enable password:
switch>en
switch#conf t
switch(config)#enable secret cisco
Protect COM port
switch>en
switch#conf t
switch(config)#line console 0
password cisco
login
( needs login to ask the password for the COM port)
renember copy the running-config to startup-config
COM password
line con 0
password cisco
login
Telnet password
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
———————————————-
To encrypt passwords
———————————————-
switch(config)#service password-encryption
line con 0
password 7 DGASDFSDFSFD
login
line vty 0 4
password 7 0EGGRGEGAGA1D
login
line vty 5 15
password 7 020ERG23WFAB
login
!
end
!!!!!False security:!!!!
Don’t use the old type 7 passwords anymore. Use the new «secret» keyword only.
http://www.ifm.net.nz/cookbooks/passwordcracker.html
weaker with password 7
but is faster!
less process overhead!
SWITCH_cisco(config)#banner ?
LINE c banner-text c, where ‘c’ is a delimiting character
exec Set EXEC process creation banner
incoming Set incoming terminal line banner
login Set login banner
motd Set Message of the Day banner
prompt-timeout Set Message for login authentication timeout
slip-ppp Set Message for SLIP/PPP
SWITCH_CISCO(config)#banner mod ]
Enter TEXT message. End with the character ‘m’.
***********************************
DO NOT LOG ON
***********************************
DONT USE TELNET
CONFIGURATION SSH
Primero configurar usuario y password
SWITCH_CISCO(config)#username admin password cisco
Después necesitamos un nombre de dominio para generar un certificado
SWITCH_CISCO(config)#ip domain-name miempresa.com
generar el certificado
SWITCH_CISCO(config)#crypto key generate rsa
How many bits in the modulus[512]:1024
SWITCH_CISCO(config)#ip ssh version 2
SWITCH_CISCO(config)# line vty 0 4
SWITCH_CISCO(config-line)#transport input ssh