Correctly configure the Cisco Router password to ensure Network Security

Source: Internet
Author: User
Tags ssh access

Network security management involves many aspects. However, looking at many security events, we can draw a basic conclusion that the harm is caused by ignoring basic security measures. This article will discuss the importance of maintaining Cisco Router password security, explain the three modes of Cisco router IOS, and show readers how to configure five passwords to protect network security.

Causes of vro security protection using passwords

First, as a Cisco device administrator, we must realize that vrouters do not have any automated password defense. The Administrator must take the password settings of Cisco devices seriously.

The soul of a Cisco device is IOS, which has different modes. These modes are set in different levels, which means that the deeper the access, the more privileges are required, and the more passwords are set for each corresponding level.

Three major Cisco IOS Models

User Mode

In user mode, the basic interface information of the router is displayed. Some people think that this mode is useless because configuration changes cannot be made in this mode, and users cannot view any important information.

Privileged Mode

The administrator can view and change the configuration in this mode. I believe that it is absolutely important to have a set of passwords at this level. To switch from user mode to privileged mode, the administrator needs to enter the enabel command and press the Enter key:

Router> enableRouter#

Global Configuration Mode

In privileged mode, we can now access global configuration mode. Here, we can make changes that affect the operation of the entire router. These changes include, of course, configuration changes. As an administrator, we need to go further to the vro command to make reasonable changes to its configuration.

The following is an example of accessing this mode:

Router# configure terminalRouter(config)#

Correctly configure five passwords

First, you must know that Cisco IOS has five major passwords: Console password, AUX password, VTY password, Enable password, and Enable secret password. The following are analyzed respectively.

Console Password

If you do not set a password on the vro console, other users can access the user mode. If you do not set a password for other modes, others can easily enter other modes. The Console port is the place where the user first sets the new router. It is extremely important to set a password on the Console port of the vro, because this prevents others from connecting to the vro and accessing the user mode.

Because each vro has only one console port, you can use the line console 0 command in global configuration, and then use the login and password commands to complete the settings. Here, the password command is used to set an appropriate password, as shown below:

Router# config tRouter(config)# line console 0Router(config-line)# password SecR3t!passRouter(config-line)# login

Note: It is best to set a complex password to avoid being guessed by others.

Aux (Auxiliary port) password

This is also a physical access port on the router, but not all routers have this port. Because the Aux port is a backup port of the Console port, it is equally important to configure a password for it.

Router# config tRouter(config)# line aux 0Router(config-line)#password SecR3t!passRouter(config-line)# login

(VTY) Remote Login Password

A virtual terminal connection is not a physical connection, but a virtual connection. You can use it for telnet or ssh access to the vro. Of course, you need to set an active LAN or WAN interface on the vrotelnet to facilitate telnet. Because different routers and vswitches have different VTY port numbers, you should check which ports are available before configuring these ports. To do this, you can type line in privileged mode? Command. The following is an example of configuring VTY connections:

Router# config tRouter(config)# line vty 0 4Router(config-line)# password SecR3t!passRouter(config-line)# login

Enable password-Enable password

The enable password command Prevents someone from obtaining full access to the vro. The Enable command can be used to switch between different security levels of a vro (a total of 16 security levels, such as 0-15 ). However, it is most commonly used to switch from user mode (level 1) to privileged mode (Level 15 ). In fact, if you are in user mode and the user type the enable command, this command assumes that you are in privileged mode.

If you want to set a password to control the user's switch from user mode to privileged mode, you need to enter global configuration mode and use the enable password command, as shown below:

Router# config tRouter(config)# enable password SecR3t!enableRouter(config)# exit

Enable password-Enable password

The enable password command Prevents someone from obtaining full access to the vro. The Enable command can be used to switch between different security levels of a vro (a total of 16 security levels, such as 0-15 ). However, it is most commonly used to switch from user mode (level 1) to privileged mode (Level 15 ). In fact, if you are in user mode and the user type the enable command, this command assumes that you are in privileged mode.

If you want to set a password to control the user's switch from user mode to privileged mode, you need to enter global configuration mode and use the enable password command, as shown below:

The bad side of the Enable password command is that it is easily guessed by others, which is why we need to use enabel secret.

Enable secret-Enable Encryption

Enable the encryption password is the same as enable password. However, by using the "enable secret", passwords are stored in a more robust form of encryption:

Router(config)# enable secret SecR3t!enable

In many cases, many network paralysis is caused by lack of password security. Therefore, the Administrator must ensure that the vswitch and vro passwords are correctly set.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.