Home > Configure Cisco Router Passwords – GNS3 Lab

Configure Cisco Router Passwords – GNS3 Lab

December 3rd, 2010 Go to comments

In this tutorial we will use GNS3 to do a very basic task to secure your routers – apply a password so that users will be asked for this password when try to enter the privileged mode. For example:


Router>enable
Password: ******* (enter that password here)
Router# (this is the privileged mode)

Now let’s start!

First launch the GNS3, for this tutorial I use the IOS c2600-bin-mz.123-6f.bin but this is a very fundamental lab so you can use any IOS you have.

1. Drag the Router c2600 the place it onto the right-side box,
2. Click the Start button (the green triangle button)
3. Click the Telnet to all IOS button (the black button) to open the Telnet command line interface (CLI).

Configure_Password1.jpg

The CLI window will appear, asking “Would you like to enter the initial configuration dialog? [yes/no]:”. Type n here as we want to configure this router manually.

Configure_Password2.jpg

Wait for a few seconds and now the router will be ready for the configuration.

Router>enable
Router#configure terminal (or type conf t as a shortcut)
Router(config)#enable password digitaltut
Router(config)#exit (or press Ctrl-Z)
Router#exit (to exit privileged mode)


We logged out the router, notice that you will see two lines “Router con0 is now available” and “Press RETURN to get started.” Press Enter to enter the user mode (a line Router> will appear)

Configure_Password3.jpg

Now we can test if the password is working. Log in the privileged mode with the enable command

Router>enable

Now we can see the router is asking for a password. Type “digitaltut” as its password here and we can log in to the privileged mode

Configure_Password4.jpg

Notice that we with the “enable password” command, the router will save our password in plain text. It means if someone types show running-config on our router, they can see our password.

Router#show running-config (or show run)

Configure_Password5.jpg

This is a thing we don’t want as our router is not secured completely. In fact, most of the administrators use the “enable secret” command nowadays. To do it, in the privileged mode type the following commands:

Router#config terminal
Router(config)#enable secret digitaltutSecret (notice the letter “S” is capital)
Router(config)#exit
Router#exit

Now try to log in the privileged mode again (type enable in the user mode). First, try the password digitaltut again; the router will not accept this password anymore. Now type digitaltutSecret and we can login! (make sure you capitalize the letter S).

Configure_Password6.jpg

So notice that if you configure the enable secret command, it takes precedence over the enable password command. The two commands cannot be in effect simultaneously.

The enable secret command will encrypt the password so no one can see the password with the show running-config command. We can check it.

Router#show running-config

Configure_Password7.jpg

We can also set the password for console and vty (telnet) login with these commands:

Set console password:
Router#config terminal
Router(config)#line console 0
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#exit

Set vty (virtual terminal lines) password:
Router#config terminal
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#exit

By default, a Cisco router supports 5 simultaneous telnet sessions. By using the command line vty 0 4, the configuration below will be applied to all 5 sessions (line 0 to line 4).

Notice these passwords are not encrypted and we can see them with the “show running-config” command. We can encrypt all the passwords with the service password-encryption command in global configuration mode

Router(config)# service password-encryption

Another notice is that we can’t login to a Cisco router via telnet if we don’t set a vty line password for it.

Comments (34) Comments
  1. Buaya
    December 12th, 2010

    Hi there, thanks for all the efforts. 9tut rocks. May god bless you for helping others.

  2. Pradip
    December 19th, 2010

    Hi, Everything is available on internet but not solved Lab. Thanks for the same.

  3. felo
    January 10th, 2011

    Very rich tutorial, keep it up. Thanks

  4. Mike71
    January 26th, 2011

    to all,
    where can i get IOS for GNS3 Lab. thanks in advance and my email: mhikee@hotmail.it

  5. Ali
    February 4th, 2011

    please i install GNS3 i am allways getting 209 error masseges for ios. is there any where to download from this file or solution

    many thanks

  6. ken zuobai may10th,2011
    May 10th, 2011

    kindly send me ccna dumbs latest and gns3 software my id is kenbraebi@yahoo.com

  7. shirish patel
    May 21st, 2011

    great work. very appreciable!!!!!!!!!!!!!

