@Dale-Ackerman said in CCENT Basic router configuration:
On basic switch and router configuration, I have a few questions:
- Is it necessary or is there a good reason to use the "enable password" command as opposed to "enable secret" command"?
There is no real good reason to just use enable password unless you need the password to be read in the startup-config. You may just so that you can lookup up the password from a backup of the config.
Are you just showing it as a command to know, but not necessarily use?
Yes, just showing the password command. it's part of understanding the options that are available. Remember you can still encrypt the enable password but only with a level 7 encryption and that's not much encryption if you used service password-encryption
- Is the SSH version 2 command necessary after generation of the key? I thought the SSH ver that is reflected in logs would be good enough?
Yes or No, to the first question. Respectively, if you want to ensure that SSHv2 is only used, then the ip ssh version2 is necessary; if you allow both SSHv1 and SSHv2 to be used, then it's not.
- The CCENT lab has us setting up the SSH connection so that it immediately enters into Privileged mode. What if I want the SSH connection to enter into User mode and require them to enter the enable password if they need to gain further access?
Usually, when you setup username Ronnie password cisco123, this gives you the ability to use basic local username/password database. Then when you use enable secret cisco123 and go to your line con 0 or line vty 0 15 and used local login command, you can then exit all the way out or drop the console connection and connect back. That should give you the ability to do what you want.
Thanks
