TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Setting Basic and Enable Password Parameters

This topic shows how to set up basic passwords and secrets on your router. You cannot create your own encrypted passwords and secrets. You must use encrypted passwords and secrets that the router generates.

Note: To set up enable passwords, use the commands described in this section. Also, see Setting and Erasing Passwords for additional commands for erasing and monitoring passwords.

The following topics show how to set up basic passwords and secrets on your router:

Creating Encrypted Passwords

This example encrypts password t1meout1 and creates a password for privilege level 10.

Enable and configure the password. The 0 keyword specifies that you are entering an unencrypted password.
host1(config)#enable password level 10 0 t1meout1

Display the encrypted password.

host1(config)#exit
host1#show secret
               Current Password Settings
               -------------------------
         encryption         encrypted
level       type         password/secret         mode
-----   ------------   --------------------   ----------
0
1
2
3
4
5
6
7
8
9
10      7 (password)   dq]XG`,%N"SS7d}o)_?Y   configured
11      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
12      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
13      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
14      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
15      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited

You or users with high privilege levels can now use the encrypted password, dq]XG`,%N"SS7d}o)_?Y, with the password command.

Creating Secrets

This example generates a secret for the password rocket, and creates a secret for privilege level 15.

Enable and configure the secret. The 0 keyword specifies that you are entering an unencrypted secret.
host1(config)#enable secret level 15 0 rocket

Display the secret.

host1(config)#exit
host1#show secret
              Current Password Settings
              -------------------------
        encryption        encrypted
level      type        password/secret         mode
-----   ----------   --------------------   ----------
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15      5 (secret)   bcA";+1aeJD8)/[1ZDP6   configured

You or users with high privilege levels can now use the encrypted password, bcA";+1aeJD8)/[1ZDP6, with the password command.

Encrypting Passwords in the Configuration File

You can also direct the system software to encrypt passwords saved in the configuration file by using the service password-encryption command. This command is useful to keep unauthorized individuals from viewing your password in your configuration file. It is important to remember that this command uses a simple cipher and is not intended to protect against serious analysis. You can tell if a string is encrypted if it is preceded by an 8.

To encrypt passwords that are saved in the system’s configuration file, issue the service password-encryption command in Global Configuration mode.

host1(config)#service password-encryption

Note: The command is not intended to provide protection from serious analysis. This command does not apply to passwords set with enable secret, enable password, or password (Line Configuration mode). This command does apply to authentication key passwords and BGP neighbor passwords.

The no version removes the encryption assignment.