Nov 142007
 

Sponsored Link

There are five passwords used to secure your Cisco routers: console, auxiliary, telnet (VTY),enable password, and enable secret. Just as you learned earlier in the chapter, the first two passwords are used to set your enable password that’s used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed either through the console port, through the auxiliary port, or via Telnet.

Setup Enable Passwords

You set the enable passwords from global configuration mode like this

Router(config)#enable ?

last-resort -- Define enable action if no TACACS servers respond

password -- Assign the privileged level password

secret -- Assign the privileged level secret

use-tacacs -- Use TACACS to check enable passwords

The following points describe the enable password parameters

Last-resort -- Allows you to still enter the router if you set up authentication through a TACACS
server and it’s not available. But it isn’t used if the TACACS server is working.

Password -- Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable
secret is set.

Secret -- Is the newer, encrypted password that overrides the enable password if it’s set.

Use-tacacs -- This tells the router to authenticate through a TACACS server. It’s convenient if you
have anywhere from a dozen to multitudes of routers.

Here’s an example of setting the enable passwords

Router(config)#enable secret admin

Router(config)#enable password admin

The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password.

If you try to set the enable secret and enable passwords the same, the router will give you a nice, polite warning to change the second password. If you don’t have older legacy routers,don’t even bother to use the enable password.

Sponsored Link

 Posted by at 1:00 pm
  • francis

    Cisco 2821

    When i log into it using telnet i log in and its automatically logged in on enable mode.

    How can i make it so i can have the the normal prompt and then if i type enable it will ask for pass and then enter config.

  • helper

    To set a password ona router where you log in by telnet do:
    - go to the enable mode (type “enable”)
    - go to global configuration (type “config”)
    - pick a line which is used by telnet connection (type “line vty 0 4″ or “line vty 0 15″)
    - type “login”
    _ type “password YOUR_PASSWORD”
    From now on when you log into this router using telnet you will by asked for a password

  • suresh

    on basic configuration i given ip for interface and given line vty password, but forgotton togive enable password on giving remote access.
    is there any possibility to give password on remotely?. if there how?
    pls explain me.

  • rayudu

    how to enable routers through ssh any idea and commands ragarding this