Login Security 1

By certskills May 2, 2016 09:05

One of the first configuration items that becomes second nature is the configuration of basic password settings. But it is also easy to forget about the small differences in password security configuration once you get used to configuring your own lab the same way every time. This lab can give you some quick exercises on a few of those options.


Configure console, Telnet, and enable mode security on all four devices in the figure as follows:

  • Protect console access for all device consoles with a password of ‘certskills’
  • Protect privileged mode for all devices using password “ccnaskills” while storing the password as an MD5 hash.
  • Protect Telnet access by requiring username/password login. To that end, create a username ‘person’ with a password of ‘access’ using the most secure option to configure the user.
  • Assume all device interfaces shown in the lab are up, working and correctly configured with IP addresses
  • Assume routing is configured and working correctly



Figure 1: Network Topology and Addresses



Initial Configuration

Examples 1, 2, 3 and 4 show the beginning configuration state of R1, R2, SW1 and SW2.

Example 1: R1 Config


Example 2: R2 Config


Example 3: SW1 Config


Example 4: SW2 Config


Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

To test your solution if you happen to try it with CML/VIRL or real gear, connect to each device’s console to test the console passwords. Next, from one of the devices attempt to telnet to each of the other devices and verify the correct credentials are prompted and accepted. From either the console or from a telnet connection, then use the enable command, and test the enable passwords that you configured.


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!

All interfaces in topology match the lab figure.

Network Device Info:

The switch used in the lab is a Cisco IOS layer 2 switch. Note that if you happen to have a layer 3 switch, to use the initial configurations as shown in this lab, issue to no ip routing command on the switch. This command will disable the routing of IPv4 packets, making the layer 3 switch act only as a layer 2 switch.

Answers: IP Addresses 1
Answers: Login Security 1
By certskills May 2, 2016 09:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.