The first time you attempt to Telnet, you will be denied because no passwords have been set. Passwords must be set via the terminal:<\/p>\n
Sw1>enable<\/span>\r\nSw1#conf t<\/span>\r\nSw1(config)#enable password PassWord\r\n<\/span><\/pre>\nTest the new password by exiting back to User Mode, then attempt to enter Privilege mode.<\/p>\n
Sw1(config)#exit<\/span>\r\nSw1#disable<\/span>\r\nSw1>enable<\/span>\r\nPassword:_<\/pre>\nSpaces are allowed in passwords Example: “Hello World”<\/div>\n <\/p>\n
Warning!!
\nThis method of setting the password is Legacy. While still supported, it is not recommended.
\nThe problem with the enable password is that it can be viewed with the show command:<\/p>\nSw1#show running-config<\/span>\r\nCurrent configuration : 1047 bytes\r\n!\r\nversion 12.1\r\nno service timestamps log datetime msec\r\nno service timestamps debug datetime msec\r\nno service password-encryption\r\n!\r\nhostname Sw1\r\n!\r\nenable password PassWord<\/strong>\r\n...<\/i><\/i><\/pre>\n<\/div>\nThe correct way to set the password with “enable secret”<\/p>\n
Sw1#conf t<\/span>\r\nSw1(config)#enable secret PassWord1<\/span>\r\nSw1(config)#exit<\/span>\r\nSw1#show running-config<\/span>\r\nBuilding configuration...\r\n\r\nCurrent configuration : 1094 bytes\r\n!\r\nversion 12.1\r\nno service timestamps log datetime msec\r\nno service timestamps debug datetime msec\r\nno service password-encryption\r\n!\r\nhostname Sw1\r\n!\r\nenable secret 5 $1$mERr$6vfnIkQf0hZSmJZv6YXRj0<\/i><\/b>\r\nenable password PassWord ...\r\n<\/pre>\n1. The password and the secret cannot be the same.
\n2. The secret supersedes the password, meaning the password will no longer function.<\/div>\n3. Finally, to remove the password:<\/p>\n
Sw1(config)#no enable password<\/span><\/pre>\nSet a password for the Console Port<\/h4>\nSw1(config)#line console 0<\/span>\r\nSw1(config-line)#password PASSWORD<\/span>\r\nSw1(config-line)#login\r\n<\/span><\/pre>\nSet a password for Telnet<\/h4>\n\n- vty = Virtual Terminal<\/li>\n
- 0 = 1st telnet port (Session?)<\/li>\n
- 4 = 5th telnet port<\/li>\n
- All changes will affect ports 0 – 4<\/li>\n<\/ul>\n
Sw1(config)#line vty 0 4<\/span>\r\nSw1(config-line)#password PASSWORD<\/span>\r\nSw1(config-line)#login\r\n<\/span><\/pre>\nDisable the Telnet Password<\/h4>\nSw1(config)#line vty 0<\/span>\r\nSw1(config-line)#no login<\/span><\/pre>\nHide all Passwords<\/h4>\nSw1(config)#service password-encryption<\/span><\/pre>\nThis is Level 7 encryption and is easily cracked! (Check “cisco password crack”). Do not use it in place of the enable secret, but it is required for the Console and vty ports.<\/div>\nSet a Warning Banner<\/h4>\nSome type of legal message warning hackers to stay out is important. “Welcome” legally says, “You are welcome to do what you want here.”
\nOnly a basic message saying unauthorized access is prohibited is required for legal purposes.<\/div>\nLogin Banner
\nThis only displays with the console session.<\/p>\n
Message of the Day<\/p>\n
Sw1(config)#banner motd ?<\/span>\r\nLINE c banner-text c. where 'c' is a delimiting character\r\nSw1(config)#banner motd [\r\nEnter TEXT message. End with the character '['.\r\n\r\n********\r\nDo Not Log On!!\r\n******** \r\n\r\n[\r\n<\/span><\/pre>\n\nThe problem with Telent<\/p>\n
The primary issue with Telent is that all data transmitted and received is sent unencrypted. Anyone with a packet sniffer will be able to clearly see everything you type!<\/p>\n<\/div>\n
Understanding SSH<\/h3>\n
Telnet with Encryption<\/p>\n
\n- Requires a username AND password, where telnet only requires a password<\/li>\n
- Also requires a domain name to create an encryption certificate<\/li>\n<\/ul>\n
Sw1(config)#username USERNAME password PASSWORD<\/span>\r\nSw1(config)#ip domain-name DOMAIN.COM<\/span>\r\nSw1(config)#crypto key generate rsa<\/span>\r\nThe name for the keys will be: HOSTNAME.DOMAIN.COM\r\nChoose the size of the key modulus in the range of 360 to 2048 for your\r\n General Purpose Keys. Choosing a key modulus greater than 512 may take\r\n a few minutes.\r\n\r\nHow many bits in the modulus [512]: 1024<\/span>\r\n% Generating 1024 bit RSA keys. keys will be non-exportable...[OK]\r\n\r\nSw1(config)#ip ssh version 2<\/span>\r\nSw1(config)#line vty 0 4<\/span>\r\nSw1(config-line)#transport input ssh<\/span>\r\n<\/pre>\n\nTo use ssh with the Cisco Packet Tracer, use the following command:<\/p>\n
Pc0>ssh -l USERNAME IP.ADD.RE.SS<\/span>\r\nOpen\r\nPassword:PASSWORD<\/em><\/span><\/pre>\n<\/div>\n <\/p>\n
Setting Up Port Security<\/h3>\n","protected":false},"excerpt":{"rendered":"
Configuring Passwords on a Cisco Switch The first time you attempt to Telnet, you will be denied because no passwords have been set. Passwords must be set via the terminal: Sw1>enable Sw1#conf t Sw1(config)#enable password PassWord Test the new password by exiting back to User Mode, then attempt to enter Privilege mode. Sw1(config)#exit Sw1#disable Sw1>enable ..<\/p>\n