Cisco Security Basics


Here are the basics for setting up a Cisco router:

Thanks to Neuromancer & Data Plumber for pointing out the initial commands and helping me with this blog. So, to prepare for entering configuration commands. The initial commands to enter into the system:

Router#configure terminal

You are now ready to start entering commands to configure the system. The following are probably the most common and those neccessary to configure a working router.
Enable password-encryption (to ensure passwords are stored in a way that is unreadable to any chancer):

Router(config)#service password-encryption

Enable secret – higher encrypted authorisation.

Router(config)#enable secret password

Enable login using password authentication:

Router(config)#enable password password

Enable console password authentication:

Router(config)#line console 0
Router(config-line)#password password

Enable virtual terminal password authentication (for the five available logins):

Router(config)#line vty 0 4
Router(config-line)#password password

Set the hostname of your Router:

Router(config)#hostname Cisco1

Set the banner displayed when greeted by the router:

Cisco1(config)#banner motd # Authorised access only #

If, like me your router is too small to hold a newer ISO image. You can do one of two things – a) like I now have, buy memory upgrades (from ebay) or b) store your newly purchased IOS image on a tftp server and load it at boot time.

Cisco1(config)#boot system tftp 2500-io-l.122-5.bin

Breaking the last down, the first tells the router to read this boot line first, it then reads that we are booting a system file, the third part says that we are retrieving an image from a remote tftp server (this tftp server must be on a network connected to one of the configured interfaces) — this is not a configuration file, which is separate and stored in nvram, which is loaded into ram during the bootstrap,next is the IOS image, this will vary entirely on you, lastly is the address of the tftp server — there thats it, just saved £30 on a memory upgrade

So now you have your system quite nice and customised to your liking – you better save it!

Cisco1(config)#end //you can also hit CTRL-Z
Cisco#copy running-config startup-config

Hmm, I wonder which version of software I am running and how much memory I have.

Cisco1#show version
Cisco1#show flash

Configuring RIP routing protocol, so that a router can act as an intermediary between two networks. In this example we are traversing networks and

Cisco1#conf t
Cisco1(config)#router rip
Cisco1#copy run start


3 thoughts on “Cisco Security Basics

  1. Useful stuff – if I remember when I get into work tomorrow, I’ll post some of my favourite standard config statements up too.

    Just a couple of comments:

    To turn on password encryption, the command (in config mode) is “service password-encryption”

    You don’t want to rely on password-encryption though, because if someone gets hold of your running or startup config they can easily decrypt the password using one of the commonly available tools on the net. Have a look at the following website:

    When you get there, paste in this encrypted password and hit the “Decrypt” button to reveal all:


    Instead, you’re better off using “enable secret “. I’ve no idea what the cryptographic algorithm used with this is, but it is apparently non-reversible (so they tell me…)


  2. Just remembered something I wrote up last year:

    Imagine: You type “conf t” hundreds of times a day, but how many times does it come out as “cofn t”? Frustrating huh?

    How about when you type “itn fa0/1”? (Or is it just me whose right hand is out of sync with his left?)

    To side-step these things, use Cisco IOS aliases. Instead of typing “conf t” you’ll be able to type just “c” – aliases remove the potential for error.

    Have a look at this posting for more info – I paste some of these into every router I configure:


Post a comment

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.