To configure user-mode passwords, use the line command. The prompt then becomes
Router (config-line) #:
Router # config t
Router (config) # line
The line console 0 command is known as a major command (also called a global command), and any command typed from the (config-line) prompt is known as a subcommand.
Router (config) # line vty 0
Five passwords are used to secure your Cisco routers: console, auxiliary, telnet (VTY), enable password, and enable secret. The enable secret and enable password are used to set the password that’s used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed through the console port, through the auxiliary port, or via Telnet.
Sets a Telnet password on the router. If this password isn’t set, then Telnet can’t be used by default.
Router# config t
Router (config) # line vty 0 5
Router (config-line) # password telnet
Router (config-line) # login
Setting Up Secure Shell (SSH)
Instead of Telnet, you can use Secure Shell, which creates a more secure session than the Telnet application that uses an unencrypted data stream. Secure Shell (SSH) uses encrypted keys to send data so that your username and password are not sent in the clear.
A Banner is more than just a little cool—one very good reason for having a banner is to give any and all who dare attempt to telnet or dial into our internetwork a little security notice. And we can create a banner to give anyone who shows up on the router exactly the information we want them to have.
Message of the day (MOTD) is the most extensively used banner. It gives a message to every person dialing into or connecting to the router via Telnet or an auxiliary port, or even through a console port
Router (config) # banner motd *Welcome to router 1 *
We can configure a login banner to be displayed on all connected terminals. This banner is displayed after the MOTD banner but before the login prompts. The login banner can’t be disabled on a per-line basis, so to globally disable it, you’ve got to delete it with the no banner login command.
Router (config) # banner login &You are into router 1&