Basic Switch and End Device

Configuration
Encrypting Privilege Mode Password During Creation
 To encrypt password, be in the global config mode.

 Type, ‘enable secret cisco’ and press enter. (where cisco is password)

 Your password will be immediately encrypted.

 To check the password, go to # mode and type ‘show running-config’ and enter.

 You will see that your password is encrypted. You find an MD5 hash in the
configuration. The “5” that you see behind “enable secret” is the algorithm that we
use, 5 means MD5.
Note: This type of password provides very high level of security. This is known as md5 (Message-Digest algorithm 5)
security.
 CISCO Device : Removing Password
 To remove password, be in the global config mode.

 Follow all the procedure as we do to setup user level password.

 When you are opted for PW, type “No Password” and enter.

 To check, go to config mode and type ‘show running-config’ and enter.

 You will see that your password is removed.

CISCO Device : Removing Line Console Password
Example:
How to remove password from the user login.

Router(config)#line console 0
Router(config-line)#login
Router(config-line)#no password
CISCO Device : Removing Privilege Mode Password
Example:
How to remove password from the Privilege Mode

Use the command in global conf mode:

Router(config)#no enable password

 CISCO Device : Password for Specific User
 Instead of a single password, it is also possible to use usernames and passwords.

 This is a better option if you have multiple people that need to access your router
or switch.

 Command for User Name & Password:

Router(Config)#line console 0
Router(config-line)#login local
Router(config-line)#exit
Router(config)#username user1 password 1234 (we can create
multiple users here with multiple PW)

 After that, the password 1234 will be activated for the user name user1. Once you
login to the Router as user1, it will prompt for the Password.
 CISCO Commands and Help
 In the Cisco CLI, you don't always have to type the full command. If you know
that there's no other command at that level that begins with the same first
couple of letters, you can use those letters to complete the command.

 For example, if we exit enable mode and type ‘en' for short, you'll see that auto
completion does work.

 This entry worked because no other command at the user mode prompt begins
with the letters en.
 Access To CISCO Commands Help
 To view the available command in any mode, we only need to type a question
mark (?).

 Whenever we use a question mark in the CLI, we don't have to press Enter after
it.

 It immediately presents options available to us at that point. If we type a

question mark, we get a list of all the commands available to use in user mode.
Example:
Router>?
Exec commands:
<1-99> Session number to resume
Connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC
CISCO Device : Removing Encrypted Password
Example:
How to remove encrypted password from the Privilege Mode

Use the command in global conf mode:

Router(config)#no enable secret

 CISCO History Commands
 While we are at the privileged mode prompt, we can at any point type ‘show
history' to see what the previously used commands were in that mode.

 It is the history of what we have done since we logged in to the device. We

will get a different history based on the command mode that we are in.

Example:
Router#show history
show Version
show
inter
en
show history
Router#
Setting Banner on CISCO
Device
 Setting Banner on CISCO Device
 Banners display messages during the login or startup sequence.

 When a banner is activated, it is displayed on the monitor based on the

login activities.

 Banner can be setup for the ‘Day Display’ or ‘Login’ or any other
activities.
 Use of Banner on CISCO Devices
 We can use banners for a variety of purposes.

 We can use banners to notify users of scheduled maintenance, newly

installed applications, or any other information we want to generally
distribute.

 We can also use banners to support security measures by informing

connecting users of the proper use of a device.

 For example, the banner could state that only administrators are allowed
access.
 Use of Banner on CISCO Devices
 Banners can also inform users that actions might be logged or tracked. In
many locations, monitoring user actions cannot be performed unless users
are informed of the tracking. Banners can provide such notification.

 Banners could prove useful if we need to prosecute. With an appropriate

banner in place, unauthorized users cannot claim that they didn't know the
action was not allowed.

 When implementing a banner for security purposes, the content should be

carefully worded and based on the laws and policies involved.

 It should clarify that only authorized persons are allowed access to the device
and deter unauthorized users.
 Types of Banner on CISCO Devices
Command Description
Sets the message-of-the-day (MOTD) banner. The
banner motd MOTD banner displays immediately after a
connection is made.
Sets the login banner. The login banner displays after
banner login the MOTD banner and before the login prompt.
Sets the exec banner. The exec banner displays after a
banner exec successful login.
Sets the incoming banner. The incoming banner
banner incoming displays for a reverse Telnet session.
Setting Up Banner MOTD: Message of the Day
 Be in the Global Configuration Mode (Config)#

 Type ‘banner motd’ then type the hash (#) key or asterisk key (*) and press enter.

 Your screen will be ready to accept your message. Type your message whatever. Once
finished, again type the hash (#) key or asterisk key (*) and press enter.

 Your message is set up as ‘Message of the day (MOTD)’. It will be automatically

displayed when you are in the ‘User’ mode.
Example:
Router(config)#banner motd #
Enter TEXT message. End with the character '#'.
Welcome to CISCO Router.......
Enjoy Your Work.......#
Router(config)#
 Setting Up Banner login: Message for login
 Login banner can be set on Routers or a layer-3 Switch (not in a layer-2 Switch)

 Be in the Global Configuration Mode (Config)#

 Type ‘banner login’ then type the hash (#) key or asterisk key (*) and press enter.

 Your screen will be ready to accept your message. Type your message whatever. Once
finished, again type the hash (#) key or asterisk key (*) and press enter.

 Your message is set up as ‘Login’ message. It will be automatically displayed when

you are in the ‘User’ mode and try to login to the system.
Example:
Router(config)#banner login #
Enter TEXT message. End with the character '#'.
Please Enter Your Password. Unauthorized users are not allowed......#
Router(config)#