CLI Passwords 2

certskills
By certskills November 5, 2015 12:05

The simplest way to protect the CLI uses passwords shared by all, rather than a per-user username and password. Using a per-user login method improves security. The easiest option for using per-user logins in a Cisco lab is to configure the username/password pairs in each Cisco router or switch. Today’s lab asks you to do just that: configure several username/password pairs, and enable their use.

Requirements

Configure Switch SW1 with password security with a per-user username required for the three allowed users. The passwords and user names will be stored locally on the switch.

This lab begins with all the interfaces shown in Figure 1 working, with IPv4 addresses configured, and with all hosts able to ping other local hosts and hosts in the rest of the Enterprise.

The specific rules for this lab are as follows:

  1. Enable the use of local usernames for login from the console and when using Telnet.
  2. Create a user: Use password “hope” for user “allison”.
  3. Create a user: Use password “love” for user “danielle”.
  4. Create a user: Use password “faith” for user “tyler”.

Figure 1: Network for this Lab, with Console Access Switch SW1

.

Initial Configuration

Example 1 shows the non-default configuration added to switch SW1 before your work for this lab begins. Basically, the switch has already been configured with an IP address and a default gateway to allow telnet access.

Example 1: SW1 Initial Configuration

 

It’s Now Time for Your Answer

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

Testing this lab (if you go to the effort to configure in an environment where you can test) is pretty easy. Simply connect to the console, and try to login with the configured usernames. Similarly, just Telnet into the switch, and try the usernames there as well.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

When you have completed the lab, you can test your work. Open a new “Telnet to Console session” with the Switch and you should receive a login prompt asking for password. Then login using the Password you assigned for Console access. Next you can select another node from the topology and connect to that nodes console port, from there Telnet to the switches VLAN 1 IP address from that node and you should see the vty password prompt. Try using the Password you assigned for Telnet access to the switch.

Network Device Info:

This table lists the interfaces changed in this lab to work well in VIRL.

Device Lab Port  VIRL Port
SW1 G0/1 G0/1
SW1 F0/1 G0/2
SW1 F0/2 G0/3

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address Mac Address User/password
PC 10.1.1.11 02:00:11:11:11:11 cisco/cisco
S 10.1.1.22 02:00:22:22:22:22 cisco/cisco

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

To connect to another node via telnet: telnet 10.1.1.1

 

 

 

Answers: Trunking for Only Some VLANs
Answers: CLI Passwords 2
certskills
By certskills November 5, 2015 12:05
Write a comment

2 Comments

  1. newtoIT March 14, 23:30

    Hi Mr Odom. I must say thanks for taking the time to create these labs. Great job!
    I was having some trouble creating the username/password, then I figured out that I was in line con mode, so I went back to global config mode.
    It worked.
    Thanks again.

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories