Logging Onto Your Router You have now gotten your Router turned on.
And you should have a good connection to your Terminal Program
The very next step should be to Log On. But since we have a brandnew Router and you've turned down the Setup Dialog
there is no Password yet, By Default, as it comes from the factory,
a Router does not require a password on the Console Port.
If you think this would be a terrible security flaw, you are correct!
You should definitely set up Passwords for your Router as your first step!
This initial "setting of password" can only be done from the Console Port.
Anyway, you should see a Prompt that says: Router> This is called User Exec Mode.
As a User you are allowed to log on, look at things, and do very little else.
You can not set up Passwords as a humble "User".
To set up Passwords for your Router you need to first enter what is called: Privileged Exec Mode
(think of this as Master Magician Mode) To enter Privileged Exec Mode type in the word enable at the prompt. Router> enable
Router# . . . . . . . This changes the prompt from Router> (with an arrow)
To Router# (with a # or pound sign.)
The # means that you have entered Privileged Exec Mode
Needless to say, nearly everyone just calls it "Enable Mode" for short.
You will very seldom hear anyone call it Privileged Exec Mode. If you want to go back to being a plain User, just type disable Now you are Enabled, a super-user with awesome mystical powers!
Please note that you did not need to enter a password
when logging in from the Console -
Nor did you need one when changing to Privileged Exec (Enable) Mode.
So you should Immediately set Passwords so that everyone else can not
just as easily become All-Powerful Deity. This would be Bad! Just to keep this Tutorial simple, let's use "CISCO" for all the passwords. But wait, in order to set passwords you must be in the right Mode!
In order to configure nearly anything on a Cisco Router
you must be in Configuration Mode. To get from Enable Mode to Configuration Mode
try typing the word configure Router# configure You will then see on your terminal screen the question: "Configuring from terminal, memory, or network [terminal]?" If you press Return (or write in the magic word "terminal")
you will be able to configure from your terminal (aka computer).
(the other two choices are fun, but for now we'll use the terminal, ok?) This will leave you at the unusual prompt: Router(config)# Which means that you are in the Router (Configure) mode.
Now and only now can you start the process of configuring Passwords. Configure is a Global Command. To go back to our car analogy, if Cisco passwords were Keys
you'd have to be in Car(config)# mode in order to use them. Your very next step should be to set the Password for the Console Port. Starting from within the Router(config) mode.
You need to put in the following series of commands to create one. Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password CISCO
Router(config-line#Ctrl-Z Please do not use CISCO as a password in real life. This is just a Demo! Note that the Router prompt changes to Router(config-line)
when you put in the line console 0 command.
line is a major command that puts you into "sub-command" mode.
(this is where you yell "Down Periscope - Dive! Dive! Dive!)
Only in the Router(config-line)# mode can you configure individual "lines". Also note that the Ctrl-Z (Control-Z, also written ^Z) ends your session,
and brings you back up to the Router# prompt. Remember that the 3 Types of Commands are
Global, Major, and Sub-command! The Global Command "Configure" takes you down to Router(config) Mode.
The Major Command "Line select-interface takes you to Router(Config-line)
The Subcommands "login" and "password" let you configure your password. But we are certainly not finished setting Passwords yet!
If Cisco Routers were simple easy-to-use devices,
everyone and his grandmother would be Cisco Certified, right? There are 5 separate Passwords you need to protect your Router. - Console - protects the Console Port
- Auxilary - protects the AUX Port (for your modem)
- TTY - Protects against un-authorized Telenet Port logons
- Enable - Guards the use of the Enable Mode Super-user status.
- Enable Secret - an Encrypted Secret form of the Above (better!)
We've done the Console already, so let's run through the rest briefly.
Just for fun, I am including text-boxes for you to write the Commands in. Set the Auxiliary Password Password for external modem connections Router# (Type in the command config t )
Note that "config t" is interpreted by the Cisco IOS same as "Configure Terminal"
Most commands can be entered in abbreviated form,
and even better you can press the "Tab" key to complete commands! This gives you the following Prompt:
Router(config)# (Type in line aux 0
which takes you down to the mode to configure "line auxiliary 0" (zero). Now you can start using the sub-commands to configure the Aux port. Router(config-line)# (Type in login) Router(config-line)# ( password your-aux-password-here) Router(config-line)# Ctrl-Z Router# And now your Router has a password protecting the AUX port. Setting Passwords on the Virtual (VTY) Ports VTY Ports are rather a special case, since they are not real ports.
