Clicky

Enable Passwords On Cisco Routers Via Enable Password And Enable Secret

Security is a part of every good technical administrator’s game plan. Luckily the good folks at Cisco have made the task of securitizing a Cisco router fairly straightforward in design- with support given for up to five types of passwords. Taking advantage of these passwords is vital to a network’s internal security, and should be implemented where permitted.

Enable Password – The Most Basic Of Security Features

The two most basic of passwords a Cisco router can provide support for is the enable password and enable secret commands. Depending on the IOS version, administrators will likely only need to setup the enable secret command.

For Cisco routers running IOS versions before version 10.3, enable password is going to be used. It is the outdated version of the two, and we’ll see why it isn’t used in average applications after we enable it. You can enable this basic password following the commands seen below.

Router> enable

Router# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# enable password mypassword

In this example, mypassword is the new password that is going to be set on the router. Try typing exit and navigate to the privileged mode, as seen below.

Router> enable

Password:

You’ll notice that before we can get into privileged mode, we have to enter the password we set earlier. If you followed the above example, you should be able to input mypassword and press Enter. You are now authenticated for privileged mode!

So why don’t we use the enable password command in most cases? The answer is simple: it’s an outdated format that anyone can have ample opportunity to take advantage of. Try following the below steps and note what you see.

Router# show running-config

Building configuration…

Current configuration : 162 bytes

!

version 12.2

no service password-encryption

!

hostname Router

!

!

enable password mypassword

!

As you can see, anyone can see the password in plain view. This is because it is stored as plain text- no encryption is being used! To help cover this vast security hole, Cisco created the enable secret command. As you can probably guess, it makes use of encryption this time around.

Enable Secret – An Evolved Form Of The Previous Example

Encryption can be a tough subject to tackle. But Cisco has made the process of enabling an encrypted password just as easy as the previous example. In fact, we are only changing one word in the process!

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret mypassword

Note that many routers will alert the user at this point if they have made the enable secret and the enable password values the same in terms of the password. Although the message that results is just a warning, and administrators can indeed set both to the same thing (although this is not recommended as it will almost defeat the purpose of the enable secret command).

Now let’s go back to the very beginning, and try logging back into privileged mode once more. We’ll take a look at the running configuration in the below example.

Router# show running-config

Building configuration…

Current configuration : 209 bytes

!

version 12.2

no service password-encryption

!

hostname Router

!

!

enable secret 5 $1$mERr$7sOd0mgRuXYhHwfWsV4QZ/

enable password mypassword

!

Notice how the enable secret password is unreadable, while the outdated command enable password is being displayed in plain view! Obviously, it comes as to no surprise that Cisco decided to do away with the command in order to improve network security.

Closing Comments

We’ve discussed only two of the five different passwords that Cisco allows network administrators to take advantage of. If you’d like to take security a step further, be sure to check out the next section that discusses subjects such as Telnet passwords, console passwords, and even auxiliary passwords!


There Are 14 Responses So Far. »

  1. […] fairly straightforward in design- with support given for up to five types of passwords. Taking advanhttp://learn-networking.com/network-security/enable-passwords-on-cisco-routers-via-enable-password-a…Configure Cisco Port Security on Switches &amp Router interfaceCisco IOS port security feature for […]

  2. Hi

    the article helped to learn a lot thanks for your information.

    This is to inform you that i want to become a cisco professional so kindly give me shortnotes how to calculate the 6th version
    subnetting kindly update me.

    regards

    Joel Prince S.P

    mail id genes_12@yahoo.co.in

  3. hayee!!
    thanks for informations i start my study on cisco routers kindly if u sent me some more notes abot routers i am so thank full to u

  4. Hey ,
    I am studing “Operating Cisco Routers” these days .
    Thanks 4 sharing such information .

  5. Will this work on old Cisco routers?

  6. This information was very helpful. Thanks!!

  7. Can you please send me a comprehensive note on CCNA/CISCO.I want to have a solid foundation of it thanks.

  8. Good and clear explanation of the difference ! It clears up the confusion. Great Job !

    duff

  9. Thanks for sharing this wonderful knowledge..i am doing CCNA in a few days… this will come in handy!

  10. Thanks for showing this idea, it is a good info

  11. Thanks for the explanation. This information is highly useful.

  12. I’m wondering the difference between “enable password 7 mypassword mypassword” and “enable secret mypassword” in running configuration.

  13. when i have configured both enable secret and enable password command, what are the ommand(s) to completely disable the password feature?
    Thank you for your attention

  14. hi,

    great job, better than cisco website , simple to understand .. cheers

Comment on This Article