Scribd
Upload
1K views3 pages

Cisco Router Security Configuration Commands

The document describes router security configuration commands for Cisco routers. It explains commands for setting passwords for router access, enabling authentication, configuring console and telnet ports, setting login timers and blocks, and monitoring login attempts. Commands include enable password, enable secret, username, password, login, line configuration, exec-timeout, and login monitoring commands.

Uploaded by

Steve Hyzny
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views3 pages

Cisco Router Security Configuration Commands

The document describes router security configuration commands for Cisco routers. It explains commands for setting passwords for router access, enabling authentication, configuring console and telnet ports, setting login timers and blocks, and monitoring login attempts. Commands include enable password, enable secret, username, password, login, line configuration, exec-timeout, and login monitoring commands.

Uploaded by

Steve Hyzny
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

ROUTER SECURITY CONFIG COMMANDS

Command Explanation
Cisco and class are used the the following examples as
ROUTER/PRIVILEGE MODE ACCESS passwords and should never be used in a production
environment.
Lab-B(config)#enable password cisco Sets standard clear text password for router
access to privileged mode to “cisco”.
Should not use this command - enable secret should be used in its place.

Lab-B(config)#enable secret class Sets the encrypted version of the routers


password to “class”

Secret password overrides standard password.


Lab-B(config)#security passwords min-length 10 Set the minimum length for all passwords
to 10. Values from 0-16 can be used.
Available starting IOS 12.3(1)
Lab-B(config)#service password-encryption Encrypts all passwords on the router.
Simple encryption. Enable Secret sould still be used as
it uses MD5 encryption.

Lab-B(config)#username steve password cisc12345 Enables authentication on the router for


access. Names and passwords are stored on
the router. Set the username to “steve”
with a password of “cisco12345”
Lab-B(config)#username steve secret cisco12345 Enables authentication and stores the
password using MD5 encryption.
Preferred command for setting up authentication.

STANDARD CONSOLE AND TELNET


Lab-B(config)#line con 0 Changes from Global configuration to Line
Console 0. Used to configure access to
Console port
Lab-B(config-line)#password cisco When used with “login” assigns the
password to be used for a port
Lab-B(config-line)#login Requires that the password be used to log
into the port. Requires “password”
command

Lab-B(config-line)#line vty 0 4 Changes from Global configuration to the 5


(0-4) telnet or virtual terminals
configuration.
Lab-B(config-line)#login Requires that the password be used to log
into the port. Requires “password”
command
Lab-B(config-line)#password cisco When used with “login” assigns the
password to be used for a port

http://www.instructornetwork.com Page 1 of 3
ROUTER SECURITY CONFIG COMMANDS
Command Explanation
Lab-B(config-line)#line aux 0 Changes from Global configuration to the
Auxiliary configuration. Auxiliary port is for
modem access.
Lab-B(config-line)#login Requires that the password be used to log
into the port. Requires “password”
command
Lab-B(config-line)#password cisco When used with “login” assigns the
password to be used for a port
ENHANCED SECURITY CONSOLE AND TELNET
Lab-B(config-line)#exec-timeout 3 Set a timer to end the session after 3
minutes of inactivity. Default is 10 min.
Must be applied to each line separately.
Lab-B(config-line)#no exec Applied to a line, allows only outgoing
connections for the port.
Lab-B(config)#username steve secret cisco12345 Used in place of the password and login
command for the line. The router will use
Lab-B(config-line)#login local the locally stored usernames and passwords
to allow access to the line.

Lab-B(config)# login block-for 15 attempts 3 within 60 Will block the virtual login for 15 seconds if
3 incorrect logins were entered in 60
seconds.
Sets default delay of 1 sec between login attempts

Lab-B(config)# login delay 10 When used with login block-for increases


delay between all login attempts.

Default is 1 sec when used with login block-for


command

Normal Mode – Monitoring Logins, Quite Mode all login attempts are
block unless login quite-mode command is issued.
Lab-B(config)# login quiet-mode access-class Accesslistname Sets the access list to allow admin access to
the router when logins are blocked.

Ip access-list standard accesslistname Set access to only the two Admin PC ip


Permit 192.168.1.11 address to the router when in Quite-mode.
Permit 192.168.2.11
When the router switches from Normal to Quite modes and back logging
messages are generated.

Lab-B(config)# login on-failure log Displays message on every failed Login


attempt
Lab-B(config)# login on-failure log every 5

http://www.instructornetwork.com Page 2 of 3
ROUTER SECURITY CONFIG COMMANDS
Command Explanation
Can change from 1 to 65535.

Lab-B(config)# login on-success log Displays message on every successful Login


attempt
Lab-B(config)# login on-success log every 5
Can change from 1 to 65535.

Lab-B#show login Displays the setting of the login setting.

Lab-B#show login failures Displays additional info about failed logins


such as IP address where the attempt
originated.

http://www.instructornetwork.com Page 3 of 3

You might also like