Setting Passwords on Cisco Devices

There are (5) passwords used to secure a Cisco device. The console, auxiliary, telnet, password, secret password.

The Console, Auxiliary and Telnet passwords are communications level passwords. They are used to authenticate into the device itself

The secret and password keys are used for securing privileged mode inside IOS.

Communication Level Passwords

Console: This password is for accessing a Cisco device via the console port.

Router(config)#line console ?
<0-0> First Line number
Router(config-line)#password console
Router(config-line)#login


Auxiliary: This password is for accessing a Cisco device via the Auxiliary port.

Router#config t
Router(config)#line aux ?
<0-0> First Line number
Router(config)#line aux 0
Router(config-line)#login
% Login disabled on line 1, until ‘password’ is set
Router(config-line)#password aux
Router(config-line)#login


Telnet: A network level protocol that allows you to remotely control Cisco devices over the network.

To set the user-mode password for Telnet, access the device and use the line vty command. IOS switches usually have 16 lines but routers that run the Enterprise edition have a lot more. Use the ‘line vty 0 ?‘ command to see the number of lines

Router(config)#line vty 0 ?
<1-15> Last Line number
<cr>
Router(config)#line vty 0 15
Router(config-line)#password telnet
Router(config-line)#login

Privileged Mode Passwords

So once you access Cisco IOS via any of the communication methods available (auxiliary, console, telnet, HTTP/s, and SSH), you need to enter a password to enter privileged mode. This enable password and enable secret commands do just that.

Password: This password is for privileged level access. This is an unencrypted password that is stored in plain-text in the running config file. Do not use this if possible: use the secret password and run the password-encryption service discussed below. You only need to use this for legacy equipment that doesn’t support the enable secret command. If both password and secret are used, always use separate passwords for each.

Router(config)#line console 0
Router(config-line)#password consoleP@SS!!
Router(config-line)#login


Secret Password: This password is for privileged level access. This is the password used to gain administrative access to the Cisco operating system. This is encrypted by default but this encryption can be hacked easily. See the sequence below:

Router#config t
Router(config)#enable secret kdso@od2@_#04Dcl
Router(config)#service password-encryption
Router(config)#exit
Router#show run

Leave a Reply

Your email address will not be published. Required fields are marked *