Password Security

Setting up a password login for switches and routers is a critical security measure. By setting up in network devices can enhance the security and prevent from unauthorized access.

In a Cisco router or switch, there are 2 password should be set up (console and virtual terminal line). This can have an extra security for the devices. Moreover, cisco routers and switches also provide password encryption service, minimum password length and block login setting for extra security.

Password Security

The figure above shows the configuration of password security on a Cisco router. The first password is for the console line, and the second password is for the virtual terminal line when the user enters privileged EXEC mode.


Service Password Encryption

By default, all the passwords configured are store in clear-text. It means that user can view the passwords directly with the command show run.

Before Password Encryption

To overcome this, the clear-text can be encrypted with the command service password-encryption.

After Password Encryption

Configuration of Password Security on Cisco Router

  1. Enable Password Encryption
    2.

    (config)# service password encryption

  2. Set Password Minimum Length
    3.

    (config)# security password min-length [number]

  3. Block for Login Failed Attempt
    4.

    (config)# login block-for [seconds] attempts [number] within [seconds]

  4. Enter into Console/Virtual Line
    5.

    (config)# line console/vty [start number of line] [end number of line]

  5. Set Password for Line
    6.

    (config-line)# password [your password]

  6. Set Password for Login
    7.

    (config-line)# login

  7. Check Configuration
    8.

    # show run

References