In other words, you won't find a Port on the back of your Router labelled VTY. They are what could be called "Virtual Ports" that wait patiently
for a Remote Connection, usually using Telnet, to log in. If you don't set these, you won't be able to Telnet in to your Router.
This means every time your routers have a problem, you have to drive in to work.
Or to where-ever the routers may be hidden (like Timbuktu?). Configuring the VTY password is very similar to doing the Console and Aux ones. The only difference is that there are 5 VTY virtual ports,
which are named 0, 1, 2, 3, and 4 .
You can use the shortcut 0 4 (a zero, a space, and 4) to set all 5 passwords at the same time. Router# (type in config t) Router(config)# (type in line vty 0 4) Router(config-line)# (type in login) Router(config-line)# (type in password VTY-Password-here) This concludes setting your VTY Passwords!
(you can type in Ctrl-Z to go back to plain Enable Mode)
Router(config-line)# Ctrl-Z
Router# Setting Your "Enable" Password The Enable is the old form of the password that guards
the Exec Command Interpreter's "Privileged Mode".
Which as we mentioned earlier is usually called "Enable Mode"
since that is the word you type in to get to it. Usually with newer equipment you'll be using the "Enable Secret",
which is a better password because it is stored in an encrypted form. However, it is best to also set an Enable Password
because if for some reason your computer has to boot up into an old version
of the Cisco IOS (say for problems that make it go into ROM mode, eh?)
then the "Enable Secret" won't work. But the old-fashioned "Enable" will! By now this should be getting familiar to you,
but remember that "Repetition helps you Memorize!" Once again start out with the Router in "Enable" (or "Prilileged") mode. From the Command Prompt issue the Global Command configure terminal Router# (type in config t) Router(config)# (type in enable password your-enable-password That's all, it's done, even easier than before!
Notice that you are Not configuring a Line here, but the whole Router!
(that's why you didn't need to type in a "line..." command) Again you can now do a Ctrl-Z to get back to your "Router#" prompt. Setting Your "Enable Secret" Password The "Enable Secret" password, as mentioned above, is an advanced form
of a "one-way cryptographic secret password". In other words, once you put in the plain text password,
the Cisco IOS takes the text and encrypts it so that no one,
not even you, can ever read it again. This is why it is good advice Not to forget your Enable Secret Password! The Router doesn't like the Enable Secret to be the same as the Enable. Router(config)#enable secret CISCO
The enable secret you have chosen is the same as your enable password.
This is not recommended. Re-enter the enable secret. So let us make the Enable Secret password CISCO2 instead. The Enable Secret takes over from the regular Enable password.
This means if you set an Enable Secret Password, your Enable one will NOT work. So Don't Forget Your Password!
(Reminder, your Password for everything in this tutorial is CISCO) Again, this is a simple set of commands: Router# (type in config t) Router(config)#
(type in enable secret your-enable-secret-password That's really all it takes. Don't forget it!
Again do a Ctrl-Z to exit.
This will put you back at the Global Enable Mode Prompt: Router# Practise Logging On and Off Now that you have successfully entered all the Passwords your Router needs,
this is a good time to do a quick practise session. To leave the Enable Mode you need to type in the word disable
Remember again that Enable Mode is formally called "Privileged Exec Mode". Router# (type in disable) This will leave you at the User Exec Mode prompt: Router > Now we are going to leave and say "Quit" or "Exit" to our Router: Router > (type in exit or quit) You will now see the friendly message: "Press ENTER to get started." Okay, at this point you would go ahead and press the ENTER key. The next thing you will see on the screen will be: User Access Verification
Password (please type in your User Password here)
Router > You quickly recognise the "Router >" at the User Exec Level Prompt. Router > (now type in your Enable Secret Password) If you typed in your enable Secret Password correctly
you should now be in the all-powerful Privileged Exec Mode!
(better known as Enable Mode to us common folk) Router# Congratulations! You have now set up your Router, created Passwords,
and successfully logged back into it. Please note: Do Not Forget Your Passwords!
|
