How to Secure your Cisco Router

Below shows a number of commands that you can use for securing your Cisco router.

Block Denied Logins - Useful for delaying denied logins when someone is trying to brute force your router.

(config)# login block-for [seconds] attempts [attempts] within [seconds]

Quiet Login - Allows you to still login once the router has blocked login attempts because of the above. A permitted list is created via the ACL.

(config)# login quiet-mode access-class [acl]

Login Delay - Adds a delay at the point of your login being unsuccessful.

(config)# login delay [seconds]

Login Logging - Generates a log after a certain amount of failed or successful attempts.

(config)# login on-failure log  [#]
(config)# login on-success log [#]

Min Password Length - Ensures that any new password created on the router meets a minimum password length.

(config)# security password min-length [number of characters]

Set Timeout - Sets a time out period for your line (con / vty).

(config-line)# exec-timeout [min/hour] [time]

Encrypt Passwords - Encrypts all passwords within your routers config.

(config) # service password-encryption

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001