usernames

Unanswered Question
Apr 30th, 2007

Currently I only need a password to connect to my routers and firewalls. I want to have better security by requiring a username as well. Would that be the "username" command? AND once that is setup, will it always require a username from then on because that's what I want. The routers are 2811 and 1721 and the firewalls are PIX 515 and PIX 506.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
rebwar123 Mon, 04/30/2007 - 21:51

You can configure the usernames with the username command and add their password on the same command line.

username testuser priv 15 pass cisco

Optionally, you can configure the privilege level of that user. Level 15 is the administrative user.Once configured on the lines, the line password is then ignored.

jamilakhtar Tue, 05/01/2007 - 02:46

yes, that would give you desired results.Make SURE that you test the configuration before you save or you will be locked out otherwise.

command is like following:

username your_name passwd your_password.

HTH

Regards,

med_ddevlin Tue, 05/01/2007 - 10:41

If you wanted security on your routers, you can implement this security as well. See command list example below:

aaa new-model

aaa authentication login local_authen local

username johndoe secret secretpassword

line con 0

exec-timeout 5 0

login authentication local_authen

line vty 0 4

exec-timeout 5 0

login authentication local_authen

when you enter your username of choice, be sure to use the "secret" command rather than "password". Reason being - just using "password" only encrypts your password with a weak md5 hash. By using the "secret" command it uses a higher md5 encryption algorithm and is stated by Cisco to be impossible to crack.

This will give you a local username/password store. If (When) you decide to change passwords you will have to manually change it on each device. You can also implement TACACS+ or RADIUS authentication if you wanted to centralize account management. This example is for account management per device.

Also, be sure to implement the "service password-encryption" command as well. This will encrypt your passwords within the config output.

Please rate if this helps.

Actions

This Discussion