DreamPirates DreamPirates

CCNA Certification Exam Training: Passwords, Cisco Routers, And Network Security

Author : Elizabeth Huston789
Publish Date : 2021-04-17 09:13:48
CCNA Certification Exam Training: Passwords, Cisco Routers, And Network Security

CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain quite a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.

If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:

R1 con0 is now available

Press RETURN to get started.

R1>

To get into enable mode, by default all I have to do is type "enable".

R1>enable

R1#

See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.

R1(config)#enable password dolphins

Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.

R1>enable

Password:

R1#

I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.

The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:

hostname R1

 

https://exedprograms.kellogg.northwestern.edu/eportfolios/1341/Home/Advanced_PR000041_Exam
https://exedprograms.kellogg.northwestern.edu/eportfolios/1341/Home/Innovative_PRINCE2Foundation_Exam
https://exedprograms.kellogg.northwestern.edu/eportfolios/1341/Home/Innovative_PRINCE2Practitioner_Exam
https://exedprograms.kellogg.northwestern.edu/eportfolios/1341/Home/Innovative_PSMI_Exam
https://exedprograms.kellogg.northwestern.edu/eportfolios/1341/Home/Real_PSP_Exam

 

 

!

enable password dolphins

We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.

enable password 7 110D1609071A020217

Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.

R1(config)#enable secret saints

After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:

enable password dolphins

enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/

If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:

R1>enable

Password:

Password:

When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":

R1>enable

Password:

Password:

R1#

When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!

This is just one way to perform basic Cisco router security with passwords. We'll take a look at other methods in a future CCNA certification exam training tutorial!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!

Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, “How To Pass The CCNA”, is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage!
CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain quite a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.

If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:

R1 con0 is now available

Press RETURN to get started.

R1>

To get into enable mode, by default all I have to do is type "enable".

R1>enable

R1#

See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.

R1(config)#enable password dolphins

Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.

R1>enable

Password:

R1#

I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.

The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:

hostname R1

!

enable password dolphins

We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.

enable password 7 110D1609071A020217

Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.

R1(config)#enable secret saints

After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:

enable password dolphins

enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/

If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:

R1>enable

Password:

Password:

When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":

R1>enable

Password:

Password:

R1#

When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!

This is just one way to perform basic Cisco router security with passwords. We'll take a look at other methods in a future CCNA certification exam training tutorial!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!

Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, “How To Pass The CCNA”, is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage!



Category : general

How to Make Notes with the Assistance of online Homework Help USA

How to Make Notes with the Assistance of online Homework Help USA

- When you decide to compose the article, the meaning of developing a homework technique appears to be experienced. Making a paper isnt a simple task.


Get FSL-201 PDF Dumps For FSL-201 Exam Prep

Get FSL-201 PDF Dumps For FSL-201 Exam Prep

- Solutions for your career oriented certification. PDF, Practice test software. Get latest and Actual Exam Dumps For Best Results In Final Exam.


How The Cisco-Linksys E3000 Router Works

How The Cisco-Linksys E3000 Router Works

- The powerful Cisco-Linksys E3000 wireless router was created for optimizing the wireless entertainment right inside your home. You may now connect to your DVRs.


Guidelines and Tricks For An Effective Cisco 200-901 Exams Preparation

Guidelines and Tricks For An Effective Cisco 200-901 Exams Preparation

- Homeschool homes need to integrate a worthwhile instrument into their instructional curricula further than the textbooks and core topics