Access security for the Privilege mode involves being
prompted for a password only if an enable password or enable secret password has been previously defined in Global
Configuration mode. If neither is set, no security allowing any user to view
and/or change the device configuration exists for the Privilege mode. Someone
could even set a password and lock out other users.
The older enable password command followed by
the desired password creates a cleartext entry in the running configuration that
could be viewed by anyone seeing the configuration. The more secure enable secret command followed by the desired password creates an
encrypted entry in the running configuration that can’t be understood by anyone
just seeing the configuration. If both enable password and enable secret are configured, only the enable
secret is used. The enable password is ignored.
The following entries demonstrate both commands, and then use a show run command to display the configuration. All passwords are
case sensitive and should comply with the password policy.
Rtr1#conf t
Rtr1(config)#enable password test
Rtr1(config)#enable secret cisco
Rtr1(config)#^z
Rtr1(config)#show run
!
enable secret 5 $1$4F6c$D5iYCm31ri1cA9WwvAU220
enable password test
Notice the enable secret password can’t be recognized, but
the enable password is easily recognized. If only the enable password had been
set, anyone seeing the configuration could get the password that would let them
reconfigure the router.
Sections
Comments (0 posted)
Syndication
