5 20


Download How to Configure Password on Cisco Devices? in pdf – Click here