cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
444434
Views
25
Helpful
2
Comments
TCC_2
Level 10
Level 10

Core Issue

Proper passwords protect the router from unauthorized access.

Resolution

Follow these steps to configure console passwords.

Note: Before performing this test, ensure that you have an alternate connection into the router, such as Telnet or dial-in, in case there is a problem logging back in to the router.

  1. From the privileged EXEC (enable) prompt, enter configuration mode ((config)) and then switch to line configuration mode ((config-line), by issuing the following commands:

    Note: Notice that the prompt changes to reflect the current mode.

    router#conf t
    !--- Enter configuration commands, one per line. End with CNTL/Z.
    router(config)#line con 0
    router(config-line)#

     2. Configure the password, and enable password checking at login.

router(config-line)#password <password>
router(config-line)#login

     3. Exit configuration mode.

router(config-line)#end
router#
%SYS-5-CONFIG_I: Configured from console by console

     Note: Do not save your configuration changes until your ability to log in has been verified.

     4. Verify the configuration. Examine the configuration of the router to make sure that the commands have been properly entered by issuing the show running-config command. To test the configuration, log off the console with the exit command and log in again, using the configured password to access the router.

router#exit
router con0 is now available
Press RETURN to get started.

     5. Save your configuration.

router#write memory

Perform these steps to configure Telnet passwords.

Note: Before performing this test, ensure that you have an alternate connection into the router, such as console or dial-in, in case there is a problem logging back in to the router.

  1. From the privileged EXEC (or enable) prompt, enter configuration      mode (or (config)) and then switch to line configuration mode ((config-line)), by issuing the following commands:

    Note: Notice that the prompt changes to reflect the current mode.

    router#conf t
    !--- Enter configuration commands, one per line. End with CNTL/Z.
    router(config)#line vty 0 4
    router(config-line)#
  2. Configure the password, and enable password checking at login.
    router(config-line)#password <password>
    router(config-line)#login
  3. Exit configuration mode.
    router(config-line)#end
    router#
    %SYS-5-CONFIG_I: Configured from console by console

    Note: Do not save your configuration changes until your ability to log in has been verified.

  4. Verify the configuration. Examine the configuration of the router to make sure that the commands have been properly entered, by issuing the show running-config command. Test the configuration by making a Telnet connection to the router. This can be done by connecting from a different host on the network, but you can also do so from the router itself by Telnetting to the IP address of any interface on the router that is in an up/up state as seen in the output of the show interfaces command.
router#telnet <ip address>

   5. Save your configuration.

router#write memory

Follow these steps to configure Auxiliary (AUX) port passwords.

Note: before performing this test, ensure that you have an alternate connection into the router, such as console or Telnet, in case there is a problem logging back in to the router.

  1. From the privileged EXEC (or enable) prompt, enter configuration mode ((config)) and then switch to line configuration mode ((config-line)), by issuing the following commands:

    Note: Notice that the prompt changes to reflect the current mode.

    router#conf t
    !--- Enter configuration commands, one per line. End with CNTL/Z.
    router(config)#line aux 0
    router(config-line)#
  2. Configure the password, and enable password checking at login.
    router(config-line)#password <password>
    router(config-line)#login
  3. Exit configuration mode.
    router(config-line)#end
    router#
    %SYS-5-CONFIG_I: Configured from console by console
    Note: Do not save your configuration changes until your ability to log in has been verified.
  4. Verify the configuration. Examine the configuration of the router to make sure that the commands have been properly entered by issuing the show running-config command. Test the configuration by making an inbound or outbound connection      to the line. For specific information on configuring async lines for modem connections, refer to the Modem-Router Connection Guide.
  5. Save your configuration.
router#write memory
Comments
BENSMIR81
Level 1
Level 1

thanks' for this topic

spongebob3
Community Member

This commands are working for TELNET, SSH and VPN:

TELNET https://www.youtube.com/watch?v=EMJW5mBk7Sg
Router(config)# hostname R1
Line vty 0 4
Password »cisco«
Login
“Ni dovoljenja no pasword set=”
line vty 0 4
privilege level 15
ali
conf t
line vty 0 4
no privilege level 15
end

AND SSH IF YOU NEED :

SSH (ssh –l )
Ip domain-name »vegova.si«
crypto key generate rsa
1024
R1(config)#ip ssh ver
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#transport input all
SWITCH
(make vlan)=
Hostname »S1«
Switch(config)#int vlan 1
Switch(config-if)#ip address 192.168.1.4 255.255.255.0
S1(config-if)#no shutdown

and VPN if you want:

VPN
https://www.youtube.com/watch?v=-hoKtNauHjI

1. Nastavitev parametrov varne zveze IKE

Router(config)#crypto isakmp policy 1 definiranje politike IKE
Router(config-isakmp)#hash md5 izbira zgoščevalnega algoritma
Router (config-isakmp)#encryption des izbira enkripcijskega algoritma
Router(config-isakmp)#authentication pre- share določitev avtentikacijskega postopka
Router(config-isakmp)#lifetime 86400 čas trajanja zveze v sekundah
Router(config-isakmp)#group 2 izbira skupine Diffie-Hellman
Router(config)#crypto isakmp key 0 KLJUC
address 172.16.1.10 določitev ključa za avtentikacijo, ki ga povežemo s končno točko tunela (IP naslov varnostnega prehoda 2)

2. Nastavitev parametrov tunelske povezave IPSec

Router(config)#crypto ipsec transform-set
TUNEL esp-des esp-md5-hmac izbira protokolov in algoritmov tunelske povezave IPSec
Router(cfg-crypto-trans)#mode tunnel določitev tunelskega načina varne zveze – ni

3. Nastavit ev šifrirnega načrta
Končna točka je zadnji pc

Router(config)#crypto map NACRT 1 ipsec- isakmp šifrirni načrt določimo z imenom, številko in načinom vzpostavljanja tunelske povezave
Router(config-crypto-map)#set peer
172.16.1.10 določitev končne točke tunelske povezave
Router(config-crypto-map)#set transform-set
TUNEL izbira predhodno definiranega nabora protokolov in algoritmov
Router(config-crypto-map)#match address 100 izbira dostopovnega seznama oz. prometa, ki se naj kriptira

4. Določitev dostopovnega seznama oz. prometa, ki naj se šifrir a

Router(config)#access-list 100 permit ip
192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

določitev prometa, ki naj se kriptira (naš primer: promet, ki gre iz omrežja 192.168.10.0 v omrežje 192.168.20.0)

5. Določitev vmesnika, kjer se izvaja enkripcija prometa

Router(config)#interface FastEthernet 0/1 izberemo vmesnik na katerem se bo izvajala enkripcija
Router(config-if)#crypto map NACRT izvaja naj se šifrirni načrt, ki je določen s
politiko ˝NACRT˝

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: