Routing & SwitchingSecurity

Configure Enable Secret / Console Password and Timeout

In this lab we will configure the enable secret and console passwords to help secure your routers and switches from unauthorized access.  We will also configure the console timeout to 10 minutes.

console password
console password

Configuration
Enable Secret Password

SW1(config)#
enable                      Modify enable password parameters
!
SW1(config)#enable ?
  algorithm-type  Algorithm to use for hashing the plaintext 'enable' secret
  last-resort     Define enable action if no TACACS servers respond
  password        Assign the privileged level password (MAX of 25 characters)
  secret          Assign the privileged level secret (MAX of 25 characters)
  use-tacacs      Use TACACS to check enable passwords
!
SW1(config)#enable secret ?
  0      Specifies an UNENCRYPTED password will follow
  5      Specifies a MD5 HASHED secret will follow
  8      Specifies a PBKDF2 HASHED secret will follow
  9      Specifies a SCRYPT HASHED secret will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' secret
  level  Set exec level password
!
SW1(config)#enable secret CISCO

Console password & Timeout

SW1(config)#line console 0
SW1(config-line)#password CISCO
!
SW1(config-line)#login 
  login                       Enable password checking
!
SW1(config-line)#exec-timeout ?
  <0-35791>  Timeout in minutes
exec-timeout                Set the EXEC timeout
SW1(config-line)#exec-timeout 10

Verification

SW1 con0 is now available

Press RETURN to get started.

*Oct 19 23:09:46.185: %SYS-5-CONFIG_I: Configured from console by console

User Access Verification

Password: CISCO
SW1>
SW1>enable 
Password: CISCO
SW1#