This lab extends the basic setup by adding secure access configuration. The goal is to secure privileged access, configure a local admin account, encrypt stored passwords, and set up basic access restrictions for console and VTY lines.
- Create a local admin user with a secret password.
- Secure privileged EXEC mode with an enable secret.
- Enable local login for console access.
- Enable local login for VTY access.
- Encrypt all stored passwords.
- Add a login banner for unauthorized access warning.
- Save the configuration.
Router (R1):
configure terminal
username admin secret admin123
enable secret cisco123
service password-encryption
banner motd # Unauthorized access is prohibited #
line console 0
login local
line vty 0 4
login local
end
write memory
Switch (SW1):
configure terminal
username admin secret admin123
enable secret cisco123
service password-encryption
banner motd # Unauthorized access is prohibited #
line console 0
login local
line vty 0 4
login local
end
write memory
- Verify that MOTD banner is displayed and login with username
adminand passwordadmin123works on console/VTY.
Login: admin
Password: admin123
- Enter privileged EXEC mode using the enable secret.
enable
Password: cisco123
- Use
show running-configto verify encrypted passwords.
show running-config
This lab provides a secured baseline configuration for network devices.
- Console and VTY access require the local admin account (
admin/admin123). - Privileged EXEC mode is protected with an encrypted enable secret.
- All passwords are encrypted in the configuration.
- Unauthorized users are warned via a login banner.
Next part: SSH – Xubuntu client