Free CCNA | Basic Device Security | Day 4 Lab | CCNA 200-301 Complete Course

Introduction

This tutorial provides a step-by-step guide to configuring basic device security on Cisco devices using the Cisco IOS Command Line Interface (CLI). This is particularly relevant for individuals studying for the CCNA 200-301 exam, as it covers essential security practices like setting enable passwords and secrets to protect device access.

Step 1: Access the Device

• Connect to your Cisco device using a console cable.
• Use terminal emulation software (like PuTTY or Tera Term) to access the CLI.

Step 2: Enter Global Configuration Mode

• After logging in, enter privileged EXEC mode by typing:

  enable
  

• Then, enter global configuration mode:

  configure terminal
  

Step 3: Set the Enable Password

• Configure a simple enable password to restrict access to privileged EXEC mode:

  enable password your_password
  

• Replace your_password with a strong password.

Step 4: Set the Enable Secret

• For better security, set an enable secret password which is encrypted:

  enable secret your_secret_password
  

• This password is more secure than the enable password because it is stored in an encrypted format.

Step 5: Configure Console Line Password

• Access the console line configuration:

  line con 0
  

• Set a password for console access:

  password your_console_password
  

• Enable login for the console line:

  login
  

Step 6: Configure VTY Line Passwords

• Access the VTY line configuration:

  line vty 0 4
  

• Set a password for remote access:

  password your_vty_password
  

• Enable login for the VTY lines:

  login
  

Step 7: Set a Message of the Day (MOTD)

• Configure a message of the day to display a warning message when someone connects to the device:

  banner motd # Unauthorized access is prohibited! #
  

• The # symbols denote the start and end of the message.

Step 8: Save the Configuration

• Exit the line configuration mode and return to global configuration:

  exit
  

• Save your configuration to ensure it is retained after a reboot:

  write memory
  

Step 9: Verify Configuration

• Use the following commands to verify your configurations:
  • Check the enable password:

    show run | include enable
    

  • Check the console password:

    show running-config | section line con
    

  • Check VTY configurations:

    show running-config | section line vty
    

Step 10: Test Access

• Log out and attempt to access the device using the console and VTY lines to ensure that passwords and security settings are working correctly.

Conclusion

In this tutorial, you learned how to configure basic device security on Cisco devices. Key points include setting both enable and console passwords, configuring VTY access, and ensuring that your settings are saved and verified. As a next step, consider practicing these configurations in a lab environment to solidify your understanding and prepare for the CCNA exam.