2 ch3 passwords
TRANSCRIPT
![Page 1: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/1.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 1/18
CISCO NETWORKING ACADEMY
Chabot College
ELEC 99.08
router password s
![Page 2: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/2.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 2/18
CISCO NETWORKING ACADEMY
passwords
• enable
• enable secret
• console
• aux
• vty (telnet sessions)
![Page 3: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/3.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 3/18
CISCO NETWORKING ACADEMY
enable password
• controls access to privileged exec mode
• by default is not encrypted
• can be encrypted, but with weak protocol
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Fremont
!
enable password cisco
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
Enable password
No encryption of
enable password
![Page 4: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/4.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 4/18
CISCO NETWORKING ACADEMY
enable password - continued
• leftover from older versions of IOS
• only used if the enable secret passwordhas not been set
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Fremont
!
enable password cisco
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
![Page 5: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/5.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 5/18
CISCO NETWORKING ACADEMY
enable secret password
• controls access to privileged exec mode
• is encrypted using the MD5 algorithm
• takes precedence over enable password
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Fremont
!
enable password cisco
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !
MD5 encryption algorithm
![Page 6: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/6.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 6/18
CISCO NETWORKING ACADEMY
console password
• controls access through console port
• may be same or different than enablepasswordip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password cisco
line aux 0login
password cisco
line vty 0 4
login
password cisco
!
![Page 7: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/7.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 7/18CISCO NETWORKING ACADEMY
aux password
• controls access through auxiliary port
• may be same or different than enable orconsole passwordsip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password cisco
line aux 0login
password cisco
line vty 0 4
login
password cisco
!
![Page 8: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/8.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 8/18CISCO NETWORKING ACADEMY
vty password
• controls telnet access through vty ports
• may be same or different than enable,console, or aux passwordsip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password cisco
line aux 0login
password cisco
line vty 0 4
login
password cisco
!
![Page 9: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/9.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 9/18CISCO NETWORKING ACADEMY
2 Passwords in Sequence
1. Access to Router 2. Access to Privileged Mode
Console Password
Aux Password
VTY (telnet) Password
Enable Secret Password
![Page 10: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/10.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 10/18CISCO NETWORKING ACADEMY
Password Strategies
• Strategy 1
– Use a special password for enable secret.
– Use the same password for all others.
• Benefits
– Easy to remember
• But
– Blanket access to those who know password
![Page 11: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/11.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 11/18CISCO NETWORKING ACADEMY
Password Strategies
• Strategy 2
– Use a special password for enable secret.
– Use different passwords for:
• console
• aux
• vty 0 - 4
•
Benefits – Fine-grained control
• But
–
Hard to remember
![Page 12: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/12.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 12/18CISCO NETWORKING ACADEMY
Password Rules
• Always set the enable secret password.
• Never make the enable secret passwordthe same as others that show in plain text
in the config file.
• If you set the enable secret password,there is no need to set the enable
password, which is weak because it is notencrypted. However, setup forces you toset an enable password.
![Page 13: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/13.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 13/18
![Page 14: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/14.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 14/18CISCO NETWORKING ACADEMY
Strong Passwords
• In our lab, we break the rules to set easyto remember passwords:
– enable secret: chabot
– all access passwords: cisco
![Page 15: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/15.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 15/18CISCO NETWORKING ACADEMY
What password to telnet in?
• cats#rats
ip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password donut*hound
line aux 0login
password kiss@frog
line vty 0 4
login
password cats#rats
!
![Page 16: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/16.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 16/18CISCO NETWORKING ACADEMY
What password to console in?
• donut*hound
ip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password donut*hound
line aux 0login
password kiss@frog
line vty 0 4
login
password cats#rats
!
![Page 17: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/17.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 17/18CISCO NETWORKING ACADEMY
What password to connect with modem?
• kiss@frog
ip route 0.0.0.0 0.0.0.0 Serial1
!
line con 0
login
password donut*hound
line aux 0login
password kiss@frog
line vty 0 4
login
password cats#rats
!
![Page 18: 2 Ch3 Passwords](https://reader034.vdocuments.us/reader034/viewer/2022052305/577cc9811a28aba711a3efe3/html5/thumbnails/18.jpg)
8/12/2019 2 Ch3 Passwords
http://slidepdf.com/reader/full/2-ch3-passwords 18/18CISCO NETWORKING ACADEMY
What password to enter privilged mode?
• high-hat (encrypted secret password)
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Hayward
!
enable password apple&candy
enable secret 5 $1$IpVp$omFRfC1zaVwq.9UOCL3lB. !