Configuring local username and password on a Cisco IOS Router

By default, when you access a Cisco router for management purposes (using Console, Telnet or SSH) there is no username/password authentication required. You only need to supply the “privileged EXEC” password (i.e the “enable” password) in order to gain access to the full configuration mode of the router. Employing an additional level of authentication (i.e requiring the user to supply an additional username/password credential in addition to the “enable” password) will make the router device more resistant to unauthorized access. Moreover, configuring local usernames on the device gives you the flexibility to add granularity regarding the levels of management privileges for different users. For example, you can configure a username on the router with full privileges (privilege level 15) who can configure anything on the router, or you can configure a username with unprivileged access (privilege level 1) who can only see a few things on the router and nothing else.

There are two steps involved to configure local usernames. The first one is to create the username/password and assign it a privilege level (from 1 to 15, with 15 being the most privileged level). If you don’t specify a privilege level number, it gets the full privilege 15 by default. The second step is to configure your VTY lines (0 to 4) to require a local login access (i.e only a configured user with a valid password can access the router).

Configuration

Router# config t
Router(config)# username Mynetworkadmin privilege 15 secret $Str0ngP@ss$
Router(config)# username Onlymonitoring privilege 1 secret An0ther!Pass34

Router(config)# line vty 0 4
Router(config-line)# login local
Router(config-line)# exit
Router(config)# wr

Just a security tip here, for username select something difficult to guess or something that will not be found in dictionary attacks. For example, words like “admin”, “administrator”, “cisco” etc are not good usernames. A simple dictionary attack from a hacker will find those easily.

Related posts:

  1. Password Security for Cisco IOS Devices
  2. Cisco Router Password Recovery-How to recover cisco router lost password
  3. CCNA Certification Exam Preparation Topics Part 2 – Router Passwords
  4. Configuring PPPoE for Cisco Router 520 and for series 850 and 870
  5. Cisco IOS Router Operation-CCNA Exam Prep
  6. Configuring NAT on Cisco IOS Routers
  7. Configuring Cisco Router Interfaces


Comments (2)    Posted in Cisco Routers    

Subscribe RSS 2.0 feed. Leave a response, or Trackback from your own site.




2 Responses to 'Configuring local username and password on a Cisco IOS Router'

  1. dioum samba - June 16th, 2011 at 1:20 pm

    hi, I create a username and pwd with privilege 5 and I also activated the AAA authentication.when I connect with the username (nedge) and CDM (cisco) I refer to privililège 15. Is it possible to connect directly to the five privilege when I connect with the username (nedge) and pwd (cisco)?

  2. Blog Admin - June 17th, 2011 at 7:42 pm

    I didn’t fully understand your question. If the username is local (i.e configured locally on the device), then you must assign a privilege level of 5 to it:

    e.g username nedge privilege 5

    If this username exists on the AAA server, then you must enable also “authorization” on the router and assign a privilege 5 to the username which exists on the AAA


Leave a Reply

cisco asa firewall ebook

Configuration Tutorial For Cisco ASA 5500 Firewalls
With FREE ASA 5505 Configuration Tutorial Bonus

CLICK HERE TO DOWNLOAD EBOOKS

Sponsored Links