  8. Nabz
    June 2nd, 2011

    i m experience a 203 error on gns …while loading a gns3 downloaded lab from 9tut ..is anyone knows about this 203 ?

  9. pinak
    June 8th, 2011

    Plz send me the latest dumbs for ccna 640-802

  10. srini
    October 5th, 2011

    really helpfull for me.i am a new to network side

  11. alain musubao
    October 31st, 2011

    i have a problem with my telnet local host in GNS3. when i am trying to configure my router using the telnet locahost, it doesn’t work.
    can some one have an idea about that?

  12. nikka
    December 10th, 2011

    thanks guys..big help

  13. Silas
    February 15th, 2012

    Hi there, plz help i need ios for gns3 use. Plz help , my email:nissy357@yahoo.com

  14. about cisco ios by brijesh
    March 10th, 2012

    guys’ go to (Networkguides.net/ios

  15. bishop
    April 20th, 2012

    i love this. thanks a lot guys.

  16. Anis
    July 19th, 2012

    please can i have latest CCNA DUMP?
    mail to : aniszafree@gmail.com

  17. JW
    August 14th, 2012

    Can I have the latest dumps?
    Thanks

    mail to: jo123@live.ca

  18. sadia
    September 9th, 2012

    please send me latest dumps sadiahassan60@yahoo.com

  19. IJ
    September 12th, 2012

    Can I have the latest dumps?
    Thanks
    mail to: ijecov@gmail.com

  20. willkoolz
    October 30th, 2012

    For anyone who needs help with cisco images.

    http://www.careercert.info/2009/05/new-cisco-ios-version-124-collection.html

    plus if you need other things like Junos olive images check out frostwire or similar torrents. Peace 9tut!

    WillKoolz

  21. willkoolz
    October 30th, 2012

    Forgot to help people with VMware labs…use this

    http://rednectar.net/gns3-workbench/

    Much better for GNS3.

    Willkoolz

  22. amavi
    November 16th, 2012

    verry good

  23. Anonymous
    January 26th, 2013

    i have experiencing trouble to enter in config terminal even after typing right password in GNS 3 software i have already ready file with 3 router with setting up the password & save the running file into startup-config,But when i close the file which i configure router with ip address n password sat.when again open the same file the router does not take my setting password even after typing correctly dont understand why it happens can anyone help me out in this ?

  24. khan
    January 26th, 2013

    Hello plz i need help!!!!

    I m working on SDM in gn3 and i set loopback adapter fine, now my router can communicate with the loopback adapter 192.168.137.1 and from both sides the ping reply is successful. now when i lauched sdm from my laptop to connect to gns router then it launches in firefox and asking for user name and password, when i enter user name and password then its not accepting.
    i created the user in router with the following command
    username ali privilege 15 password 0 cisco

    also i configured the router with the following commands

    ip http server
    ip http authentication local
    ip http secure-server

    everything is fine as the book says but i do not know why the user can not be verfied from the local database . plz helpppp

  25. venus
    March 9th, 2013

    thanks a lot, kiss

  26. thekumachan.com
    June 13th, 2013

    9Tut is great! Thanks for sharing. Another great site is routergod.com He’s got some funny stuff on there.

  27. countryma
    August 4th, 2013

    die Auswahl bei Ihnen kompliziert
    countryma bb4arg48

  28. Les bijoux Pandora Vente
    August 12th, 2013

    Sarsparilla snack foods impotency not to mention works as a maintain detoxifier. Les bijoux Pandora Vente http://www.lamariposapolo.com.ar/england/pandorabead.php

  29. smokeyma
    August 14th, 2013

    In modo efficace?
    smokeyma bb4arg48

  30. cleanerma
    August 18th, 2013

    Bravo, what words…, a brilliant idea
    cleanerma bb4arg48

  31. Siddivinayak
    October 27th, 2013

    Its very very useful information for beginners, thank u so much

  32. Selim Mohammad
    April 15th, 2014

    Hi,

    Can anyone tell me, how can i configure my cisco router, so that when trying to give show running config, it will ask for password…

    is there any way to do this??

    I badly need this

  33. its really nice
    June 26th, 2014

    Arvind Tiwary

  34. hashik
    January 9th, 2015

    I would like to get a latest dumps
    Pls mail it :mohamedhashik.kp@gmail.com

Add a Comment