Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Setting Basic and Enable Password Parameters

    This topic shows how to set up basic passwords and secrets on your router. You cannot create your own encrypted passwords and secrets. You must use encrypted passwords and secrets that the router generates.

    Note: To set up enable passwords, use the commands described in this section. Also, see Setting and Erasing Passwords for additional commands for erasing and monitoring passwords.

    The following topics show how to set up basic passwords and secrets on your router:

    Creating Encrypted Passwords

    This example encrypts password t1meout1 and creates a password for privilege level 10.

    1. Enable and configure the password. The 0 keyword specifies that you are entering an unencrypted password.
      host1(config)#enable password level 10 0 t1meout1
    2. Display the encrypted password.
      host1(config)#exit
      host1#show secret
                     Current Password Settings
                     -------------------------
               encryption         encrypted
      level       type         password/secret         mode
      -----   ------------   --------------------   ----------
      0
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10      7 (password)   dq]XG`,%N"SS7d}o)_?Y   configured
      11      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
      12      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
      13      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
      14      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
      15      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited 

    You or users with high privilege levels can now use the encrypted password, dq]XG`,%N"SS7d}o)_?Y, with the password command.

    Creating Secrets

    This example generates a secret for the password rocket, and creates a secret for privilege level 15.

    1. Enable and configure the secret. The 0 keyword specifies that you are entering an unencrypted secret.
      host1(config)#enable secret level 15 0 rocket
    2. Display the secret.
      host1(config)#exit
      host1#show secret
                    Current Password Settings
                    -------------------------
              encryption        encrypted
      level      type        password/secret         mode
      -----   ----------   --------------------   ----------
      0
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15      5 (secret)   bcA";+1aeJD8)/[1ZDP6   configured 

    You or users with high privilege levels can now use the encrypted password, bcA";+1aeJD8)/[1ZDP6, with the password command.

    Encrypting Passwords in the Configuration File

    You can also direct the system software to encrypt passwords saved in the configuration file by using the service password-encryption command. This command is useful to keep unauthorized individuals from viewing your password in your configuration file. It is important to remember that this command uses a simple cipher and is not intended to protect against serious analysis. You can tell if a string is encrypted if it is preceded by an 8.

    • To encrypt passwords that are saved in the system’s configuration file, issue the service password-encryption command in Global Configuration mode.
      host1(config)#service password-encryption

      Note: The command is not intended to provide protection from serious analysis. This command does not apply to passwords set with enable secret, enable password, or password (Line Configuration mode). This command does apply to authentication key passwords and BGP neighbor passwords.

    The no version removes the encryption assignment.

    Published: 2014-08-12