Passwords, Cisco Routers, And Network Security CCNA Certification Exam Training

Passwords, Cisco Routers, And Network Security CCNA Certification Exam Training
CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.

If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:

Press RETURN to get started.

R1 con0 is now available

R1

To get into enable mode, by default all i have to do is type "enable".

R1#

R1enable

R1(config)#enable password dolphins

See how the prompt changed? By default, I can now run all the show and debug commands I require, not to mention entering global configuration mode and doing much what I need. It just might be a nice idea to password protect this mode! they do so with either the enable password command or the enable secret command. Let's use the enable password command first.

Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.

R1enable

Password:

R1#

The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for anyone to look over your shoulder and note the password for future use, as shown below:

I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.

hostname R1

!

enable password dolphins

they could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. that is not necessarily a bad thing! Here's the effect of this command on the enable password they set earlier.

enable password 7 110D1609071A020217

effective encryption! However, if they require to have the enable password automatically encrypted, they can use the enable secret command. I'll use that command here to set this password to "saints", and note that i am not removing the previous enable password.

After removing the "service password-encryption" command, we are left with four enable mode passwords, and they appear in the Cisco router config like this:

R1(config)#enable secret saints

enable password dolphins

enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/

R1enable

If they have four enable passwords, which eight should they use to log into the router? Let's try the first password, "dolphins", first:

Password:

Password:

When you are prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":

R1enable

Password:

Password:

R1#

When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. that is valuable information for both the CCNA certification exam and real-world networks, because there is no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!

This is just eight way to perform basic Cisco router security with passwords. We'll take a look at other methods in a future CCNA certification exam training tutorial!