protect your Router

There are 5 separate Passwords you need to protect your Router.

1.Console - protects the Console Port
2.Auxilary - protects the AUX Port (for your modem)
3.TTY - Protects against un-authorized Telenet Port logons
4.Enable - Guards the use of the Enable Mode Super-user status.
5.Enable Secret - an Encrypted Secret form of the Above (better!)

We've done the Console already, so let's run through the rest briefly.
Just for fun, I am including text-boxes for you to write the Commands in.

Set the Auxiliary Password
Password for external modem connections
Router# (Type in the command config t)
Note that "config t" is interpreted by the Cisco IOS same as "Configure Terminal"
Most commands can be entered in abbreviated form,
and even better you can press the "Tab" key to complete commands!
This gives you the following Prompt:
Router(config)# (Type in line aux 0
which takes you down to the mode to configure "line auxiliary 0" (zero).
Now you can start using the sub-commands to configure the Aux port.
Router(config-line)# (Type in login)
Router(config-line)# ( password your-aux-password-here)
Router(config-line)# Ctrl-Z
Router#
And now your Router has a password protecting the AUX port.

Setting Passwords on the Virtual (VTY) Ports
VTY Ports are rather a special case, since they are not real ports.
In other words, you won't find a Port on the back of your Router labelled VTY.
They are what could be called "Virtual Ports" that wait patiently
for a Remote Connection, usually using Telnet, to log in.
If you don't set these, you won't be able to Telnet in to your Router.
This means every time your routers have a problem, you have to drive in to work.
Or to where-ever the routers may be hidden (like Timbuktu?).
Configuring the VTY password is very similar to doing the Console and Aux ones.
The only difference is that there are 5 VTY virtual ports,
which are named 0, 1, 2, 3, and 4 .
You can use the shortcut 0 4 (a zero, a space, and 4) to set all 5 passwords at the same time.
Router# (type in config t)
Router(config)# (type in line vty 0 4)
Router(config-line)# (type in login)
Router(config-line)# (type in password VTY-Password-here)
This concludes setting your VTY Passwords!
(you can type in Ctrl-Z to go back to plain Enable Mode)
Router(config-line)# Ctrl-Z
Router#

Setting Your "Enable" Password
The Enable is the old form of the password that guards
the Exec Command Interpreter's "Privileged Mode".
Which as we mentioned earlier is usually called "Enable Mode"
since that is the word you type in to get to it.
Usually with newer equipment you'll be using the "Enable Secret",
which is a better password because it is stored in an encrypted form.
However, it is best to also set an Enable Password
because if for some reason your computer has to boot up into an old version
of the Cisco IOS (say for problems that make it go into ROM mode, eh?)
then the "Enable Secret" won't work. But the old-fashioned "Enable" will!
By now this should be getting familiar to you,
but remember that "Repetition helps you Memorize!"
Once again start out with the Router in "Enable" (or "Prilileged") mode.
From the Command Prompt issue the Global Command configure terminal
Router# (type in config t)
Router(config)# (type in enable password your-enable-password
That's all, it's done, even easier than before!
Notice that you are Not configuring a Line here, but the whole Router!
(that's why you didn't need to type in a "line..." command)
Again you can now do a Ctrl-Z to get back to your "Router#" prompt.
Setting Your "Enable Secret" Password
The "Enable Secret" password, as mentioned above, is an advanced form
of a "one-way cryptographic secret password".
In other words, once you put in the plain text password,
the Cisco IOS takes the text and encrypts it so that no one,
not even you, can ever read it again.
This is why it is good advice Not to forget your Enable Secret Password!
The Router doesn't like the Enable Secret to be the same as the Enable. Router(config)#enable secret CISCO
The enable secret you have chosen is the same as your enable password.
This is not recommended. Re-enter the enable secret.
So let us make the Enable Secret password CISCO2 instead.
The Enable Secret takes over from the regular Enable password.
This means if you set an Enable Secret Password, your Enable one will NOT work.
So Don't Forget Your Password!
(Reminder, your Password for everything in this tutorial is CISCO)
Again, this is a simple set of commands:
Router# (type in config t)
Router(config)#
(type in enable secret your-enable-secret-password
That's really all it takes. Don't forget it!
Again do a Ctrl-Z to exit.
This will put you back at the Global Enable Mode Prompt:
Router#