Information Technology Reference
In-Depth Information
Router Operations
This section reviews the line and enable passwords, password recovery, and the different
methods to access the routers.
Password Security
Passwords can be set for the console, auxiliary port, terminal controller (TTY), and virtual
terminal (VTY) lines. The login command tells the router to prompt for the password. The
password command sets the password. The login command can also authenticate with locally
configured usernames and passwords or use TACACS for authentication. You use the login
local command when using locally configured users. You use the login tacacs command when
using authentication. A series of commands must be configured when using these advanced
features, which are not covered in this topic. You use the login command with no options to use
the configured line password.
The console is configured with the line console 0 command. The following commands
configure the console to prompt for the password and to set the password:
router1(config)#line console 0
router1(config-line)#login
router1(config-line)#password cisco
The auxiliary port is configured with the line aux 0 command. The following commands
configure the auxiliary port to prompt for the password and to set the password:
router1(config)#line aux 0
router1(config-line)#login
router1(config-line)#password cisco
Most routers have five terminal lines, from line 0 to line 4. All terminal lines are configured with
the line vty 0 4 command. The following commands configure the virtual terminal lines to
prompt for a password and to set the password:
router1(config)#line vty 0 4
router1(config-line)#login
router1(config-line)#password cisco
If you use the login command, but the password is not set for vty lines, Telnet access is not
granted. The router returns a password not set message and disconnects the Telnet session. If
you do not use the login command, users are granted access without prompting for passwords.
NOTE
There are two methods to set the enable (privileged mode) password. The first is the enable
password command. This method was superceded by the enable secret command, which was
introduced to provide the additional security of password encryption. If you use both commands,
the enable secret command overrides the enable password command.
 
Previous Page
Next Page
CCIE Routing and Switching Exam Certification Guide
Search WWH ::




Custom Search
Home