Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
78609
Views
29
Helpful
5
Replies

Configure a Cisco router with Username and Password.

Go to solution
easamoah1
Level 1
Level 1

‎01-06-2015 02:56 AM - edited ‎03-07-2019 10:06 PM

Hello Guys,

Am quite new in cisco and i need to configure an 891 cisco router,can someone please show me step by step configuration commands for configuring Username and Secret Password.I would like the router to ask for "Username"and " Password" anytime i want to login the router through telnet.I also want to know if i have to erase the default configurations on the router first, before i start the configuration,and how it should be done in other not to loose the router whiles working on it.Thanks for your usual quick responds.

 

Regards,

Eben.

 

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Reza Zand

‎01-06-2015 06:06 AM

Hello Reza,

Your configuration would work, and is rated accordingly :) At the same time, however, using the AAA new model, things get more complicated and more complex, and in simple deployment scenarios, it is not worth the effort. Because Eben is just starting to play with Cisco devices and is new to them, I suggest using the classic authentication configuration that is simpler, even if perhaps more chatty to configure, and it would look as follows:

 

enable
configure terminal
username mylogin secret mypassword ! This is a normal user
username admin privilege 15 secret S3cr3tP4ssw0rd ! This is an administrator
enable secret S0m30therP4ssw0rd ! A password to protect the enable command
line con 0
 login local ! Authenticate console users using the local username/pw database
line aux 0
 login local ! Authenticate AUX port users using the local username/pw database
line vty 0 15
 login local ! Authenticate Telnet/SSH users using the local username/pw database
end

 

Also, instead of Telnet, I suggest starting SSH service on the router to provide for SSH access:

 

enable
configure terminal
hostname MyRouter ! Just about any non-default host name of the router
ip domain-name eben.name ! Just about any DNS domain here
crypto key generate rsa modulus 1024 ! Generates RSA keys to start the SSH
ip ssh version 2 ! Permit SSHv2 only
end

 

After testing the SSH connection to the router successfully, deactivate the Telnet access:

 

enable
line vty 0 15
 transport input ssh ! Allow SSH access only
end

 

Best regards,
Peter

View solution in original post

5 Replies 5

Go to solution
Reza Zand
Level 1
Level 1

‎01-06-2015 03:49 AM

Hi

 

>enable

#conf t

(config)#aaa new-model

(config)#username yourusername password yourpassword

(config)#enable secret yoursecret

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Reza Zand

‎01-06-2015 06:06 AM

Hello Reza,

Your configuration would work, and is rated accordingly :) At the same time, however, using the AAA new model, things get more complicated and more complex, and in simple deployment scenarios, it is not worth the effort. Because Eben is just starting to play with Cisco devices and is new to them, I suggest using the classic authentication configuration that is simpler, even if perhaps more chatty to configure, and it would look as follows:

 

enable
configure terminal
username mylogin secret mypassword ! This is a normal user
username admin privilege 15 secret S3cr3tP4ssw0rd ! This is an administrator
enable secret S0m30therP4ssw0rd ! A password to protect the enable command
line con 0
 login local ! Authenticate console users using the local username/pw database
line aux 0
 login local ! Authenticate AUX port users using the local username/pw database
line vty 0 15
 login local ! Authenticate Telnet/SSH users using the local username/pw database
end

 

Also, instead of Telnet, I suggest starting SSH service on the router to provide for SSH access:

 

enable
configure terminal
hostname MyRouter ! Just about any non-default host name of the router
ip domain-name eben.name ! Just about any DNS domain here
crypto key generate rsa modulus 1024 ! Generates RSA keys to start the SSH
ip ssh version 2 ! Permit SSHv2 only
end

 

After testing the SSH connection to the router successfully, deactivate the Telnet access:

 

enable
line vty 0 15
 transport input ssh ! Allow SSH access only
end

 

Best regards,
Peter

Go to solution
easamoah1
Level 1
Level 1

‎01-07-2015 03:12 AM

Thank You very much Peter for your quick response.I tried it and its perfect,i have some few questions which are,i would like to know why you suggest ssh instead of telnet,is it for security reasons? and secondly why the "ip domain-name eben.name"

Thank You once again.

Best Regards,

Eben.

0 Helpful

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni
In response to easamoah1

‎01-07-2015 03:41 AM

Hello Eben,

Peter has suggested to use SSH because of the fact that telnet data is sent in clear text, so someone with the right tools could easily find your password and your device could/would be compromised. It is security best practice. SSH is encrypted.

Technically speaking you do not need to change the hostname / domain name. But majority of Cisco documentation follow this method.

In case you are interested on how to do this without change... see below.

Router(config)#
Router(config)#crypto key generate rsa modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa modulus 1024 label CISCO
The name for the keys will be: CISCO

 

% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

 

Router(config)#
*Jul 11 13:27:51.431: %SSH-5-ENABLED: SSH 1.99 has been enabled
Router(config)#

 

The normal cases just as shown in Cisco documentation, the parser (without a label on the crypto key) would force us to change the hostname, create a domain name. I think the domain name is there to put a label on the keys.

 

Router(config)#crypto key generate rsa general-keys modulus 1024
% Please define a hostname other than Router.
Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hos
Router(config)#hostname ISR
lexnetISR(config)#crypto key generate rsa general-keys modulus 1024
% Please define a domain-name first.
ISR(config)#ip domain name net.com
ISR(config)#exit
ISR(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: ISR.net.com

 

% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Go to solution
easamoah1
Level 1
Level 1
In response to Bilal Nawaz

‎01-07-2015 04:51 AM

Hello Reza,

Thank's to all you guys for your support,i really appreciate your quick responds,i have about six(6) different branches with a cisco 891 router but all of them are on telnet so i will take your advise and change them to ssh very soon for more security.

Kind Regards,

Eben.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card