| CCNA certification is important, and so is | | | | 110D1609071A020217Pretty effective |
| securing our network's Cisco routers! To | | | | encryption! However, if we want to have the |
| reflect the importance of network security, | | | | enable password automatically encrypted, we |
| your CCNA certification exam is likely going | | | | can use the enable secret command. I'll use |
| to contain quite a few questions about the | | | | that command here to set this password to |
| various passwords you can set on a Cisco | | | | "saints", and note that I'm not removing the |
| router. Let's take a look at some of those | | | | previous enable password.R1(config)#enable |
| passwords and when to apply them.If the | | | | secret saintsAfter removing the "service |
| previous user has logged out of the router | | | | password-encryption" command, we're left with |
| properly, you will see a prompt like this | | | | two enable mode passwords, and they appear in |
| when you sit down at the router console:R1 | | | | the Cisco router config like this:enable |
| con0 is now availablePress RETURN to get | | | | password dolphinsenable secret 5 |
| started.R1>To get into enable mode, by | | | | $1$kJB6$fPuVebg7uMnoj5KV4GUKI/If we have two |
| default all I have to do is type | | | | enable passwords, which one should we use to |
| "enable".R1>enableR1#See how the prompt | | | | log into the router? Let's try the first |
| changed? By default, I can now run all the | | | | password, "dolphins", |
| show and debug commands I want, not to | | | | first:R1>enablePassword:Password:When you're |
| mention entering global configuration mode | | | | prompted for the password a second time, you |
| and doing pretty much what I want. It just | | | | know you got it wrong the first time! Let's |
| might be a good idea to password protect this | | | | try |
| mode! We do so with either the enable | | | | "saints":R1>enablePassword:Password:R1#When |
| password command or the enable secret | | | | both the enable secret and enable password |
| command. Let's use the enable password | | | | commands are in use on a Cisco router, the |
| command first.R1(config)#enable password | | | | enable secret password always takes |
| dolphinsNow when I log out and then go back | | | | precedence. "dolphins" didn't get us in, but |
| to enable mode - or try to - I should be | | | | "saints" did. That's valuable information |
| prompted for the password "dolphins". Let's | | | | for both the CCNA certification exam and |
| see what happens.R1>enablePassword:R1#I was | | | | real-world networks, because there's no worse |
| indeed prompted for a password. Cisco | | | | feeling than typing a password at a Cisco |
| routers will not show asterisks or any other | | | | router prompt and then getting another |
| character when you enter a password; in fact, | | | | password prompt!This is just one way to |
| the cursor doesn't even move.The problem with | | | | perform basic Cisco router security with |
| the enable password command is that the | | | | passwords. We'll take a look at other |
| password will show in the configuration in | | | | methods in a future CCNA certification exam |
| clear text, making it easy for someone to | | | | training tutorial!Chris Bryant, CCIE #12933, |
| look over your shoulder and note the password | | | | is the owner of The Bryant Advantage, home of |
| for future use, as shown below:hostname | | | | over 100 free certification exam tutorials, |
| R1!enable password dolphinsWe could use the | | | | including Cisco CCNA certification test prep |
| "service password-encryption" command to | | | | articles. His exclusive Cisco CCNA study |
| encrypt the enable password, but that will | | | | guide and Cisco CCNA training is also |
| also encrypt all the other passwords in the | | | | available!Visit his blog and sign up for |
| Cisco router config. That's not necessarily | | | | Cisco Certification Central, a daily |
| a bad thing! Here's the effect of this | | | | newsletter packed with CCNA, Network+, |
| command on the enable password we set | | | | Security+, A+, and CCNP certification exam |
| earlier.enable password 7 | | | | practice questions! |