ENABLE PASSWORD:
We use enable password when we move from user EXEC mode to Privileged mode. The privileged EXEC mode allows full access to a Cisco switch\router. This mode gives the opportunity to view as well as change the configuration. Enable password gets stored in a plain text in the configuration file unless you encrypt it.
Setting the Enable Password:
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable password ABCDABCD
Switch(config)#exit
The enable password is not encrypted; it still shows as ABCDABCD in the configuration file.
Switch#sh running-config
hostname Switch
!
enable password ABCDABCD
!
interface FastEthernet0/1
!
ENABLE SECRET PASSWORD
Enable password uses a weak encryption algorithm. To overcome this situation, we use enable secret password on the device. When both enable password and enable secret password are configured, enable secret password is used to move from User EXEC mode to Privileged EXEC mode.
Setting Enable Secret Password:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable secret 123456ABC
At this point enable secret password is encrypted by default but the enable password is not encrypted:
Switch#sh running-config
enable secret 5 $1$mERr$quAFREnXAiXqp0qlK/h8d/
enable password ABCDABCD
Now to encrypt all the passwords in the configuration file, we can use “service password-encryption” command.
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#service password-encryption
Switch(config)#end
Switch#
To check if the enable password is encrypted as well, run the below command:
Switch#sh run
Building configuration…
hostname Switch
!
enable secret 5 $1$mERr$quAFREnXAiXqp0qlK/h8d/
enable password 7 08006E6D2D38273436
At this moment both the passwords are encrypted now.