Question

Enable Secret, Enable Password

Asked by: yolunga2000

Is it possible to have a configuration that works with both? Whats the meaning of it? i have a router with the following conf.....whats the secruity implications? I see there is the type 7 passwords but there is also type 5. can you have both?

User Access Verification

Username: xxxxxxxx
Password:
xxxxxxxx#show run
xxxxxxxx#show running-config
Building configuration...

Current configuration : 19300 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log datetime
service password-encryption
!
hostname xxxxxxxx
!
boot-start-marker
boot system flash c3845-advipservicesk9-mz.124-10a.bin
boot-end-marker
!
security passwords min-length 6
enable secret 5 $1$DqHV$SqRyK1KBEjnWyzm0up0q11
!
no aaa new-model
no network-clock-participate slot 1
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip bootp server
!
voice-card 0
 no dspfarm
!
username xxxxxxxx privilege 15 password 7 020B054F180F0420
username xxxxxxxx privilege 6 password 7 08014F4C130F0C1205
username xxxxxxxx privilege 15 password 7 095F5B0711121641595D
!
!
no ip http server
ip http authentication local
no ip http secure-server
!
logging trap debugging
logging facility local3
logging 140.2.5.253
access-list 12 permit xx.xx.xx.xx
access-list 15 permit xx.xx.xx.xx 0.0.0.255
snmp-server engineID local 0000000011AA
snmp-server group XXX v3 auth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF0F access 12
snmp-server group XXX v3 auth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server community public RO
snmp-server host xx.x.x.x. version 3 auth solaradmin

snmp mib community-map  public engineid 8000000903000017590E8C20
!
control-plane
!
privilege exec level 6 traceroute
privilege exec level 6 ping
privilege exec level 6 show ip route
privilege exec level 6 show ip
privilege exec level 6 show interfaces
privilege exec level 6 show running-config
privilege exec level 6 show
privilege exec level 6 debug ip
privilege exec level 6 debug
!
line con 0
 password 7 094F471A1A0A
 login
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 access-class 15 in
 privilege level 15
 password 7 02050C4E080D16
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-01-17 at 03:41:40ID24060374
Topic

Network Security

Participating Experts
1
Points
50
Comments
5

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Cisco Enable Secret Password
    I need access to one of my routers. We are running BGP, so we cannot affort to use the password recovery procedures and drop the router. We do have however, the last config for the router. I want to know if there is an application or web site that I can type in the string...
  2. very high ARP request incomplete
    hi we have problem with our router 2600 cisco,ADSL router its hungging or reboot alone we have a high request of ARP and i think that this the problem. we have 3 cisco router and microteck router in one vlan in switch the show arp command give us so many ip adress which we d...
  3. MRTG Incorrect bandwith with IOS SNMP Traps
    I am monitoring the bandwith utilisation with MRTG. The bandwidth is supposed to be 6Mbps, but MRTG is only showing 1B. I believe the MRTG settings are correct, but I don't know if I got my SNMP config right. Please advise: Cisco 2811: ------------- version 12.3 service ti...
  4. sho arp doesn't show mac-address and sho mac-addr…
    I have 3 Cisco 3750 switches that are connected via trunk links to each other. When I do: ping 172.31.6.11 sho arp on 1 of my switches it doesn't even show the ip and the coresponding mac-address. This particular host is physically plugged into port 10 on that switch. on...
  5. secret password
    I have two kind of switches 3500 series and 2950 series. both of them have enable or secret password I don't know the password and I'm using the console line how can I access the configuration mode?
  6. Enable Secret Password Encryption
    While changing the enable password on my Cisco 3550, I accidentally left of the numeral for the encryption level. What I meant to type is: enable secret 0 <new password> But what I typed is: enable secret <new password> I followed that with: service-password en...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: yolunga2000Posted on 2009-01-17 at 03:51:50ID: 23400512

Just to add......i hear that enable secret takes precedence over enable password. So in the above conf.....does it mean that the users with type 7 passwords wont be able to login?

 

by: lrmoorePosted on 2009-01-17 at 17:48:07ID: 23403330

Yes, enable secret takes precedence over enable.
In your case, users  still have individual access, but if they are prompted for the enable password, they have to use the enable secret password.

User level access is not related to privileged mode (enable) access

 

by: yolunga2000Posted on 2009-01-18 at 22:20:16ID: 23408499

Thanks Irmoore. I think im lost. What is the enable password? Is it like a root password in linux? Does it mean that users will not log in with their passwords(the ones that appear hashed in the config file)? Say my username is munya and my password is munya. I login with username: munya pword: munya Is there anyother password?
From what you are saying does it mean all users will be using 1 password? from the config i see only 1 enable secret password hash.
Please enlighten me. Clearly i have no clue.
NB. I hear that type 7 passwords are not safe because they can be easily decrypted. What can be done to make users passwords be encrypted using the type 5 (enable secret)?

 

by: lrmoorePosted on 2009-01-19 at 07:01:01ID: 23411076

Users log in to the router using their local username and password.
They are then at "user" level access to whatever their privilege level is.
Yes, "enable" is like root. A user can go from their user level to root level mode if they know the enable secret password.
Yes, type 7 is easily decrypted. Enable secret always uses type 5 which has not yet been cracked.
Yes, you can have usernames with type 5 password encryption. Use the word "secret" in place of "password":

username xxxxxxxx privilege 15 secret <secretpass>

Here's the sequence. You can tell the mode by the prompt:
Telnet to the router
Username: xxxxxx
password:xxxxx
router> (limited user mode)
router>enable
Password:secretpass
router# <full privilege mode>

 

by: yolunga2000Posted on 2009-01-19 at 07:24:49ID: 23411354

Well explained and understood. Thank you very much.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...