How to setup a password on my cisco router

Make sure that your Cisco router and switch passwords are set properly. Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter , delivered each Friday! Why do you need to secure your router with passwords? They are: User: In User mode, basic interface information on the router is displayed.

Well-known Cisco CCNA author, Todd Lammle, once called the user mode "useless mode" because no configuration changes can be made, nor can you view anything important at this level. It is also called user exec mode. Privileged : Sometimes called the privileged exec or just priv mode , configuration views and changes are made at this level. In my opinion, this is the first point at which it is absolutely critical to have a password set although you should have password access even at user mode.

This is where you would make changes that would affect your whole router, including configuration changes. You will need to step in a little deeper in the router's commands to make changes to your configuration. Editor's Picks. The best programming languages to learn in Check for Log4j vulnerabilities with this simple-to-use script. TasksBoard is the kanban interface for Google Tasks you've been waiting for.

Paging Zefram Cochrane: Humans have figured out how to make a warp bubble. Comment and share: How to properly secure your Cisco router with passwords. Show Comments. Aux: An RJ connection on most routers allows you to connect a modem to the port, dial in to the router, and make a console connection. VTY: Virtual Teletype is used to allow a Telnet connection to the router, which will then work like a console port. You must have an active interface on the router for Telnet to connect to the router.

The most important thing to understand about the three connection modes is that they get you into user mode only. To view and change the configuration, you need to be in privileged mode.

You can enter privileged mode by first entering user mode and then typing the command enable. It is important to remember that to change the router configuration, you must be in privileged EXEC mode. The console, aux, and VTY ports are used to get into user mode only and have nothing to do with how the router is configured.

Here is an example of how to get into privileged mode on a Cisco router through the console port: Line con 0 now ready, press return to continue At this point, you press Enter. Next, you will see: Enter password: This prompt is asking for the console user-mode password. When you are in privileged mode, the prompt changes to a pound sign.

Global configuration mode Once you are in privileged mode, you enter global configuration mode to change the configuration. You make changes by typing the command configure terminal. However, I prefer to type the shortcut command config t. This allows you to change the running-config, a file that is in DRAM and is the configuration the router is using.

Once you type configure terminalfrom privileged mode, your prompt changes to the following: Router configure terminal Router config This prompt tells you that you are in global configuration mode.

From here, you can make changes to the router that affect the router in whole, hence the name global configuration mode. For example, this is the location where you set the router passwords. If you want to change the configuration of an interface, you would have to enter interface configuration mode from global configuration mode. The five passwords Now that you understand the difference between user mode, privileged mode, and global and interface configuration modes, you can now set the passwords for each level.

Here are the five passwords you can set on a Cisco router: Console Aux VTY Enable password Enable Secret We will discuss each of these passwords and how to configure them in the following sections. Console This is the basic connection into every router. To initially set up a router, you need to connect to the console port and at a minimum enable one interface and set the VTY password.

After one interface is enabled and the VTY lines are configured, an administrator can then Telnet into the router and do the final configurations from that connection. However, the console port can be used to configure the complete configuration at any time.

This can put a strain in our power management components and may result in a security incident, not necessarily related to a malicious attack. But again, the security is a multidimensional practice and so not only do we need to care about physical threats and physical security, but also access control and management control into the routers.

We have seen these commands already to configure line access into the device for management purposes. Each line can have its own password, or you can tie all of the lines to a local user database. You could even think about transporting or centralizing that user database in the form of a AAA server and have all devices querying that server in order to obtain authentication information. Management should also be based on roles; this is what we know as role-based access control and so you should have users for certain functions in the device and other users that have access to privileged functions, which initially are set and defined by the enable and enable secret commands.

Even if you are using local authentication it is highly advisable to have users defined with appropriate privilege level. To force a user login process Authentication you need to switch to "AAA new-model" and to create a user.

Again if you are using secret instead of password your configuration will be stronger. Information is power and as users get acquainted with the security policy, they will be in better position to comply with it or identify the situations in which the policies are not being fulfilled.