18
8/12/2019 2 Ch3 Passwords http://slidepdf.com/reader/full/2-ch3-passwords 1/18 CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 router password s
| Date post: | 03-Jun-2018 |
| Category: |
Documents |
| Upload: | rosalesjesus3 |
| View: | 230 times |
| Download: | 0 times |
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 1/18
CISCO NETWORKING ACADEMY
Chabot College
ELEC 99.08
router password s
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 2/18
CISCO NETWORKING ACADEMY
passwords
• enable
• enable secret
• console
• aux
• vty (telnet sessions)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 3/18
CISCO NETWORKING ACADEMY
enable password
• controls access to privileged exec mode
• by default is not encrypted
• can be encrypted, but with weak protocol
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Fremont
!
enable password cisco
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
Enable password
No encryption of
enable password
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 4/18
CISCO NETWORKING ACADEMY
enable password - continued
• leftover from older versions of IOS
• only used if the enable secret passwordhas not been set
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Fremont
!
enable password cisco
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 5/18
CISCO NETWORKING ACADEMY
enable secret password
• controls access to privileged exec mode
• is encrypted using the MD5 algorithm
• takes precedence over enable password
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Fremont
!
enable password cisco
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
MD5 encryption algorithm
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 6/18
CISCO NETWORKING ACADEMY
console password
• controls access through console port
• may be same or different than enablepasswordip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password cisco
line aux 0login
password cisco
line vty 0 4
login
password cisco
!
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 7/18CISCO NETWORKING ACADEMY
aux password
• controls access through auxiliary port
• may be same or different than enable orconsole passwordsip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password cisco
line aux 0login
password cisco
line vty 0 4
login
password cisco
!
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 8/18CISCO NETWORKING ACADEMY
vty password
• controls telnet access through vty ports
• may be same or different than enable,console, or aux passwordsip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password cisco
line aux 0login
password cisco
line vty 0 4
login
password cisco
!
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 9/18CISCO NETWORKING ACADEMY
2 Passwords in Sequence
1. Access to Router 2. Access to Privileged Mode
Console Password
Aux Password
VTY (telnet) Password
Enable Secret Password
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 10/18CISCO NETWORKING ACADEMY
Password Strategies
• Strategy 1
– Use a special password for enable secret.
– Use the same password for all others.
• Benefits
– Easy to remember
• But
– Blanket access to those who know password
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 11/18CISCO NETWORKING ACADEMY
Password Strategies
• Strategy 2
– Use a special password for enable secret.
– Use different passwords for:
• console
• aux
• vty 0 - 4
•
Benefits – Fine-grained control
• But
–
Hard to remember
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 12/18CISCO NETWORKING ACADEMY
Password Rules
• Always set the enable secret password.
• Never make the enable secret passwordthe same as others that show in plain text
in the config file.
• If you set the enable secret password,there is no need to set the enable
password, which is weak because it is notencrypted. However, setup forces you toset an enable password.
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 13/18
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 14/18CISCO NETWORKING ACADEMY
Strong Passwords
• In our lab, we break the rules to set easyto remember passwords:
– enable secret: chabot
– all access passwords: cisco
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 15/18CISCO NETWORKING ACADEMY
What password to telnet in?
• cats#rats
ip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password donut*hound
line aux 0login
password kiss@frog
line vty 0 4
login
password cats#rats
!
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 16/18CISCO NETWORKING ACADEMY
What password to console in?
• donut*hound
ip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password donut*hound
line aux 0login
password kiss@frog
line vty 0 4
login
password cats#rats
!
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 17/18CISCO NETWORKING ACADEMY
What password to connect with modem?
• kiss@frog
ip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password donut*hound
line aux 0login
password kiss@frog
line vty 0 4
login
password cats#rats
!
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 18/18CISCO NETWORKING ACADEMY
What password to enter privilged mode?
• high-hat (encrypted secret password)
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Hayward
!
enable password apple&candy
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
