Categories
Miscellaneous

Encrypt local usernames and passwords

We’ve learned it is possible to configure local usernames and passwords on a Cisco device and then use them to login to the device. To do this, we’ve used the username USER password PASSWORD command, like in the example below:

R1(config)#username tuna password peyo

However, there is one problem with this command – the password is stored in clear text in the configuration:

R1#show running-config 
Building configuration...

Current configuration : 635 bytes
!
version 15.1
....
!
username tuna password 0 peyo
!
...

We can use the service password-encryption global configuration command to encrypt the password, but this method does not provide a high level of network security and the passwords can be cracked.

To rectify this, Cisco introduced a new command – username USER secret PASSWORD. This command uses a stronger type of encryption:

R1(config)#username tuna secret peyo
R1(config)#
R1(config)#do show run | include username
username tuna secret 5 $1$mERr$Ux7QsUATkj4kWVORI4.m21

Note that (unlike with the enable password and enable secret commands) you can’t have both the username password and username secret commands configured at the same time:

R1(config)#username tuna password peyo
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo