Assigning Console, Auxiliary, and Virtual Terminal Passwords

A console password is configured from global configuration mode, at the console line level. The output below outlines each step from privileged EXEC mode forward.

toronto-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#line console 0
toronto-1(config-line)#login
toronto-1(config-line)#password cisco1

Notice the series of commands above. First, global configuration mode was accessed, and followed by entering the line console 0 level. The command login specifies that we are requiring users to be authenticated to access this port. If we later changed our mind, we could remove the requirement by using the no login command. Finally, the password was set using the password command along with the password itself – in this case, cisco1. When setting passwords, they appear on the screen in plain text. During the login process, they are not visible.

Setting an auxiliary password follows the same steps, with the exception that the auxiliary line must be accessed.

toronto-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#line aux 0
toronto-1(config-line)#login
toronto-1(config-line)#password cisco1

In this case, I went back to shorthand and used aux 0 instead of typing out auxiliary 0. You should make a point of using shorthand where possible to save time and avoid typing errors.

Configuring virtual terminal passwords for telnet sessions works a little differently. If you do not set vty passwords on the router, you will not be able to make a telnet connection to it – this is obviously a security feature. In order to set telnet passwords, you will need to follow the configuration listed below. In this example, we are going to configure all 5 virtual terminals to use the same password. Note the syntax used.

toronto-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#line vty 0 4
toronto-1(config-line)#login
toronto-1(config-line)#password cisco1

Pay particular attention to the third line of output above. The line level accessed was for all five virtual terminal lines, numbered 0 through 4. By accessing the line level for all 5 simultaneously, we have made 5 telnet sessions possible using the password cisco1. To allow only a single telnet session, the command would be line vty 0. The 4 other sessions would then not be accessible.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.