IBM 12.1(22)EA6 User Manual
5-4
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 5 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
Protecting Enable and Enable Secret Passwords with Encryption
To provide an additional layer of security, particularly for passwords that cross the network or that are
stored on a TFTP server, you can use either the enable password or enable secret global configuration
commands. Both commands accomplish the same thing; that is, you can establish an encrypted password
that users must enter to access privileged EXEC mode (the default) or any privilege level you specify.
stored on a TFTP server, you can use either the enable password or enable secret global configuration
commands. Both commands accomplish the same thing; that is, you can establish an encrypted password
that users must enter to access privileged EXEC mode (the default) or any privilege level you specify.
We recommend that you use the enable secret command because it uses an improved encryption
algorithm.
algorithm.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
the two commands cannot be in effect simultaneously.
Beginning in privileged EXEC mode, follow these steps to configure encryption for enable and enable
secret passwords:
secret passwords:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
enable password [level level] {password |
encryption-type encrypted-password}
encryption-type encrypted-password}
or
enable secret [level level] {password |
encryption-type encrypted-password}
encryption-type encrypted-password}
Define a new password or change an existing password for
access to privileged EXEC mode.
access to privileged EXEC mode.
or
Define a secret password, which is saved using a
nonreversible encryption method.
nonreversible encryption method.
•
(Optional) For level, the range is from 0 to 15. Level 1 is
normal user EXEC mode privileges. The default level is
15 (privileged EXEC mode privileges).
normal user EXEC mode privileges. The default level is
15 (privileged EXEC mode privileges).
•
For password, specify a string from 1 to 25
alphanumeric characters. The string cannot start with a
number, is case sensitive, and allows spaces but ignores
leading spaces. By default, no password is defined.
alphanumeric characters. The string cannot start with a
number, is case sensitive, and allows spaces but ignores
leading spaces. By default, no password is defined.
•
(Optional) For encryption-type, only type 5, a Cisco
proprietary encryption algorithm, is available. If you
specify an encryption type, you must provide an
encrypted password—an encrypted password you copy
from another Cisco Systems Intelligent Gigabit Ethernet
Switch Module configuration.
proprietary encryption algorithm, is available. If you
specify an encryption type, you must provide an
encrypted password—an encrypted password you copy
from another Cisco Systems Intelligent Gigabit Ethernet
Switch Module configuration.
Note
If you specify an encryption type and then enter a
clear text password, you can not re-enter privileged
EXEC mode. You cannot recover a lost encrypted
password by any method.
clear text password, you can not re-enter privileged
EXEC mode. You cannot recover a lost encrypted
password by any method.
Step 3
service password-encryption
(Optional) Encrypt the password when the password is
defined or when the configuration is written.
defined or when the configuration is written.
Encryption prevents the password from being readable in the
configuration file.
configuration file.
Step 4
end
Return to privileged EXEC mode.
Step 5
copy running-config startup-config
(Optional) Save your entries in the configuration file.