The five main passwords of the Cisco IOS are:

• Console
• Aux
• VTY
• Enable password
• Enable secret

Console

If you have no password set on the router’s console, by default, you can access user mode (and then on to the other modes if no passwords are set there either). The console port is where you would initially start to configure a new router. It is critical to set a password on the console port of the router to protect someone from physically walking up to the router, connecting, and gaining access to user mode (and, potentially, much more).

Because there is only one console port per router, you would use the command line console 0 in global configuration mode, and then use the login and passwordcommands to finish up the configuration. The command, login, tells the router to look under the console line configuration for the password. The command, password, sets the actual password.

Here is what it looks like:

Router# config t

Router(config)# line console 0

Router(config-line)# password SecR3t!pass

Router(config-line)# login

Note: Complex passwords are important to keep someone from guessing your password.

Aux

This is short for auxiliary port. This is also a physical access port on the router. Not all routers have this port. As the aux port is a backup configuration port for the console, it is equally important to configure a password on it.

Router# config t

Router(config)# line aux 0

Router(config-line)#password SecR3t!pass

Router(config-line)# login

VTY

The “virtual tty” line is not a physical connection, but a virtual connection. You would use this line to Telnet or SSH into the router . As different routers and switches can have a different number of vty ports, you should see how many you have before you configure them. To do this, just type line ? in privileged mode.

Here’s an example of configuring vty lines:

Router# config t

Router(config)# line vty 0 4

Router(config-line)# password SecR3t!pass

Router(config-line)# login

Enable password

The enable password prevents someone from getting full access to your router. Theenable command is actually used to change between different security levels on the router (there are 0-15 levels of security). However, it is typically used to go from user mode (level 1) to privileged mode (level 15). In fact, if you are at user mode and you just type enable, it assumes you want to go to privileged mode.

To set a password to control access from user mode to privileged mode, go to the global configuration mode and use the enable password command, like this:

Router# config t

Router(config)# enable password SecR3t!enable

Router(config)# exit

The downside of the enable password is that it can be easily unencrypted by someone, and that is why you should use enable secret instead.

Enable secret

The enable secret password has the same function as the enable password, but with enable secret, the password is stored in a much stronger form of encryption:

Router(config)# enable secret SecR3t!enable

Tags:Aux, cisco, configure, console, enable password, enable secret, main passwords, password, Vty

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting

Related posts

How to Configure NTP Broadcast Service in Cisco Catalyst 3750 Series Switches

How to Configure a Login Banner in Cisco Switches

A Detailed Procedures for Configuring Cisco Switch Interfaces