some basic passwords which keep unauthorized individuals from messing up your network.
 |
| Setting a password to enter PRIVILEGED mode |
First Thing you want to secure ist the User PRIVILEGED mode (the mode you jump into when you enter "enable"). There are three ways of assigning a password to that mode, but only two of them should be applied in a real world enviroment.
 |
| Password stored in clear text? - NOT GOOD |
Option one is "enable password yourpassword" in configuration mode, which will assign a password but store it in clear text, which nobody should want or do.
 |
| $1$qrU6$C.oiqfu8punRdpG1XoajX0 - HASH GOOD :D |
Option three is using a TACACS server to do the job which we will not cover in this post because we are just dealing with the most basic password assignments here.
 |
| All passwords encrypted? Mission accomplished! |
Now that we have a password for our PRIVILEGED mode we want to set password for logging onto our device via the vty and console ports:
R1(config)#line vty 0 4
R1(config-line)#password yourpassword
R1(config)#line console 0
R1(config-line)#password yourpassword
After doing that it is strongly recommended that you use the
service password-encryption command to store these and all future passwords encrypted in your running config.
No comments:
Post a Comment