| CCNA certification is important, and so is securing | | | | password 7 110D1609071A020217Pretty effective |
| our network's Cisco routers! To reflect the | | | | encryption! However, if we want to have the |
| importance of network security, your CCNA | | | | enable password automatically encrypted, we can |
| certification exam is likely going to contain quite a | | | | use the enable secret command. I'll use that |
| few questions about the various passwords you | | | | command here to set this password to "saints", |
| can set on a Cisco router. Let's take a look at | | | | and note that I'm not removing the previous |
| some of those passwords and when to apply | | | | enable password.R1(config)#enable secret |
| them.If the previous user has logged out of the | | | | saintsAfter removing the "service |
| router properly, you will see a prompt like this | | | | password-encryption" command, we're left with |
| when you sit down at the router console:R1 con0 | | | | two enable mode passwords, and they appear in |
| is now availablePress RETURN to get | | | | the Cisco router config like this:enable password |
| started.R1>To get into enable mode, by default all | | | | dolphinsenable secret 5 |
| I have to do is type "enable".R1>enableR1#See | | | | $1$kJB6$fPuVebg7uMnoj5KV4GUKI/If we have |
| how the prompt changed? By default, I can now | | | | two enable passwords, which one should we use |
| run all the show and debug commands I want, | | | | to log into the router? Let's try the first |
| not to mention entering global configuration mode | | | | password, "dolphins", |
| and doing pretty much what I want. It just might | | | | first:R1>enablePassword:Password:When you're |
| be a good idea to password protect this mode! | | | | prompted for the password a second time, you |
| We do so with either the enable password | | | | know you got it wrong the first time! Let's try |
| command or the enable secret command. Let's | | | | "saints":R1>enablePassword:Password:R1#When |
| use the enable password command | | | | both the enable secret and enable password |
| first.R1(config)#enable password dolphinsNow | | | | commands are in use on a Cisco router, the |
| when I log out and then go back to enable mode | | | | enable secret password always takes precedence. |
| - or try to - I should be prompted for the | | | | "dolphins" didn't get us in, but "saints" did. That's |
| password "dolphins". Let's see what | | | | valuable information for both the CCNA |
| happens.R1>enablePassword:R1#I was indeed | | | | certification exam and real-world networks, |
| prompted for a password. Cisco routers will not | | | | because there's no worse feeling than typing a |
| show asterisks or any other character when you | | | | password at a Cisco router prompt and then |
| enter a password; in fact, the cursor doesn't | | | | getting another password prompt!This is just one |
| even move.The problem with the enable | | | | way to perform basic Cisco router security with |
| password command is that the password will | | | | passwords. We'll take a look at other methods in |
| show in the configuration in clear text, making it | | | | a future CCNA certification exam training |
| easy for someone to look over your shoulder and | | | | tutorial!Chris Bryant, CCIE #12933, is the owner of |
| note the password for future use, as shown | | | | The Bryant Advantage, home of over 100 free |
| below:hostname R1!enable password dolphinsWe | | | | certification exam tutorials, including Cisco CCNA |
| could use the "service password-encryption" | | | | certification test prep articles. His exclusive Cisco |
| command to encrypt the enable password, but | | | | CCNA study guide and Cisco CCNA training is also |
| that will also encrypt all the other passwords in | | | | available!Visit his blog and sign up for Cisco |
| the Cisco router config. That's not necessarily a | | | | Certification Central, a daily newsletter packed |
| bad thing! Here's the effect of this command on | | | | with CCNA, Network+, Security+, A+, and CCNP |
| the enable password we set earlier.enable | | | | certification exam practice questions! |