299
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Administering the Wireless Device
Protecting Access to Privileged EXEC Commands
DETAILED STEPS
The enable password is not encrypted and can be read in the wireless device configuration file.
The following example shows how to change the enable password to l1u2c3k4y5. The password is not
encrypted and provides access to level 15 (standard privileged EXEC mode access):
AP(config)# enable password l1u2c3k4y5
Protecting Enable and Enable Secret Passwords with Encryption
To provide an additional layer of security, particularly for passwords that cross the network or that are
stored on a TFTP server, you can use either the enable password or enable secret command in global
configuration mode. The commands accomplish the same thing; that is, you can establish an encrypted
password that users must enter to access privileged EXEC mode (the default) or any privilege level that
you specify.
We recommend that you use the enable secret command because it uses an improved encryption
algorithm.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
Command Purpose
Step 1
configure terminal Enters global configuration mode.
Step 2
enable password password Defines a new password or changes an existing password for access to
privileged EXEC mode.
The default password is Cisco.
For password, specify a string from 1 to 25 alphanumeric characters. The
string cannot start with a number, is case sensitive, and allows spaces but
ignores leading spaces. It can contain the question mark (?) character if
you precede the question mark with the key combination Crtl-V when you
create the password; for example, to create the password abc?123, do this:
1. Enter abc.
2. Enter Crtl-V.
3. Enter ?123.
When the system prompts you to enter the enable password, you need not
precede the question mark with the Ctrl-V; you can simply enter abc?123
at the password prompt.
Note The characters TAB, ?, $, +, and [ are invalid characters for
passwords.
Step 3
end Returns to privileged EXEC mode.
Step 4
show running-config Verifies your entries.
Step 5
copy running-config startup-config (Optional) Saves your entries in the configuration file.
To Next Page
Loading...
