Online Courses
CCNA 200-301
Online Courses
CCNA 200-301
  • Introduction
  • Interfaces And Cables
    • Ethernet
    • UTP Cables
    • Fiber Optic
    • UTP vs Fiber-Optic
    • Quiz
  • OSI Model & TCP/IP Suite
    • Networking Model
      • OSI Model
        • Application
        • Presentation
        • Session
        • Transport
        • Network
        • Data Link
        • Physical
      • PDUs
      • TCP/IP Suite
    • Quiz
  • Intro to the CLI
    • What is a CLI
      • Global Configuration Mode
      • Enable Password
    • Configuration Files
    • Canceling commands
    • Quiz
  • Ethernet LAN Switching
    • Local Area Network (LAN)
    • MAC Address
    • Ethernet Frame
    • Quiz 1
    • ARP
    • Ping
    • Quiz 2
  • IPv4 Addressing
    • Network Layer Review
    • IPv4
    • Quiz
    • Cisco CLI
    • Quiz
  • Switch Interfaces
    • CLI
    • Full/Half Duplex
    • CSMA/CD
    • Speed / Duplex Auto-Negotiation
    • Interface Errors
    • Quiz
  • IPv4 Header
    • Fields
      • Do Not Fragment
    • Quiz
  • Static Routing
    • Topology
    • CLI
    • Default Route
    • Static Route
    • Most Specific Matching Route
    • Quiz
  • Subnetting
    • Subnetting
    • Quiz
    • Variable-Length Subnet Masks
  • VLANs
    • What is a LAN ?
    • VLAN Configuration
    • Quiz 1
    • Example
    • Trunk Ports
      • Configuration
    • VLAN Ranges
    • Native VLAN
    • Router on a Stick (ROAS)
    • Quiz 2
    • Native VLAN on Router
    • Layer 3 (Multilayer) Switches
    • Quiz 3
  • DTP/VTP
    • DTP
    • VTP
    • Quiz
  • Spanning Tree Protocol
    • Network Redundancy
    • Layer 2 Loops
    • Spanning Tree Protocol
      • Exercise
    • STP Port Role Selection
      • Exercise
    • Blocking Ports
    • Quiz 1
    • States
    • Timers
    • BPDU
    • STP Toolkit
    • Configurations
    • Load-Balancing
      • Quiz
    • Quiz 2
  • Rapid Spanning Tree Protocol
    • STP Version Comparison
    • RSTP Intro
    • Quiz 1
    • BPDU
    • Link Types
    • Quiz 2
  • EtherChannel
    • Why EtherChannel is needed?
    • Load-Balancing
      • Configuration
    • PAgP, LACP, and Static
      • PAgP
      • LACP
      • Static
      • Manually Configure the Negotiation Protocol
    • EtherChannel Requirements
    • EtherChannel Verification
    • Layer 3 EtherChannel
    • Quiz
  • Dynamic Routing
    • Network Topology
    • Dynamic Routing
    • Types
      • Distance Vector Protocols
      • Link State Protocols
    • Metrics
    • Administrative Distance
      • Floating Static Routes
    • Quiz
    • RIP
      • RIPv1 & RIPv2
      • RIP Configuration
    • EIGRP
      • EGRP Configuration
    • Quiz
    • OSPF
      • Areas
      • Configuration
      • Cost
      • Neighbors
      • Loopback Interfaces
      • Network Types
      • Neighbor Requirements
      • LSA Types
    • Configuration
    • Quiz
  • First Hop Redundancy Protocols
    • Introduction
    • HSRP
    • VRRP
    • GLBP
    • Comparing FHRPs
    • Configuring HSRP
    • Quiz
  • TCP & UDP
    • Basic of Layer 4
      • Port Numbers / Session Multiplexing
    • TCP
    • UDP
    • Comparing TCP & UDP
    • Port Numbers
    • Quiz
  • IPv6
    • What about IPv5?
    • Why IPv6?
    • IPv6
    • Identifying the IPv6 Prefix
    • Configuration
    • EUI-64
      • Configuration
    • Why invert the 7th bit?
    • Global Unicast Addresses
    • Unique Local Addresses
    • Link Local Addresses
    • Multicast Addresses
    • Anycast Addresses
    • Other IPv6 Addresses
    • Representation
    • Header
    • Solicited-Node Multicast Address
    • Neighbor Discovery Protocol
      • SLAAC
      • Duplicate Address Detection (DAD)
    • IPv6 Static Routing
    • Quiz
  • Access Control Lists
    • What are ACLs?
    • How ACLs work
    • Implicit Deny
    • ACL Types
    • Standard Numbered ACLs
    • Standard Named ACLs
    • Numbered ACLs With Subcommands
    • Resequencing ACLS
    • Extended ACLs
    • Quiz
  • Layer 2 Discovery Protocols
    • Introduction
    • Cisco Discovery Protocol
    • Link Layer Discovery Protocol
    • Quiz
  • Network Time Protocol
    • The importance of time
    • Manual Time Configuration
    • Network Time Protocol
    • Reference Clocks
    • NTP Hierarchy
    • NTP Configuration
    • NTP Server mode
    • Symmetric active mode
    • NTP Authentication
    • Quiz
  • Domain Name System
    • Purpose of DNS
    • DNS Cache
    • DNS in Cisco IOS
    • Quiz
  • Dynamic Host Configuration Protocol
    • Purpose of DHCP
    • DHCP Messages
    • Relay
    • DHCP Sever configuration in IOS
    • Quiz
  • Simple Network Management Protocol
    • SNMP
    • Versions
    • Messages
    • Configuration
    • Quiz
  • Syslog
    • Syslog
    • Message Format
    • Logging Locations
    • Configuration
    • Syslog vs SNMP
    • Quiz
  • Secure Shell
    • Page
    • Console Port Security
    • L2 Switch Management IP
    • Telnet
    • SSH
    • Quiz
  • FTP & TFTP
    • FTP and TFTP
    • Trivial File Transfer Protocol
    • File Transfer Protocol
    • FTP vs TFTP
    • IOS File Systems
    • Upgrading Cisco IOS
    • Quiz
  • Network Address Translation
    • Private IPv4 Addressess
    • Network Address Translation (NAT)
    • Static NAT
    • Configuration
    • Dynamic NAT
    • Configuration
    • PAT (NAT Overload)
    • Quiz
  • Quality of Service
    • IP Phones
    • Power over Ethernet (PoE)
    • Quality of Service (QoS)
    • Queuing
    • Classification
    • IP Precedence and DSCP
    • RFC 4954
    • Trust Boundaries
    • Queuing/Congestion Management
    • Shaping and Policing
    • Classification
    • Quiz
  • Security Fundamentals
    • Why Security?
    • Concepts
    • Denial-of-service Attack
    • Spoofing Attacks
    • Reflection/Amplification Attacks
    • Man-in-the-middle Attack
    • Reconnaissance Attacks
    • Malware
    • Social Engineering Attacks
    • Password-related attacks
    • Multi-factor Authentication
    • Digital certificates
    • Controlling and Monitoring Users with AAA
    • Security Program Elements
    • Quiz
  • Port Security
    • Port Security
    • Why Port Security?
    • Enabling Port Security
    • Violation Modes
    • Secure MAC Address Aging
    • Sticky Secure MAC Addresses
    • Quiz
  • DHCP Snooping
    • DHCP Snooping
    • DHCP Starvation
    • DHCP Poisoning (Man-in-the-Middle)
    • DHCP Messages
    • DHCP Snooping Operations
    • DHCP Snooping Rate-Limiting
    • DHCP Option 82 (Information Option)
    • Quiz
  • Dynamic ARP Inspection
    • Gratuitous ARP
    • DAI
    • ARP Poisoning (Man-in-the-Middle)
    • Operations
    • Configurations
    • Optional Checks
    • ARP ACLs
    • Quiz
  • LAN Architectures
    • Common Terminologies
    • Two-Tier Campus LAN Design
    • Three-Tier Campus LAN Design
    • Spine-Leaf Architecture
    • SOHO Networks
    • Quiz
  • WAN Architectures
    • WAN
    • Leased Lines
    • MPLS
    • Internet Connections
    • Redundant Internet Connections
    • Internet VPNs
      • Site-to-Site VPNs (IPsec)
      • Remote-Access VPNs
    • Quiz
  • Virtualization & Cloud
    • Server Hardware
    • Servers before Virtualization
    • Virtualization
    • Why Virtualization
    • Connecting VMs to the Network
    • Cloud Services
    • Five Essential Characteristics of Cloud
    • Three Service Models of Cloud
    • Four Deployment Models of Cloud
    • Benefits of Cloud Computing
    • Connecting to Cloud Resources
    • Quiz
Powered by GitBook
On this page
  • Running-config
  • Startup-config
  • Level-Up The Security
  • Service Password-encryption
  • Enable secret
  1. Intro to the CLI

