Configuring the Enable and Enable Secret Passwords
To provide an additional layer of security, particularly for passwords that cross the network or are stored on
a TFTP server, you can use either the enable password command or enable secret command. Both commands
accomplish the same thing—they allow you to establish an encrypted password that users must enter to access
privileged EXEC (enable) mode.
We recommend that you use the enable secret command because it uses an improved encryption algorithm.
For more information, see the “Configuring Passwords and Privileges” chapter in the Cisco IOS Security
Configuration Guide . Also see the Cisco IOS Password Encryption Facts tech note and the Improving Security
on Cisco Routers tech note.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
Note
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
enable secret password
4.
end
5.
enable
6.
end
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.enable
Step 1
Example:
Router> enable
•
Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:
Router# configure terminal
Step 2
Specifies an additional layer of security over the enable
password command.
enable secret password
Example:
Router(config)# enable secret greentree
Step 3
Cisco ASR 1001-X Router Hardware Installation Guide
56
Cisco ASR 1001-X Router Power Up and Initial Configuration
Using the Cisco IOS-XE CLI--Manual Configuration