Is sideways importance of safety in production networks, especially the Internet facing network. Secure Cisco routers or switches are not expose your risk virtually an unlimited number of networks. This lab will teach you in the Cisco IOS software to ensure that your Cisco router and exchanger basics of password authentication.
Lab Prerequisites:
- If you are using GNS3, load Binder CCNA free topology and R1.
- Establish a console session with the Router 1.
- Configure the console line password, so that any attempt to establish a console session to the device will prompt for a password. When you are finished, please verify your configuration.
- Configuration 0 line VTY password, so that any attempt to establish a Telnet/SSH to a device session will prompt for a password. When you are finished, please verify your configuration.
- Configure the enable password and enable secret. When you are finished, please verify the configuration.
- Configuration guides passwords so that anyone trying to build to your device (router) guides the session will prompt for a password.
Lab Instruction:
Step 1. To meet the console password protection in the console first, you will need to navigate to the console line configuration mode looks like this;
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>enable
Router#configure terminal
Router(config)#line console 0
Router(config-line)#
Once the console line configuration mode, you can perform the password passwordgoeshere, as shown below to set passwords, the password is being set to Cisco123;
Router(config-line)#password Cisco123
Just set the password-password authentication is not enabled. You need to tell the router prompts the incoming session requires a password on the console line. This is done by performing the logon command line configuration mode see below;
Router(config-line)#login
Now you can test your console line the exec password, but first you have to end your session by typing the end and exit and then attempts to establish a new exec session from the console looks like this;
Router(config-line)#end
Router#exit
Router con0 is now available
Press RETURN to get started.
User Access Verification
Password:
Router>
Step 2. Now its time to configure VTY (virtual teletype) line. VTY lines are used to create a virtual line exec session via Telnet or SSH. You apply passwords to the lines and in the same way you used the console looks like this;
Router>enable
Router#config terminal
Router(config)#line vty 0 4
Router(config-line)#password Cisco321
Router(config-line)#login
Note that in this example, the password is set to Cisco321, just to prove that you can have a different password per line. In order to verify this configuration; typically you will need an Ethernet connection to your device, in accordance with this requirement you will need to assign IP address to the interface. For example assigning 10.1.1.1 interface loopback0, as follows;
Router(config-line)#interface lo0
Router(config-if)#ip add 10.1.1.1 255.255.255.255
Router(config-if)#end
Router#
To configure vty line password that you can telnet to your local interface to start a Telnet exec session, as shown below;
Router#telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Password:
Router>
As you can see you are prompted to enter the VTY line password. If you enter the console line password, you will be denied access, but entered the vty line password, you will be authorized to start an exec session, as shown in the figure.
Once you establish a Telnet session to the router, try to gain privileged access. You will notice immediately that will prompt you to enter without a set so you cannot access level "enable" password.
Router>enable
Password:
Password:
Password:
% Bad passwords
Router>
0 comments:
Post a Comment