Command: enable secret [password]
Platform: Cisco IOS, IOS XE, NX-OS, ASA, and ISR
Function: Configures a secret password to access the privileged EXEC mode.
Usage:
To configure an enable secret password, use the following syntax:
enable secret [password]
where:
password specifies the secret password. The password can include alphanumeric characters, special characters, and spaces. The default maximum length is 25 characters.
The enable secret password is used to access the privileged EXEC mode. This mode allows you to perform sensitive tasks such as changing the system configuration, managing user accounts, and troubleshooting problems. The secret password provides an extra layer of security by preventing unauthorized access to the privileged EXEC mode.
It is important to choose a strong password that is difficult to guess. You should also change the password regularly to prevent it from being compromised.
Note:
The enable secret password is stored in the configuration file in encrypted form. This means that it cannot be viewed or modified directly. If you need to change the password, you must enter a new password when prompted.
Examples:
enable secret cisco123
This command sets the enable secret password to “cisco123”.
enable secret password 7 15 20 19 12 17 21 17 6 15 1 14 12 18 1 11
This command sets the enable secret password to a hexadecimal-encoded string of the characters “password”.
Additional Information:
- The enable secret password is case-sensitive.
- The enable secret password can be up to 25 characters in length.
- The enable secret password is stored in the configuration file in encrypted form.
- The enable secret password can be changed at any time.
- If you forget the enable secret password, you can recover it using the Cisco password recovery procedure.
enable secret [password] Usage Examples
The Cisco command ‘enable secret [password]’ is used to assign or modify the secret password required for privileged EXEC mode access on Cisco IOS devices. Here are a few examples of how you can use this command:
- Setting an Enable Secret Password:
enable secret cisco123
In this example, the command sets the enable secret password to “cisco123”. This password will now be required to access privileged EXEC mode.
- Modifying the Enable Secret Password:
enable secret newpassword
This command changes the current enable secret password to “newpassword”. The previous password will no longer be valid for privileged EXEC mode access.
- Encrypting the Enable Secret Password:
enable secret 5 $1$aDR9dD$9Gtc0/vbYpW7qqE2pW4Qh0
This command encrypts the enable secret password using the MD5 algorithm and sets it to the specified value. The encrypted password will not be visible in the configuration file.
- Disabling the Enable Secret Password:
enable secret ""
To disable the enable secret password, you can set it to an empty string (“”). This will allow access to privileged EXEC mode without a password.
- Using a Strong Password:
It is highly recommended to use a strong and complex password for the enable secret. Avoid using common words, personal information, or easily guessable patterns.
- Backing Up the Configuration:
After configuring the enable secret password, it is important to back up the device configuration. This will allow you to restore the configuration in case of a password loss or device failure.
- Regular Password Changes:
For added security, it is a good practice to change the enable secret password periodically. This reduces the risk of unauthorized access if the password is compromised.
- Use of MD5 Encryption:
By default, Cisco IOS uses type 5 encryption for the enable secret password. You can also use type 0 encryption (clear text) or type 7 (MD5) encryption. Type 7 encryption is more secure as it encrypts the password using a one-way hash function.
- Using Password Recovery Mechanisms:
Some Cisco devices support password recovery mechanisms such as TACACS+ or RSA tokens. You can configure these mechanisms to allow password recovery in case the enable secret password is lost or forgotten.
- Following Best Practices:
Always follow best practices for secure password management, such as using strong passwords, avoiding reuse of passwords across different devices, and implementing regular password changes.