Using The Enable Password And Enable Secret Commands - Cisco Catalyst 4500 Series Configuration Manual

Controlling Access to Privileged EXEC Commands

Using the enable password and enable secret Commands

To provide an additional layer of security, particularly for passwords that cross the network or that are
stored on a TFTP server, use either the enable password or enable secret command. Both commands
configure an encrypted password that you must enter to access the enable mode (the default) or any other
privilege level that you specify.
We recommend that you use the enable secret command.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
To configure the switch to require an enable password, enter one of these commands:
Command
Switch(config)# enable password [level
level] {password | encryption-type
encrypted-password}
Switch(config)# enable secret [level
level] {password | encryption-type
encrypted-password}
When you enter either of these password commands with the level option, you define a password for a
specific privilege level. After you specify the level and set a password, give the password only to users
who need to have access at this level. Use the privilege level configuration command to specify
commands accessible at various levels.
If you enable the service password-encryption command, the password you enter is encrypted. When
you display the password with the more system:running-config command, the password displays the
password in encrypted form.
If you specify an encryption type, you must provide an encrypted password—an encrypted password you
copy from another Catalyst 4500 series switch configuration.
Note You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the
"Recovering a Lost Enable Password" section on page 3-25
For information on how to display the password or access level configuration, see the
Password, Access Level, and Privilege Level Configuration" section on page
Setting or Changing a Privileged Password
To set or change a privileged password, enter this command:
Command
Switch(config-line)# password password
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
3-14
Chapter 3 Configuring the Switch for the First Time
Purpose
Establishes a password for the privileged EXEC
mode.
Specifies a secret password that is saved using a
nonreversible encryption method. (If
enable password and enable secret commands are
both set, users must enter the enable secret
password.)
for more information.
Purpose
Sets a new password or changes an existing
password for the privileged level.
"Displaying the
3-24.
OL-25340-01