Information Technology Reference
In-Depth Information
Router Operations
This section reviews the line and enable passwords, password recovery, and the different
methods to access the routers.
Password Security
Passwords can be set for the console, auxiliary port, terminal controller (TTY), and virtual
terminal (VTY) lines. The
login
command tells the router to prompt for the password. The
password
command sets the password. The
login
command can also authenticate with locally
configured usernames and passwords or use TACACS for authentication. You use the
login
local
command when using locally configured users. You use the
login
tacacs
command when
using authentication. A series of commands must be configured when using these advanced
features, which are not covered in this topic. You use the
login
command with no options to use
the configured line password.
The console is configured with the
line console 0
command. The following commands
configure the console to prompt for the password and to set the password:
router1(config)#line console 0
router1(config-line)#login
router1(config-line)#password cisco
The auxiliary port is configured with the
line aux 0
command. The following commands
configure the auxiliary port to prompt for the password and to set the password:
router1(config)#line aux 0
router1(config-line)#login
router1(config-line)#password cisco
Most routers have five terminal lines, from line 0 to line 4. All terminal lines are configured with
the
line vty 0 4
command. The following commands configure the virtual terminal lines to
prompt for a password and to set the password:
router1(config)#line vty 0 4
router1(config-line)#login
router1(config-line)#password cisco
If you use the
login
command, but the password is not set for vty lines, Telnet access is not
granted. The router returns a
password not set
message and disconnects the Telnet session. If
you do not use the
login
command, users are granted access without prompting for passwords.
NOTE
There are two methods to set the enable (privileged mode) password. The first is the
enable
password
command. This method was superceded by the
enable secret
command, which was
introduced to provide the additional security of password encryption. If you use both commands,
the
enable secret
command overrides the
enable password
command.
Search WWH ::
Custom Search