How to Secure your Cisco Router

Below shows a number of commands that you can use for securing your Cisco router.

Block Denied Logins – Useful for delaying denied logins when someone is trying to brute force your router.

(config)# login block-for [seconds] attempts [attempts] within [seconds]

Quiet Login – Allows you to still login once the router has blocked login attempts because of the above. A permitted list is created via the ACL.

(config)# login quiet-mode access-class [acl]

Login Delay – Adds a delay at the point of your login being unsuccessful.

(config)# login delay [seconds]

Login Logging – Generates a log after a certain amount of failed or successful attempts.

(config)# login on-failure log  [#]
(config)# login on-success log [#]

Min Password Length – Ensures that any new password created on the router meets a minimum password length.

(config)# security password min-length [number of characters]

Set Timeout – Sets a time out period for your line (con / vty).

(config-line)# exec-timeout [min/hour] [time]

Encrypt Passwords – Encrypts all passwords within your routers config.

(config) # service password-encryption
Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial