The CCNA Exam focuses on making sure you really understand how to configure Cisco routers and switches and not just memorize answers to multiple choice questions. So in order to help you understand how to configure Cisco Equipment I built Networkcraft – The Online Network Simulator along with these labs that I’m writing to walk you through the process. Feel free to use the terminal window below to complete this lab or if you have an actual Cisco router you can use that as well (just make sure it isn’t currently being used in a live environment).
In the previous lab we learned about how to change the name of your router so that you don’t confuse it with another router on your network and we also learned how to set the enable password.
If you have not done Lab 01 yet, or are not familiar with setting the hostname, I recommend you start there first.
In this lab we are going to learn how to set the “Enable Secret Password”. Unlike the “Enable Password” the “Enable Secret Password” is not stored in plain text. What this means is that someone looking at the configuration of your router will not be able to visually see what your password is because it is encrypted.
Using the “Enable Secret” command is the proper way to set the password on your router and should always be used over the “Enable Password” command. As you will see later in this lab if you already have an “Enable Password” set and you also set an “Enable Secret” password the “Enable Secret” password will always take precedence.
In the above terminal window you should have a fresh configuration, if not go ahead and click on the “restart” link above to clear out any of the configuration data.
Step 1: Get Into Configuration Mode
Before we can set the “Enable Secret” password we need to get into configuration mode. To do this type the following two commands:
Step 2: Using the Enable Secret Command
Now that we are in configuration mode we are going to set the “Enable Secret” password by typing in: ‘enable secret’ followed by the password of your choice. In this example we are going to set the password to: ‘ccna’. Here is how your terminal should look:
Router(config)#enable secret ccna
Step 3: Testing our password
To test that our password works type in the following two commands to back out of enable mode:
Your terminal prompt should now look like ‘Router>’. Now let’s go back into enable mode and type in the password we just set (hint: ccna):
Step 4: Look at The Running Configuration
Now that we are back into enable mode let’s go ahead and look at our running configuration. To do this type in the ‘sh run’ command:
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable secret 5 dfeaf10390e560aea745ccba53e044ed
The above output shows part of your running configuration currently on your router. If you look at the line that starts with “enable secret” you will see that it shows the encrypted version of the password we just set. This means that anybody who has access to your router configuration won’t be able to see what the enable secret password is.
Step 5: The “enable secret” password will always take precedence
The “enable secret” password will always take precedence over the “enable password” password. To test this out let’s set the “enable password” and then try and login again. Type in the following commands to test this theory:
Router(config)#enable password cisco
As you can see from the above commands and output the ‘cisco’ password didn’t work and we had to use the ‘ccna’ password to get into enable mode.
Enable Secret Command Video Tutorial
This concludes the CCNA Lab 02: Securing Your Router with the Enable Secret Command and stay tuned for the next lab where we will configure the telnet and console passwords.
If you have any questions about the lab please post a commend below or feel free to email me using my email listed on the about page. I wish you success in your CCNA studies and thanks for your support!