Configure passwords in IOS
You can define four types of passwords in order to prevent unauthorized access to an IOS device:
1. console password – by default, the console access method doesn’t require a password. You can change that using the following commands:
- DEVICE(config) line console 0 – enters the console port configuration mode.
- DEVICE(config-line) password PASSWORD – specifies the password.
- DEVICE(config-line) login – allows a remote access to a device.
Note that the user is now forced to enter the password to access the device through the console port:
2. telnet password – the telnet access is disabled by default on IOS devices. To enable it, enter the following commands:
- DEVICE(config) line vty FIRST_VTY LAST_VTY – IOS devices typically have 16 VTY lines. This means that 16 concurrent Telnet or SSH sessions can be established. The nubmering starts from 0, so this line usually looks like this: line vty 0 15
- DEVICE(config-line) password PASSWORD
- DEVICE(config-line) login
3. enable password – you can configure an IOS device to require a password before entering the privileged exec mode. This can prevent an unauthorized user from entering the global configuration mode and changing the configuration of the device. Note that the configured password is stored in the device configuration in clear-text. The enable password is set using the following command:
- DEVICE (config) enable password PASSWORD
The user will be prompted to provide the password when trying to access the privileged exec mode:
4. enable secret password – this command serves the same purpose as the enable password command, but with one major difference – the configured password is stored in encrypted form. The following command is used to configure the enable secret password:
- DEVICE(config) enable secret PASSWORD
