Thursday, December 20, 2012

How to assign passwords for routers?

Before starting with the activity of this post, it's better if you can design the below shown network and load it in to Packet Tracer Simulator. Also have an IP plan as described below. If you need clarifications in designing the network, please refer the previous posts carefully and then come back here. 

How to assign host names for the routers?

This was a task that I should have told you earlier since it's such a simple but useful task to remember the routers easily when we deal with a considerable amount of routers in a network.

  1. click on a router0 
  2. select CLI tab
  3. if it prompts the question 'Continue with configuration dialog? [yes/no]: ' type no and press Enter key
  4. type enable and go to the privileged mode
  5. type config t and go to the configuration mode
  6. type hostname IT and press Enter (or type any name for the router instead of IT)
so, your router is ready with the assigned hostname. note that from this pint onward, the CLI displays the assigned name of the router instead of displaying 'Router' word by default. this makes you easy to remember the router that you currently working with via the CLI.

refer the below shown CLI commands for clarification

Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname IT

follow the same steps and assign router-1 as FINANCE as the hostname

Designing a suitable IP plan for the above networks

When you design an IP plan for a network, it’s better to use private IP addresses for LAN(private networks ) and IPs in out of private IP ranges for WAN’s. Here Fe2 ( fastethernet port of PC-0) and Fe1( fastethernet port of IT router)  belong to the same network and therefore we can select IP addresses from the following ranges.

If the above table is not that clear to you, this is what it says. out of all the network IDs available in ClassA, only is considered as a private network ID. the same way out of all the network IDs of Class B and classB the number of available private network IDs are 16 and 256 respectively. 
Generally Class A IPs are more expensive and Class C are less expensive than above classes, since we only need two IP addresses for each of our LANs , it’s good to select Network addresses within class C range.

For the WAN’s serial port IP addresses, the above shown table's addresses can be avoided because WAN is a public network. 

R0 –Serial Port (S1) -->
R1–Serial Port (S2) -->

following the previous posts, configure the given simple network assigning hostnames for routers, IP addresses for routers and PCs and assign clock rate for the router's serial ports as well. Since the main target of this post is to focus on the password settings in routers and therefore I thought not to repeat the simple network configurations here.

What are the types of passwords that can be assigned to routers?

Follow the below image to understand the password classification of routers that are mainly divided in to two as user level passwords and privileged level passwords (of course there is nothing called as configuration level passwords :))

How to set Privileged level password?

Password settings can be done only in the configuration mode.

though there are two methods to set passwords for the privileged level, both are not considered as same. Assume that you used both the commands and set two different passwords to the privileged level, when you tried to it from User level (enable) it asks for the password but here the priority is given for the enable secret rather than enable password.

Go to privileged level and type show running-config to see all your configurations (whatever the commands that you have given to the particular router so far). Since you set privileged level passwords, they also would be displayed there as below.

according to the above image, you should understand that enable secret  is more powerful than the enable password. Also when you see the running configurations, the password that you assigned via enable password will show as it was typed whereas the enable secret will be displayed encrypted.

How to set User level passwords?

Since there are three types of passwords depending on the Router access method that we used (That are Console, Auxiliary and Telnet), there are three types of set of commands should be followed for each.

  • How to set Console pw?

Go to configuration mode --> type line ? and press Enter --> type line console 0 and press Enter--> type  password dccn  and press Enter --> login 

refre the below shown CLI commands

IT(config)#line ?
  <0-81>   First Line number
  console  Primary terminal line
  vty      Virtual terminal
IT(config)#line console 0
IT(config-line)#password dccn
%SYS-5-CONFIG_I: Configured from console by console
IT#exit                    <-------trying to enter to the user level where the user access verification is required

IT con0 is now available

Press RETURN to get started.
User Access Verification

Password:             <-------typed dccn but the password typing is invisible

IT>                      <-------accessed user level

Now whenever you tried to enter to the User level from privileged level (by typing exit) it asks for the User level password (here it is your console user password)

  • How to set Auxiliary pw?

Go to configuration mode   -->  type line ? and press Enter--> type line aux 0 and press Enter--> type password dccn and press Enter--> type login and press Enter

  • How to set Telnet pw?

Go to configuration mode --> type line ? and press Enter --> type  line vty 0  4 and press Enter--> type password dccn  and press Enter--> type login and press Enter

Note: - in Telnet we can connect a LAN with any number of PCs to a Router but only five of them could be accessed by the Router simultaneously. That is what we state 0  4 when setting Telnet password as above.

I will be continuing the same network system with the next post to describe static routing vs dynamic routing.