Good evening friends, Today we will see how to configure passwords on Cisco routers and switches. Cisco devices have four types of passwords.
Console password : Used to set password for the console access.
Auxiliary password : It is used to set password to auxiliary port ( if the switch has one.)
VTY lines password : Used to set password for for telnet and ssh access.
Privileged password : Used to set password for privileged access to the switch.
I am not going to show you how to set up auxiliary password here. To see how to set up console password and VTY lines password, go here.
Privileged mode of a Cisco device has some advanced IOS commands that can have disastrous consequences if used by wrong hands. So it is very important to set up a password to access privileged commands. Use the following commands
The “enable” command takes us into privileged mode. The “conf t” mode takes us into global configuration mode which pertains to the configuration settings of the whole switch. The “enable password” sets a password for the privileged mode. ‘123456’ is the password. The “exit” command takes us out of the privileged mode. To see if a password has been set for the privileged mode, try entering into privileged mode by typing “en” command. We can see that it prompts us for the password.
Basic configuration of a Cisco switch can be done in three ways, using Cisco Device manager web tool, using Cisco Networking Assistant(CNA) and Cisco IOS setup mode. The first two are GUI tools and the latter is a CLI option. Since Cisco IOS plays a very important part in CCNA exam, we are going to see how to configure a switch using Cisco IOS setup mode commands.
In this tut, we are going to configure the name of the switch, set management ip address to the switch, configure console and telnet passwords and lastly configure message of the day banner for the switch. To configure a Cisco switch using Cisco IOS, we must connect a computer to the console part of the switch using a rollover cable. For this article however, I am going to use Cisco Packet Tracer software.
Naming the switch:
Naming the switch can ease management and identification of the switch. Run the following commands for naming the switch. A switch can be named using “hostname” command.
The first two commands allow us to access the global configuration of the switch. If you are not aware of different modes of a Cisco switch, see here. The “hostname” command renames the switch. The rest of the commands are used to exit from global configuration mode.
Configure management IP address:
Configuring management IP address to the switch allows us to connect to the switch from remote locations using either Telnet or HTTP. To configure management IP address on the switch, run the folllowing commands.
The first two commands (“en” and “conf t”) set the IOS in privileged global configuration mode. This mode enables us to run commands that configure switch settings that apply to the whole switch.
The “interface vlan1″ command selects an interface to work with. VLAN 1, is called the management VLAN and is reserved for management of the switch. We set IP address and the management default IP gateway on this Vlan.
“ip address 10.10.10.3 255.0.0.0” command sets the ip address and the subnet mask of the switch on interface vlan1. The no shutdown command turns on the interface vlan1. The exit command brings us back into global configuration mode from specific configuration mode.
The “ip default-gateway 10.10.10.1″ command sets the default gateway of the switch to 10.10.10.1 . We can see that we first exit from the interface configuration mode ((config-if)# exit) because the default gateway applies to the whole switch, not just to an interface.
Configuring Console password:
To set up a console password on the switch, run the following commands.
The “line console 0″ command selects the console line. There is only one console line on a cisco switch. The “password 123456″ command sets the password of the console line to 123456. The “login” command instructs the IOS to prompt for authentication when somebody logs into console line.
Configuring telnet password:
To configure telnet password on the switch, run the following commands.
The “line vty 0 ?” command shows the number of vty lines available on the switch. The response <1-15> shows that 15 VTY lines are available, which means we can have 15 simultaneous sessions on this switch. We will configure telnet password on line 1. The “line vty 1″ command selects the line 1. The “password telnet” command sets the telnet password of the line to telnet. The “login” command instructs the IOS to prompt for authentication.
Banners can be used to display a brief message about the switch when someone logs in. It helps identifying the switch we log into and its configuration and usage guidelines. We can also add a security warning in the banner message to warn users against unauthorized access to the switch. We should run the following commands to configure banners on the switch.
We will configure message of the day on the switch. The “banner motd -“ command ( note that there is a space between motd and – ) is used to configure the message of the day banner on the switch. When we run this command, it prompts us to enter the message whcich should be ended by –.
This is the basic configuration of he switch. Hope this was hepful.
Cisco IOS is the internetwork operating system of both the Cisco switches and routers. It has two interfaces command line interface(CLI) and Graphical User Interface(GUI). Since CCNA exam will surely test your knowledge on these interfaces, it is important to get familiar with them.
Cisco’s IOS command-line interface (CLI) is a text-based interface integrated with the IOS. When a switch or router boots up, the IOS loads the startup configuration from NVRAM and displays the IOS prompt, waiting for commands. We can enter the IOS commands at the IOS prompt.
In this article, we will see various command line modes on Cisco routers and switches. For this, we are going to use Packet Tracer. To see what is Packet Tracer and how to install it in both Linux and Windows, go here. For a startup guide on Packet Tracer, see here. Open Packet Tracer and select a Cisco 2960 switch.
Hover on the switch to see its ports.
Select a Computer from the End Devices and connect them with a Console wire. What we are simulating here is connecting to the switch from a PC through console.
Click on the Host device( Computer ). On the window that opens, click on Desktop tab and Click on Terminal.
The console opens with the switch booting. Switch finishes its booting operation and loads into user EXEC mode.
Coming to the modes of Cisco IOS, the Cisco IOS has five command line modes.
User EXEC mode
Privileged EXEC mode
Global configuration mode
Specific Configuraton mode
Setup mode is the initial configuration mode of Cisco switches and routers. They start in setup mode when no startup configuration exists in NVRAM. After completion of the setup mode, the Cisco IOS transitions to user EXEC mode.
User EXEC mode
The user EXEC mode is the normal operation mode on Cisco switches and routers. The Cisco IOS user EXEC prompt is the switch or router name followed by the ‘greater than’ character >. See all the commands available in user EXEC prompt by typing ‘?’
Privileged EXEC mode
Privileged EXEC mode is the advanced operation mode of Cisco IOS. It has been designed to restrict access to IOS commands that can have adverse effects on the Cisco device and its configuration. To enter privileged EXEC mode type “enable” or “en” .Privileged EXEC prompt is comprised of the switch or router name followed by the # character. To exit the privileged EXEC prompt type “disable”.
To see the commands available in privileged EXEC prompt, type ?.
Global Configuration mode
The global configuration mode is comprised of commands pertaining to the entire Cisco device. In other words, if we need to execute commands to modify the behavior of either the whole switch or the whole router we need to set the IOS in global configuration
mode. Global configuration mode can only be enabled from privileged
EXEC mode by typing “config t” or “conf t”. The prompt in this mode is comprised of the device name followed by “(config)#”.
See the commands available in this mode by typing ‘?’. If we need to execute a command not available in the global configuration mode we should prefix the command by “do”.
Specific configuration mode
The specific configuration mode is used for commands that affect the configuration of either just one part or range of components of the Cisco device. Suppose we want to work on a few interfaces (or ports) on our switch or router we need to enable specific configuration mode. We can enable specific configuration mode only from the global configuration mode by selecting the components we want to work with. The prompt in this mode is comprised of the router or switch host name followed by “(config-<component>)#”.
Let’s select interface fastethernet 0/1 by typing “interface fastethernet 0/1″.
If we want to run a command not available in specific configuration mode prefix the command by “do”. For example, run the command “do show running-config” in specific configuration mode.
We can exit from global configuration mode and specific configuration mode by typing “exit”.