Security is a part of every good technical administrator’s game plan. Luckily the good folks at Cisco have made the task of securitizing a Cisco router fairly straightforward in design- with support given for up to five types of passwords. Taking advantage of these passwords is vital to a network’s internal security, and should be implemented where permitted.
Enable Password – The Most Basic Of Security Features
The two most basic of passwords a Cisco router can provide support for is the enable password and enable secret commands. Depending on the IOS version, administrators will likely only need to setup the enable secret command.
For Cisco routers running IOS versions before version 10.3, enable password is going to be used. It is the outdated version of the two, and we’ll see why it isn’t used in average applications after we enable it. You can enable this basic password following the commands seen below.
Router> enable
Router# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# enable password mypassword
In this example, mypassword is the new password that is going to be set on the router. Try typing exit and navigate to the privileged mode, as seen below.
Router> enable
Password:
You’ll notice that before we can get into privileged mode, we have to enter the password we set earlier. If you followed the above example, you should be able to input mypassword and press Enter. You are now authenticated for privileged mode!
So why don’t we use the enable password command in most cases? The answer is simple: it’s an outdated format that anyone can have ample opportunity to take advantage of. Try following the below steps and note what you see.
Router# show running-config
Building configuration…
Current configuration : 162 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
enable password mypassword
!
As you can see, anyone can see the password in plain view. This is because it is stored as plain text- no encryption is being used! To help cover this vast security hole, Cisco created the enable secret command. As you can probably guess, it makes use of encryption this time around.
Enable Secret – An Evolved Form Of The Previous Example
Encryption can be a tough subject to tackle. But Cisco has made the process of enabling an encrypted password just as easy as the previous example. In fact, we are only changing one word in the process!
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret mypassword
Note that many routers will alert the user at this point if they have made the enable secret and the enable password values the same in terms of the password. Although the message that results is just a warning, and administrators can indeed set both to the same thing (although this is not recommended as it will almost defeat the purpose of the enable secret command).
Now let’s go back to the very beginning, and try logging back into privileged mode once more. We’ll take a look at the running configuration in the below example.
Router# show running-config
Building configuration…
Current configuration : 209 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
enable secret 5 $1$mERr$7sOd0mgRuXYhHwfWsV4QZ/
enable password mypassword
!
Notice how the enable secret password is unreadable, while the outdated command enable password is being displayed in plain view! Obviously, it comes as to no surprise that Cisco decided to do away with the command in order to improve network security.
Closing Comments
We’ve discussed only two of the five different passwords that Cisco allows network administrators to take advantage of. If you’d like to take security a step further, be sure to check out the next section that discusses subjects such as Telnet passwords, console passwords, and even auxiliary passwords!
Hi
the article helped to learn a lot thanks for your information.
This is to inform you that i want to become a cisco professional so kindly give me shortnotes how to calculate the 6th version
subnetting kindly update me.
regards
Joel Prince S.P
mail id [email protected]
hayee!!
thanks for informations i start my study on cisco routers kindly if u sent me some more notes abot routers i am so thank full to u
Hey ,
I am studing “Operating Cisco Routers” these days .
Thanks 4 sharing such information .
Will this work on old Cisco routers?
This information was very helpful. Thanks!!
Can you please send me a comprehensive note on CCNA/CISCO.I want to have a solid foundation of it thanks.
Good and clear explanation of the difference ! It clears up the confusion. Great Job !
duff
Thanks for sharing this wonderful knowledge..i am doing CCNA in a few days… this will come in handy!
Thanks for showing this idea, it is a good info
Thanks for the explanation. This information is highly useful.
I’m wondering the difference between “enable password 7 mypassword mypassword” and “enable secret mypassword” in running configuration.
when i have configured both enable secret and enable password command, what are the ommand(s) to completely disable the password feature?
Thank you for your attention
hi,
great job, better than cisco website , simple to understand .. cheers
the enable password and the secret password should not be same