3.5 Device Passwords Flashcards
What are the two primary password levels?
User mode and privileged mode
What two types of passwords can you put on user mode?
Console password and Virtual terminal password
What does the VTY password mean?
Virtual terminal password
What does the console password prevent someone from being able to do?
Limits who can access user mode through the console port
What does the VTY password prevent someone from doing?
Restricts who can gain access to user mode through remote access
What mode in the cisco cli allows you to change passwords?
Privileged mode
Describe the Secure privileged exec access password
The password that restricts access to privileged exec mode is the most important password that you will set. This can be accomplished using the enable secret global configuration command with the password variable.
Describe the Secure user exec access password
The exec mode password controls the ability to switch to configuration modes. There are two passwords that can be used. The enable password is stored in clear text in the config file. The enable secret password is encrypted and stored in the config file. To secure user exec access, the console port needs to be configured properly.
Describe the Secure remote Telnet access password
The exec mode password controls the ability to switch to configuration modes. There are two passwords that can be used. The enable password is stored in clear text in the config file. The enable secret password is encrypted and stored in the config file. To secure user exec access, the console port needs to be configured properly.
What does the command Router(config)#enable secret password do
Sets the encrypted password used for privileged mode access. The enable secret should always be used if it exists.
What does the command Router(config)#enable password password do
Sets the unencrypted password for privileged mode access. This password is used if enable secret is not set.
What does the command Router(config)#Line console interface do
This global config command allows a user to enter console configuration mode. The zero identifies the console interface (usually there is only one.)
What does the command Router(config)#Line vty vty line 0 15 do
This global config command allows a user to enter line VTY mode.
What does the command Router(config-line)#Login do
VTY access can be enabled using the login command.
What does the command Router(config-line)#no enable secret
Router(config-line)#no enable password
Router(config-line)#no login
Router(config-line)#no password do
Removes the password. The no login command disables password checking.
What does the command Service-password-encryption do
provides a basic level of encryption to all unencrypted passwords within the config file.
What are the requirements for passwords on cisco devices?
Do not use the same password for all devices.
Do not use the same password for both your enable and enable secret passwords.
Passwords should be more than 8 characters long
Common words should not be used in passwords
Use a combination of letters, numbers, and symbols
What is the first step in Password recovery?
Access ROMMON mode on your device. ROMMON mode can be accessed via a console by using a break sequence during the boot up process. Removing external flash memory while the device is turned off will also cause a device to boot in ROMMON mode.
What is the second step inn Password recovery
Use the confreg 0x2142 command to set the configuration register to 0x2142 so the device will ignore the startup config file when the device is rebooted.
What is the third step in password recovery
Use the reset command to restart the device.
What is the fourth step in password recovery
When the device has finished restarting, copy the startup configuration file to the running configuration file using the copy startup-config running-config command.
What is the fifth step in password recovery
Save updated configuration.
What is the sixth step in password recovery
Configure all required passwords.
what is the seventh step in password recovery
Use the confreg 0x2102 command to change the configuration register back to 0x2102 so the device will look to the startup config file on restart.
What is the eighth step in password recovery
Reset the device. Upon restart, the device will use the reconfigured passwords to authenticate the user.
What is the last step in password recovery
Use the show command to ensure that all changed configurations have been saved correctly.
What command makes the cisco device ignore the startup config file when the device is rebooted?
confreg 0x2142
After configuring a router to ignore the startup configuration when the device boots, what command would you use to tell the device to load the startup configuration upon boot?
confreg 0x2102