Routing & SwitchingSecurity

Configure Enable Secret / Console Password and Timeout

In this lab we will configure the enable secret and console passwords to help secure your routers and switches from unauthorized access.  We will also configure the console timeout to 10 minutes.

console password
console password

Enable Secret Password

enable                      Modify enable password parameters
SW1(config)#enable ?
  algorithm-type  Algorithm to use for hashing the plaintext 'enable' secret
  last-resort     Define enable action if no TACACS servers respond
  password        Assign the privileged level password (MAX of 25 characters)
  secret          Assign the privileged level secret (MAX of 25 characters)
  use-tacacs      Use TACACS to check enable passwords
SW1(config)#enable secret ?
  0      Specifies an UNENCRYPTED password will follow
  5      Specifies a MD5 HASHED secret will follow
  8      Specifies a PBKDF2 HASHED secret will follow
  9      Specifies a SCRYPT HASHED secret will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' secret
  level  Set exec level password
SW1(config)#enable secret CISCO

Console password & Timeout

SW1(config)#line console 0
SW1(config-line)#password CISCO
  login                       Enable password checking
SW1(config-line)#exec-timeout ?
  <0-35791>  Timeout in minutes
exec-timeout                Set the EXEC timeout
SW1(config-line)#exec-timeout 10


SW1 con0 is now available

Press RETURN to get started.

*Oct 19 23:09:46.185: %SYS-5-CONFIG_I: Configured from console by console

User Access Verification

Password: CISCO
Password: CISCO