HOW TO SECURE (PASSWORD PROTECT) YOUR CISCO ROUTER (CCNA)

In this post we will learn how to secure your router by password protection . And how to hide your password so that no one will be able to see it . Also how to secure console and auxiliary port in routers . We will put Double layer security on router so that no malicious users will be able to configure router .

router password protected

Let’s start :

First step is how to enable password in routers

  • Go to configure t
  • Then type enable password
  • after that password you want to give .  123 is my password .

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable password 123
Router(config)#exit
Router#

  • Then exit terminal and run show running-config command
  • This will show password of your routers .

Router#show running-config
Building configuration…

Current configuration : 728 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
enable password 123
!

no ip cef
no ipv6 cef
!

!
spanning-tree mode pvst

!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
shutdown
HOW TO REMOVE PASSWORD

  • Go to config terminal
  • And type no enable password .
  • check by running show runing-config command .

Router(config)#no enable password
Router(config)#exit
Router#

Router#show running-config
Building configuration…

Current configuration : 706 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!

no ip cef
no ipv6 cef

CREATE SECRET PASSWORD

  • Go to terminal
  • Like enable password which you type earlier , this time type enable secret then password you want to give .
  • 123 is my password that i want to give

Router(config)#enable secret 123
Router(config)#exit
Router#

  • Type show running-config command . Here you will find its not showing password , what it was showing earlier .

Router#show running-config
Building configuration…

Current configuration : 755 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!

enable secret 5 $1$mERr$3HhIgMGBA/9qNmgzccuxv0
!

no ip cef
no ipv6 cef

TO CHECK  PASSWORD

  • Exit terminal and if you try to login router . It will ask you to provide password to configure router .

 

Router>en

Password:

CONSOLE SECURITY

Console is a port in router which is used by admin mostly to configure router . Its a double layer security .
Router(config)#line console 0
Router(config-line)#password 123
Router(config-line)#login
Router(config-line)#exit
Router(config)#exit

  • Now run show running-config command to check .
  • At the bottom you will find console password is been set .

Router#show running-config
Building configuration…

Current configuration : 776 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!

enable secret 5 $1$mERr$3HhIgMGBA/9qNmgzccuxv0
!

no ip cef
no ipv6 cef
!

spanning-tree mode pvst
!

interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!

line con 0
password 123
login

HOW IT ASK PASSWORD 

  • First you have to give console password then secret oe enable password you have set .
User Access Verification

Password:

Router>en

Password:

 

HIDE ALL PASSWORD

  • As we give password is been shown always , whenever we type show running-config command
  • Now i’m going to create enable password and console password .
  • after that i’ll write service password-encryption command .( to hide all password )

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable password 123
Router(config)#line console 0
Router(config-line)#password 123
Router(config-line)#login
Router(config-line)#exit
Router(config)#service password-encryption
Router(config)#exit
Router#

  • Now i’ll run show running-config command .
  • I have given password to 123 to both security . But it’s showing different .

Router#show running-config
Building configuration…

Current configuration : 760 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!

enable password 7 08701E1D
!

no ip cef
no ipv6 cef
!

spanning-tree mode pvst

interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9

line con 0
password 7 08701E1D
login
!

 

AUX PASSWORD

  • One more port is there other than console its aux port .

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line aux 0
Router(config-line)#password 123
Router(config-line)#login
Router(config-line)#exit
Router(config)#exit
Router#

  • Same with show running-config command you can check ip address of routers and password of aux .

Router#show running-config
Building configuration…

Current configuration : 572 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router

ip cef
no ipv6 cef

interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown

line aux 0
password 123
login

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s