Configuration Files

There are two separate configuration files kept on the device at once.

Running-config

The current, active configuration file on the device. As you enter commands in the CLI, you edit the active configuration.

To view this file we type:

Router# show running-config
Building configuration...

Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password CCNA

To save this file we type:

Router# write

or

Router# write memory

or

Router# copy running-config startup-config

This wirtes the running configurations to the startup configuration file.

Startup-config

The configuration file that will be loaded upon restart of the device.

To view this file we type:

Router# show startup-config
Building configuration...

Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password CCNA

Level-Up The Security

Anyone who can see the configuration files will be able to see the Privileged EXEC Mode password. This is a security risk.

Service Password-encryption

Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# service password-encryption

This will encrypt all passwords.

When we view the running configuration file again, this is what we will see:

Router# show running-config
Building configuration...

Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password 7 08026F6028

The 7 before the password indicates the type of encryption used to encrypt the password.

(7 corresponds to a proprietary type of encryption from CISCO).

This is not very secure since it can be cracked with online tools

Enable secret

A more secure way of encrypting the passwords

The enable secret command configures a password that is automatically encrypted. It uses MD5, a more secure form of encryption than the service password-encryption command.

Router(config)# enable secret Cisco
Router(config)# do sh run
Building configuration...

Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable secret 5 7b1d1185b835814de783483f686e9825.
enable password 7 08026F6028

The new password is Cisco.

The 5 corresponds to MD5 encryption.

Notes

In the second command, we use do in order to execute Privileged EXEC commands in other configuration levels.

If both enable secret and enable password are configured the enable password will be ignored.

We should always use enable secret.

PreviousEnable PasswordNextCanceling commands

Last updated 2 years ago