Router Configurations and Passwords

A.  Startup and Running Configurations

1. Open GNS3 and create a project called “config_pass”.  Click and drag a c2691 router into the workspace, and configure it with the NM-4T adapter for slot 1.  For help on configuring slots/adapters, please refer to previous tutorials.
2. Right-click the router and choose Start, then right-click again and choose Console.
3. The first step in the router’s boot process is the POST.  After checking what hardware is present and functioning, the bootstrap within ROM (read-only memory) attempts to load the Cisco IOS software.  Next, the IOS searches for the startup configuration file in NVRAM (non-volatile random access memory).  In this tutorial, the router is being powered on for the first time, so the startup configuration file is the default.  Any changes that you make to the router in this session will be stored in the running configuration file within RAM (random access memory), which is volatile, so the changes will be discarded at power-off unless copied into NVRAM.
4. In the next few steps, you will make changes to the running configuration file, and ultimately copy the changes into the startup configuration file.  Begin by entering privileged mode by typing “en”.
5. Type “show startup-config”.  This will print the configuration file to the screen of what the router will load when powered on.  There currently is not much there.

6. Type “show running-config” to print to the screen what the router is currently configured for.  This file is much longer than the startup file because interfaces have been recognized after the initial power-on.  Press the spacebar to scroll through the file, or press “q” to exit.
7. The hostname of the router is included in the configuration files, so in this step, you will change the name of your router.  Type “config t” to enter configuration mode, then type “hostname apple”.  Your router’s hostname, which previously was “R1”, is now changed to “apple”.  Remember, this change is only present in the running-config.

8. To copy the current running configuration file to NVRAM, you will overwrite the startup configuration with the running configuration.  This is the only way to save your changes.  Otherwise, if you reboot the router, the hostname will return to being “R1” instead of “apple”.  Exit configuration mode by entering “exit” or typing ctrl + z.  Then, type “copy running-config startup-config” and press Enter.  The configuration will build, and then the process will complete.
9. Close your console window to the router, then right-click the picture of the router in the workspace and select Stop.  This will power-off the router immediately.  Right-click the router again, click Start, and select Console.
10. After the router has finished booting, your prompt should read “apple>”, showing that your changes on the previous load were saved.

B.  Setting Passwords

1. First, you will set a password for entering privileged mode on the router.  Enter privileged mode by typing “en” and then configuration mode by typing “config t”.  
2. Type “enable secret cisco”, where “cisco” is the password
3. To exit privileged mode, type “exit” and press Enter, and then type “logout” and press Enter once more.  Now, try to enter privileged mode by typing “en” at the prompt.

4. You will be prompted for a password, so enter the password “cisco”.  You will not be able to see what you are typing, but when finished, press Enter to submit.  If you typed the password correctly, you will now be in privileged mode.
5. How does the router know you have set a password?  Type “show running-config” to display the current configuration file.  Scroll through the file until you see the “enable secret” command you had used to set the password.  Your password is saved in the router’s configuration file, but it has been encrypted.

6. Enter configuration mode, then type “enable password ist”, where “ist” is the password.  The “enable password” command also sets a password for entering privileged mode, but this older method is less secure.  Usually, the “enable secret” method is used over the “enable password” method.
7. Exit configuration mode, then type “show running-config”.  Now, look for the “enable password” command that you have modified in the configuration.

8. Below the encrypted password that you had set earlier, you will see your new “enable password” displayed in plain text.  This is why the “enable secret” method is more secure.  Otherwise, anyone with access to your router’s configuration files can easily see what your password is.
9. Next, you will set a password for logging into your router’s console.  Enter configuration mode, then type “line console 0”.
10. Type “password cisco”, where “cisco” is the password, and press Enter.  Type “login” to allow password checking at router login.  Then, enter “exit”, and then “exit” again.  Type “logout” to fully log out of the router.
11. When you attempt to log back into the console, you will now be prompted for a password.  Enter the password, “cisco”.

Note:  An auxiliary password may be set in the same way as the console password.  In configuration mode, simply type “line aux 0” instead of “line con 0” and press Enter, and then type “password” followed by your password, as before.

12. To set a VTY (Telnet) password, type “line vty 0 935” in configuration mode.  The last number, 935, may change depending on the router.  In this lab, the last line number used to connect with Telnet on the router is 935.
13. Type “password cisco”, where “cisco” is the password, then press Enter.  The VTY password is now set to cisco.  Note that Telnet cannot be used to connect to a router if a VTY password is not set.
14. Exit back to the privileged prompt, and enter “show running-config”.  Scroll through the configuration and locate the multiple passwords.  Are the passwords you just set encrypted?