@Dale-Ackerman said in CCENT Basic router configuration:
On basic switch and router configuration, I have a few questions:
- Is it necessary or is there a good reason to use the "enable password" command as opposed to "enable secret" command"?
There is no real good reason to just use enable password unless you need the password to be read in the startup-config. You may just so that you can lookup up the password from a backup of the config.
Are you just showing it as a command to know, but not necessarily use?
Yes, just showing the password command. it's part of understanding the options that are available. Remember you can still encrypt the enable password but only with a level 7 encryption and that's not much encryption if you used
- Is the SSH version 2 command necessary after generation of the key? I thought the SSH ver that is reflected in logs would be good enough?
Yes or No, to the first question. Respectively, if you want to ensure that SSHv2 is only used, then the
ip ssh version2 is necessary; if you allow both SSHv1 and SSHv2 to be used, then it's not.
- The CCENT lab has us setting up the SSH connection so that it immediately enters into Privileged mode. What if I want the SSH connection to enter into User mode and require them to enter the enable password if they need to gain further access?
Usually, when you setup
username Ronnie password cisco123, this gives you the ability to use basic local username/password database. Then when you use
enable secret cisco123 and go to your
line con 0 or
line vty 0 15 and used
local login command, you can then exit all the way out or drop the console connection and connect back. That should give you the ability to do what you want.