CLI Passwords 2

By certskills November 5, 2015 12:05

The simplest way to protect the CLI uses passwords shared by all, rather than a per-user username and password. Using a per-user login method improves security. The easiest option for using per-user logins in a Cisco lab is to configure the username/password pairs in each Cisco router or switch. Today’s lab asks you to do just that: configure several username/password pairs, and enable their use.


Configure Switch SW1 with password security with a per-user username required for the three allowed users. The passwords and user names will be stored locally on the switch.

This lab begins with all the interfaces shown in Figure 1 working, with IPv4 addresses configured, and with all hosts able to ping other local hosts and hosts in the rest of the Enterprise.

The specific rules for this lab are as follows:

  1. Enable the use of local usernames for login from the console and when using Telnet.
  2. Create a user: Use password “hope” for user “allison”.
  3. Create a user: Use password “love” for user “danielle”.
  4. Create a user: Use password “faith” for user “tyler”.


Figure 1: Network for this Lab, with Console Access Switch SW1


Initial Configuration

Example 1 shows the non-default configuration added to switch SW1 before your work for this lab begins. Basically, the switch has already been configured with an IP address and a default gateway to allow telnet access.

Example 1: SW1 Initial Configuration


It’s Now Time for Your Answer

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

Testing this lab (if you go to the effort to configure in an environment where you can test) is pretty easy. Simply connect to the console, and try to login with the configured usernames. Similarly, just Telnet into the switch, and try the usernames there as well.


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!


When you have completed the lab, you can test your work. Open a new “Telnet to Console session” with the Switch and you should receive a login prompt asking for password. Then login using the Password you assigned for Console access. Next you can select another node from the topology and connect to that nodes console port, from there Telnet to the switches VLAN 1 IP address from that node and you should see the vty password prompt. Try using the Password you assigned for Telnet access to the switch.

Network Device Info:

This table lists the interfaces changed in this lab to work well in CML/VIRL.

Device Lab Port  CML/VIRL Port
SW1 G0/1 G0/1
SW1 F0/1 G0/2
SW1 F0/2 G0/3

Host device info:

This table lists host information pre-configured in CML/VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address Mac Address User/password
PC 02:00:11:11:11:11 cisco/cisco
S 02:00:22:22:22:22 cisco/cisco

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4

Trace example: tracepath

To connect to another node via telnet: telnet




Answers: Trunking for Only Some VLANs
Answers: CLI Passwords 2
By certskills November 5, 2015 12:05
Write a comment


  1. newtoIT March 14, 23:30

    Hi Mr Odom. I must say thanks for taking the time to create these labs. Great job!
    I was having some trouble creating the username/password, then I figured out that I was in line con mode, so I went back to global config mode.
    It worked.
    Thanks again.

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.