Home » Cisco Switch Passwords: Enable and Secret

Cisco Switch Passwords: Enable and Secret

  • by

Several types of passwords can be configured on a Cisco router, such as the enable password, the secret password for Telnet and SSH connections and the console port as well. All these password locations represent good access locations for passwords, but if you have only one password on only one access location, you should at least have an enable password.

Add new user

this command below will create user with encrypted password

username devninja secret yourpassword

Setting the enable password

You use the enable password every time you move from User EXEC mode to Privileged EXEC mode. This password gives you security on your router, because Privileged EXEC mode is where all the dangerous commands are located, including access to Global Configuration mode. To set an enable password, use the following command:

Router2>enable
Router2#configure terminal
Router2(config)#enable password mypassword

This command creates an enable password that is stored in your configuration file. To view this password, show the running configuration using the following command:

Router2>enable
Password:
Router2#show running-config | include enable password
enable password mypassword

You may immediately see the problem here. The password is stored in plain text in your configuration file, thus anyone who has access to your configuration file can easily read the password.

Setting the secret password

Cisco’s solution to the enable password’s inherent problem was to create a new type of password called the secret password. When you configure both an enable and a secret password, the secret password is the password that will be used to switch from User Exec mode to Priv Exec mode. The following code sets both passwords for your router:

Router2>enable
Router2#configure terminal
Router2(config)#enable password mypassword
Router2(config)#enable secret mysecretpassword

To see your enable passwords in your configuration, use the following command:

Router2>enable
Password:
Router2#show running-config | include enable
enable secret 5 $1$BSX4$FZp.ZFvYSAGUEDn8dvr140
enable password mypassword
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

one × 5 =