R1(config)#
enable secret class
R1(config)#
R1(config)#
line console 0
R1(config-line)#
password cisco
R1(config-line)#
login
R1(config-line)#
exit
R1(config)#
R1(config)#
line vty 0 4
R1(config-line)#
password cisco
R1(config-line)#
login
R1(config-line)#
transport input ssh telnet
R1(config-line)#
exit
R1(config)#
R1(config)#
service password-encryption
R1(config)#
The legal notification warns users that the device should be accessed only by permitted users. Legal notification can be configured like shown in Example 19-5.
Example 19-5 Banner Configuration
R1(config)#
banner motd #
Enter TEXT message. End with a new line and the #
********************************
*************** WARNING: Unauthorized access is prohibited! *******************
****************************
#
R1(config)#
If the router were to be configured with the preceding commands and it accidently lost power, the router configuration would be lost. For this reason, it is important to save the configuration when changes are implemented. Example 19-6 shows how to save the configuration to NVRAM.
Example 19-6 Saving the Configuration
R1# copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
R1#
Syntax Checker—Configure Initial Router Settings (19.2.3)
Use this Syntax Checker to practice configuring the initial settings on a router.
- Configure the device name.
- Secure the privileged EXEC mode.
- Secure and enable remote SSH and Telnet access.
- Secure all plaintext passwords.
- Provide legal notification.
Refer to the online course to complete this activity.
Packet Tracer—Configure Initial Router Settings (19.2.4)
In this activity, you will perform basic router configurations. You will secure access to the CLI and console port using encrypted and plaintext passwords. You also will configure messages for users logging in to the router. These banners also warn unauthorized users that access is prohibited. Finally, you will verify and save your running configuration.
Secure the Devices (19.3)
A device should always be properly secured before it is put into a production network.
Password Recommendations (19.3.1)
To protect network devices, you need to use strong passwords. Here are standard guidelines to follow:
- Use a password length of at least 8 characters, preferably 10 or more characters. A longer password is a more secure password.
- Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed.
- Never use passwords based on repetition; common dictionary words; letter or number sequences; usernames; relative or pet names; or biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information.
- Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty.
- Change passwords often. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited.
- Do not write down passwords or leave them in obvious places such as on a desk or monitor.
Tables 19-1 and 19-2 show examples of weak and strong passwords.
Table 19-1 Weak Password Examples
Weak Password | Why It Is Weak |
secret | Simple dictionary password |
smith | Maiden name of mother |
toyota | Make of a car |
bob1967 | Name and birthday of the user |
Blueleaf23 | Simple words and numbers |
Table 19-2 Strong Password Examples
Strong Password | Why It Is Strong |
b67n42d39c | Combines alphanumeric characters |
12^h u4@1p7 | Combines alphanumeric characters, symbols, and a space |
On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not. Therefore, one method to create a strong password is to use the space bar and create a phrase made of many words. This is called a passphrase. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess.