Continuing the series of posts about CCNA Exam preparation, this is Part 2 of some basic topics that you will be tested for CCNA.

Router Password Types:

Passwords are the first line of defense for securing Cisco Routers. A Password must be configured for the Virtual Terminal Lines (VTY lines) and for the Console port. A Cisco router supports 5 VTY lines (numbered 0 to 4) which are used for accessing the router using Telnet over the network.

There are five password types that can be configured on a Cisco Router:

• Privileged Level Passwords
  • Enable Password (not encrypted)
  • Enable Secret Password (encrypted password)
• Console Line Password
• VTY Lines Password
• Auxiliary (AUX) Line Password

Configuring Passwords:

Configuring Privileged Level Passwords:

! Configure non-encrypted password (avoid this type)
Router(config)# enable password somepassword

! Configure encrypted password (recommended)
Router(config)# enable secret strongpassword

Configuring Console Line Password:

Router(config)# line console 0
Router(config-line)# password somepassword
Router(config-line)# login

Configuring Auxiliary Line Password:

Router(config)# line aux 0
Router(config-line)# password somepassword
Router(config-line)# login

Configuring VTY Line (Telnet) Password:

Router(config)# line vty 0 4
Router(config-line)# password somepassword
Router(config-line)# login

Encrypting Passwords:

By default, only the enable secret password is encrypted. In order to encrypt the other password types, you need to enable the “password encryption” service globally on the router as following:

Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# service password-encryption

Related posts:

1. Password Security for Cisco IOS Devices
2. Some Basic CCNA Exam Preparation Topics Part I
3. Configuring local username and password on a Cisco IOS Router
4. Basic Cisco Router Configuration Steps
5. Protecting the Telnet VTY Lines of Cisco Devices