no enable password

Unanswered Question
Dec 30th, 2008

I am applying certain security policies from given template such as

1. enable secret <password>

2. no enable password

Due to #2, I couldn't telnet into the device anymore. Is anything additional required.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 12/30/2008 - 10:47

Where does it fail when you try to telnet. You should be fine without the enable password but you still the password configured on the vty's.


cisco_lite Tue, 12/30/2008 - 11:08

I would like to correct my first post.

I can telnet into the device (Cat6500), but when I do 'enable' it says 'No password set'.

I believe the vty password is intact thats why I can successfully telnet into the device.

Can 'no enable password' remove the 'enable secret ' by any chance.

viyuan700 Tue, 12/30/2008 - 16:59

Can 'no enable password' remove the 'enable secret ' by any chance

yes u need a enable passowrd.

Edison Ortiz Tue, 12/30/2008 - 17:11

Can 'no enable password' remove the 'enable secret ' by any chance

yes u need a enable passowrd.


R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#enable password cisco

R1(config)#do show run | i enable

enable password cisco

R1(config)#enable secret cisco123

R1(config)#no enable password

R1(config)#do show run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1


R1 con0 is now available

Press RETURN to get started.



R1#sh run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1




Richard Burts Tue, 12/30/2008 - 20:05

I believe that Vishwamurti must have understood the original question much differently than Edison and I did.

Edison is quite right: the operation of enable password and of enable secret are entirely independent. Removing enable password will NOT remove enable secret. If the 6500 is giving an error about no enable password then the enable password was removed and there is no enable secret. Either the enable secret was overlooked in the original configuration or there was a keystoke error that produced a syntax error in the attempt to configure enable secret. But the generation of that error message indicates that neither the enable password nor the enable secret are configured.



finotti_br Mon, 12/19/2016 - 04:39

The answer is that when you disable "enable password" after configure an "enable secret" you will just get access in line vty with SSH transport to achieve EXEC mode using enable secret. No telnet is permitted anymore after thus configuration. I think this kind of thing is to secure more strongly because "enable password" has a weak encryption.


This Discussion