By default, no password is required to access the Command-Line Interface (CLI) of Cisco IOS devices via the console port. This allows users to configure the device immediately after connecting with a console cable.
To enhance security, a password can be configured on the console line, requiring users to enter a password to access the CLI through the console port.
| Command | Description |
|---|---|
R1(config)#line console 0 |
The console line is configured using the "LINE CONSOLE 0" command from Global Configuration mode. There is only one console line, allowing only one console connection at a time (i.e., 0). |
R1(config-line)#password ccna |
Sets a password using the "PASSWORD" command followed by the desired password. |
R1(config-line)#login |
The "login" command must also be used to require users to enter a password to access the CLI through the console port. |
line con 0
password ccna
login
end
Alternatively, to further enhance console port security, the console line can be configured to require users to log in using a username configured on the device.
| Command | Description |
|---|---|
R1(config)#username ilyasa secret ccna |
Creates a username and secret password, such as username "ilyasa" with secret password "ccnp". |
R1(config)#line console 0 |
Enters console configuration mode. |
R1(config-line)#login local |
Instructs the device to require users to log in using one of the configured usernames on the device instead of using a password set on the console line. |
Even if a password was previously configured on the console line (e.g.,
ccna), it will no longer be valid once theloginmode is changed tologin local. Users must log in using a configured username.
username ilyasa secret ccna
line con 0
login local
end
| Command | Description |
|---|---|
R1(config-line)#exec-timeout <minutes> <seconds> |
Configures the idle timeout to automatically terminate inactive sessions. |
R1(config-line)#logging synchronous |
Prevents disruptive system log messages from interrupting command input. |
R1(config-line)#no exec |
Disables the console port if not needed. |
Below is a refined configuration for the console port:
configure terminal
username ilyasa secret securePassword123
line con 0
exec-timeout 5 0
privilege level 15
password ccna
logging synchronous
login local
end