CCNA Cisco Certification Training Case Study: How Multiple Passwords Affect Router Access
- Date: 2006-11-21 - Word Count: 555
Share This!
Your CCNA certification exam efforts must include practicing with different password types and knowing how to configure them on a Cisco router - but for CCNA exam success and to thrive in real-world networks, you also have to know how to examine a Cisco router configuration and determine the level of network security that is already present. After all, most routers you work with already have passwords set, and it's up to you to determine if those passwords are getting the job done.
Let's start with a telnet password. Telnet passwords are configured on the VTY lines, and no telnet access is enabled on a Cisco router by default. If you saw the following configuration, what would it mean?
line vty 0 4
privilege level 15
password baseball
login
That small Cisco router configuration means three things - first, Telnet access is enabled. Second, the password is baseball. Third, the "privilege level 15" command means that any user who attempts to Telnet to the router and knows the password will automatically be placed into privileged exec mode. (If that command were not present, the user would be placed into user exec and then prompted for the enable password before being allowed into privileged exec.)
You may not want to give that level of access to all incoming Telnet connections. If you walked into a client's router room and saw this configuration on a router, what would it mean to you?
username halas password 0 bears
username ewbank password 0 jets
username ed privilege 15 password 0 mcdaniel
line vty 0 4
login local
This configuration means three things as well. Each user attempting to telnet in will be prompted for both a username and password. Each individual user must enter the password that's been assigned to them. For example, the user "halas"would have to enter the password "bears" to successfully Telnet into this router. The command "login local" under the VTY lines means that this local database of usernames and passwords will be used for authentication.
Again, by default, users who are Telnetting in will be placed into user exec mode by default. Only users with "privilege 15" in the middle of their username / password definition will be placed into privileged exec immediately upon login.
Notice that zero in each of the username / password statements? I didn't enter that when I configured these statements. This number indicates the level of encryption the password is currently under; a zero is the lowest level of encryption, indicating that the passwords aren't encrypted at all. There's a single line near the top of a Cisco router configuration that tells you why.. which of these three is it?
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
Simple enough! The password encryption service is off by default. To turn it on. just run the command service password-encryption. Let's do so here and then take a look at the configuration.
R1(config)#service password-encryption
username halas password 7 1415170A1E17
username ewbank password 7 070524585D
username ed privilege 15 password 7 082C4F4A08170C121E
Now that's what I call encryption! Note that the zero has changed to a "7" - that's the highest level of encryption on a Cisco router, and as you can see, it's very effective.
Knowing how to read a Cisco router configuration is a valuable skill for both the CCNA certification exam and working with production networks. Keep practicing, keep studying, and you'll have the coveted letters "CCNA" behind your name soon!
Let's start with a telnet password. Telnet passwords are configured on the VTY lines, and no telnet access is enabled on a Cisco router by default. If you saw the following configuration, what would it mean?
line vty 0 4
privilege level 15
password baseball
login
That small Cisco router configuration means three things - first, Telnet access is enabled. Second, the password is baseball. Third, the "privilege level 15" command means that any user who attempts to Telnet to the router and knows the password will automatically be placed into privileged exec mode. (If that command were not present, the user would be placed into user exec and then prompted for the enable password before being allowed into privileged exec.)
You may not want to give that level of access to all incoming Telnet connections. If you walked into a client's router room and saw this configuration on a router, what would it mean to you?
username halas password 0 bears
username ewbank password 0 jets
username ed privilege 15 password 0 mcdaniel
line vty 0 4
login local
This configuration means three things as well. Each user attempting to telnet in will be prompted for both a username and password. Each individual user must enter the password that's been assigned to them. For example, the user "halas"would have to enter the password "bears" to successfully Telnet into this router. The command "login local" under the VTY lines means that this local database of usernames and passwords will be used for authentication.
Again, by default, users who are Telnetting in will be placed into user exec mode by default. Only users with "privilege 15" in the middle of their username / password definition will be placed into privileged exec immediately upon login.
Notice that zero in each of the username / password statements? I didn't enter that when I configured these statements. This number indicates the level of encryption the password is currently under; a zero is the lowest level of encryption, indicating that the passwords aren't encrypted at all. There's a single line near the top of a Cisco router configuration that tells you why.. which of these three is it?
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
Simple enough! The password encryption service is off by default. To turn it on. just run the command service password-encryption. Let's do so here and then take a look at the configuration.
R1(config)#service password-encryption
username halas password 7 1415170A1E17
username ewbank password 7 070524585D
username ed privilege 15 password 7 082C4F4A08170C121E
Now that's what I call encryption! Note that the zero has changed to a "7" - that's the highest level of encryption on a Cisco router, and as you can see, it's very effective.
Knowing how to read a Cisco router configuration is a valuable skill for both the CCNA certification exam and working with production networks. Keep practicing, keep studying, and you'll have the coveted letters "CCNA" behind your name soon!
Related Tags: certification, training, ccna, cisco, ccnp, access, router, telnet, vty, enable, passwords, username
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, "How To Pass The CCNA", is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage! Your Article Search Directory : Find in Articles
Recent articles in this category:
- What Is An Sd Card? What Are Main Types Of Sd Cards
Manufactured as a competition offering to Sony's Memory Stick, the SD Card was developed by the SD C - Industrial Computers
In this day and age you can't afford to run an industry efficiently without a computer as it plays a - Computer Fix Services - Tips To Choose Good Quality Personal Computer Maintenance Online
Online computer repair services have become a fast and reliable problem solution for day to day tech - Reverse Engineering Romer For Aerospace
One of the most amazing things about reverse engineering is its significant contribution in any fiel - How To Buy The Best Projector Bulb
It is very important for you to know the right time to change the projector bulb before it will burn - Laptops Vs Desktops- Their Significance
Computers obviously are commonly used for more or less everything from entertainment to office work. - Cooling Your Laptop
It is common knowledge that laptops are commonly used by everyone but one must also know how to take - Dymo Labelwriter Fast Performance & Reliability
I don't think I'm the only one who has gotten tired of trips to the post office, standing in endless - Buying Dell Laptops A Long Time Investment
Today if you go to an office or a school, Dell laptops can be seen very commonly. Though we do not b - Hard Drives - Digital Space
The first hard drives (Hard Disk Drives, HDD) were developed by IBM in 1956. Since then the need for
Most viewed articles in this category:
- Video Killed the Beautiful View
"The sound brought our group to a stop; we turned around to see the ice mass collapse with a roar. A - Crossfire: The Dual GPU System Gamers Want
CrossFire is the new dual graphics card system from ATI. It offers remarkable image quality improvem - Canon PIXMA IP1600 Photo Printer Review & Its True Cost of Ownership
With Canon PIXMA iP1600 Inkjet Printer you can make high quality photo printings at home. No need to - Basic Information about Nero Burn DVD
Nero is a popular burning ROM designed to burn DVD's. The way this product got its name is very inte - The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
The public history of the PC began in August 1981, when IBM first announced "The IBM Personal Comput - PC Repairs
PC Repairs are often needed when we need our computer the most. One way to take away many problems o - Affordable Computer Printer Ink
The computer - once considered a luxury item - has easily become a staple in today's modern homes; a - Build your Own PC
Build your own PC! Simple and Fun. Just follow these instructions and you're on your way to a rel - Extending the Life of an Inkjet Printer with Proper Cleaning and Maintenance
Inkjet printers are becoming another "throw away" electronic device due to reducing costs and high i - Check Printers
A check printer is a printer that hooks up to a computer that has the capability of printing checks.