There are five passwords used to secure your Cisco routers: console, auxiliary, telnet (VTY),enable password, and enable secret. Just as you learned earlier in the chapter, the first two passwords are used to set your enable password that’s used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed either through the console port, through the auxiliary port, or via Telnet.
Setup Enable Passwords
You set the enable passwords from global configuration mode like this
Router(config)#enable ?
last-resort – Define enable action if no TACACS servers respond
password – Assign the privileged level password
secret – Assign the privileged level secret
use-tacacs – Use TACACS to check enable passwords
The following points describe the enable password parameters
Last-resort – Allows you to still enter the router if you set up authentication through a TACACS
server and it’s not available. But it isn’t used if the TACACS server is working.
Password – Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable
secret is set.
Secret – Is the newer, encrypted password that overrides the enable password if it’s set.
Use-tacacs – This tells the router to authenticate through a TACACS server. It’s convenient if you
have anywhere from a dozen to multitudes of routers.
Here’s an example of setting the enable passwords
Router(config)#enable secret admin
Router(config)#enable password admin
The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password.
If you try to set the enable secret and enable passwords the same, the router will give you a nice, polite warning to change the second password. If you don’t have older legacy routers,don’t even bother to use the enable password.
Cisco 2821
When i log into it using telnet i log in and its automatically logged in on enable mode.
How can i make it so i can have the the normal prompt and then if i type enable it will ask for pass and then enter config.
To set a password ona router where you log in by telnet do:
– go to the enable mode (type “enable”)
– go to global configuration (type “config”)
– pick a line which is used by telnet connection (type “line vty 0 4” or “line vty 0 15”)
– type “login”
_ type “password YOUR_PASSWORD”
From now on when you log into this router using telnet you will by asked for a password
on basic configuration i given ip for interface and given line vty password, but forgotton togive enable password on giving remote access.
is there any possibility to give password on remotely?. if there how?
pls explain me.
how to enable routers through ssh any idea and commands ragarding this