Chapter 3
Configuring the Cisco 7600 Series Router for the First Time
Protecting Access to Privileged EXEC Commands
The following tasks provide a way to control access to the system configuration file and privileged
EXEC commands:
•
•
•
•
•
•
Setting or Changing a Static Enable Password
To set or change a static password that controls access to the privileged EXEC mode, perform this task:
Command
Router(config)# enable password password
This example shows how to configure an enable password as "lab" at the privileged EXEC mode:
Router# configure terminal
Router(config)# enable password lab
Router(config)#
To display the password or access level configuration, see the
and Privilege Level Configuration" section on page
Using the enable password and enable secret Commands
To provide an additional layer of security, particularly for passwords that cross the network or that are
stored on a TFTP server, you can use either the enable password or enable secret commands. Both
commands configure an encrypted password that you must enter to access enable mode (the default) or
to access a specified privilege level. We recommend that you use the enable secret command.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
To configure the router to require an enable password, perform either of these tasks:
Command
Router(config)# enable password [level level]
{password | encryption-type encrypted-password}
Router(config)# enable secret [level level] {password
| encryption-type encrypted-password}
78-14064-04
Setting or Changing a Static Enable Password, page 3-15
Using the enable password and enable secret Commands, page 3-15
Setting or Changing a Line Password, page 3-16
Setting TACACS+ Password Protection for Privileged EXEC Mode, page 3-16
Encrypting Passwords, page 3-17
Configuring Multiple Privilege Levels, page 3-17
Purpose
Sets a new password or changes an existing password for the
privileged EXEC mode.
3-19.
Purpose
Establishes a password for the privileged EXEC mode.
Specifies a secret password, saved using a nonreversible
encryption method. (If enable password and enable secret
commands are both set, users must enter the enable secret
password.)
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
Protecting Access to Privileged EXEC Commands
"Displaying the Password, Access Level,
3-15