 |
Cisco CCNA Certification: Passwords, Passwords, Passwords! |
 |
|
When you’re looking at a Cisco router configuration,
figuring out what the different passwords do can be a little
confusing at first. But as I tell all my students, the key
to understanding something that looks complex is to break
it down to smaller parts.
Having said that, let’s take a look at a typical running
configuration and then break it down line by line to make
sure you understand what each password is doing. This is a
must for success on exam day and on the job!
Username r1 password router
Username chris password Bryant
Username david password stimpson
Enable password cisco
Enable secret ccna
Service password-encryption
Line console0
Login
Password passexam
Line vty 0 4
Login
Password ccnp
There’s a lot going on in that little configuration.
Working from top to bottom, let’s take a look at what
each section does.
Username r1 password router
Username chris password Bryant
Username david password stimpson
The username / password combination creates a local database
that the router will use to authentication users connecting
on your BRI lines, and it’s also used to authenticate
users connecting via telnet!
To use the local database instead of a common VTY password:
Line vty 0 4
Login local
This allows each user to have their own password instead
of everyone using the single VTY line password.
Enable password cisco
Enable secret ccna
The enable password and enable secret commands are used to
do the same thing – protect privileged exec mode, more
commonly referred to as enable mode.
Why use both? The enable password is still in use for backwards
compatibility. Most routers are configured with both, and
they’ll probably be different. (This is because the router’s
going to prompt you for a different password for one if you
try to set them both to the same word.)
If we only have one enable mode to protect, but two different
passwords, which one should a user enter? The enable secret
– because the enable secret always has precedence over
the enable password. No exceptions. (We don’t get to
say that very often in Ciscoland, do we? J )
There’s one other major difference. The enable secret
is encrypted by default the enable password is displayed in
clear text. Actually, all the other passwords you see above
will be displayed in clear text by default.
Service password-encryption
This default can be changed by activating a Cisco router
service that’s off by default. Run the service password-encryption
command to encrypt all passwords in your configuration.
Before a user gets to enable mode, though, there may be a
password to start working at the console to begin with. This
password has to be entered just to get to user exec (assuming
the previous user logged out fully and correctly!).
Line console0
Login
Password passexam
Note that there are two commands. You need to enable the
password function with the “login” command, and
then set a password. The order in which you enter these two
commands does not matter – just make sure you enter them
both!
Line vty 0 4
Login
Password ccnp
Of course, the VTY lines are used to enable Telnet connectivity
and to set a password. Cisco requires a password be set for
Telnet access, and this basic configuration will prompt any
user for the one single password. This password would apply
to all five simultaneous Telnet connections if more than one
user were telnetting in at once.
For much more on Telnet, read my tutorial on the subject,
found at www.thebryantadvantage.com
To get your CCNA, you’ve got to be more than ready for
password questions. Whether you’re asked to set one or
troubleshoot an existing configuration on an exam or on the
job, these should be second nature to you. And they will be,
once you break a configuration like this into smaller parts.
|
|
|
|
Relevant Resources |
|
|
|
|
|
Need Cisco Hardware for your Cert? |
|
|
| Call 813.852.6400 now for more information to find the best router or switch to best help you with your certification exam. Having "real" hands-on experience is extremely beneficial not just for testing, but also ensures you are actually familiar with the device you are working on.
|
|
|
|
|
Cisco Routers |
|
|
|
|
|
Cisco Switches |
|
|
|
|
|
