Cisco Routers have a number of different ports through which these routers can be accessed. By default any one can access the router and can change configuration. In order to limit access and preventing users from changing configurations Cisco allows us to password protect each port.
In this lab we will set line console password, thus preventing unwanted changes to our configurations. Before reading further or starting the lab we recommend to read these prerequisites: OSI Reference Model, Cisco Router Modes, How to change Host Name of a router, Configure MOTD (Message of the Day) Banner, How to Save Cisco Router Congifuration.
Line Console Password:
Console port is located on the back of the router and is used for direct connection to the router from a PC. Prior to installing a new router in a network console port is the only option through which a router is configured and get to the working state in a network.
The console port should must be secured with a password and the router should be physically placed in a secured location. If the router is not in a secured location than the console port should be disabled for preventing the loss of router configuration.
Line Console password prevent un-authorized user access from entering into user exe mode. This password is the first step for securing a router, a good network administrator should and must add extra layers of security to the routers by setting enable password, line vty(Telnet password), Auxiliray line password and Cisco enable secret password.
Steps for setting line console password:
For specifying the console password line configuration command is used.
UpaaeRouter1(config)# line console 0 This command will get you to console line configuration mode
UpaaeRouter1(line-config)# This prompt confirms that we are at line configuration mode.
UpaaeRouter1(line-config)# password yourPassword
In the above line password is the command followed by your desired password.
login command is used for enforcing the console password before accessing user exe mode. If you do not enter login command after setting password for line console then router will not ask for password before entering user exe mode.
How to verify line console password:
Type “end” to exit from both the line configuration mode and global configuration mode, and than type exit to leave enable mode. Now after pressing enter if you are asked for password before entering user exe mode, congrats you have successfully protected your router from unauthorized access.
Protecting router and switches by setting line console password is mandatory for a network engineer to prohibit illegal access to the router configurations.
Line console password is stored in plain text and anyone who can read configurations can view the console password. If you want a more secure password which can not be seen by everyone then use enable secret password. Cisco enable secret password is a more secure form of console password and the enable secret password is stored in encrypted form in router configuration. Learn how to set enable secret password on Cisco router.