How to Configure Different Cisco Router Passwords Step-by-Step

A password is a primary protection mechanism to secure a device. Cisco uses different types of passwords to restrict access to its devices, such as routers, switches, firewalls, etc. We have explained configuring different Cisco router passwords to restrict a user from accessing the router privilege exec mode. In the router privilege exec mode, a user can change the full router configuration and its management features, while in the user-level password, an administrator gives access to Cisco device control according to their role. There are different types of levels in a device configuration. For example, an administrator has full access to the device configuration, while the other junior administrator may have little access to the device according to his or her role.

We have explained the different 5 types of Configuring Cisco Router passwords in the article:.

1) Enable Password

We use enable Password to restrict a user to privileged exec mode. Privileged exec mode provides higher-level configuration and management capabilities. How to configure enable password. We configure the enable password in the global configuration mode.

enable password marwat

Confirm enable password by exiting from global and privilege mode and then again entering into privilege mode, it will ask for a password


Show running-configuration but we used here pipe “|” command here to show only enable password.

show running configuration

If you want to remove the enabled password, then write no before enabling the password in global configuration mode.

2) Console Password

Console password protects a router to directly access a router from the console port. To configure the Console Password in the router, follow the following steps: First, enable the console password by writing line console 0. Here 0 means that there is only one console port.

enable console password

):- Here another command we used is exec-timeout which states that after some time the console will be logout after some time. The time we here mentioned is one minute and 40 seconds, so after 100 sec (60+40) it will logout automatically.

setting logout time

verify the console password by exiting privilege mode.


In case, if you want to remove the console password, then follow the below step.

removing console password

3) Auxiliary Password

We use an auxiliary port to configure a router remotely. An auxiliary password ensures that only the authorized user is allowed to configure it.

Configuring the Auxiliary password line aux 0 indicates that only one auxiliary port is in the router.

Enable aux password

If you want to terminate the session after a few minutes or seconds, then apply the following command.

setting exec-timeout

If there is no need further of an aux password, then follow the below command to remove it.

removing aux password

4) Virtual terminal (VTY) password:

  1. There are many virtual terminal lines to configure a router remotely via telnet or SSH. We use a VTY password to protect VTY lines.

VTY Password Configuration How to configure the VTY password. There are a total of 16 VTY session lines through which users will telnet or SSH a router, but here we use only 1st five lines (from 0 to 4) as below:

total VTY lines

For the VTY password, there must be configured to enable a password in a router, so configure it, otherwise, a user will not access a router.

enable vty password

Removing the VTY password.

Removing VTY password

5) Enable Secret Secret Password

Enabling a Secret password is just like enabling a password, but the only difference between them is that Enabling a secret password is in the form of an encrypted form while enabling the password is stored in plain text. If there is a password in plain text, then there is the possibility that a non-admin user can steal it very easily. So there is a mechanism through which we can encrypt plain text passwords into encrypted form. First, we check the router’s running configuration. You will see that all passwords configured in a router will be in plain text.

show running

Converting the plain text passwords into encrypted form by the below command.

enable secret marwat

In the previous configuration, you didn’t have the ‘service password-encryption’ command on the router, but now it’s turned on.

The other difference is that all the plaintext passwords are converted into encrypted form.

Remove the enable secret password by the following command.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *