no enable password

Unanswered Question
Dec 30th, 2008
User Badges:

I am applying certain security policies from given template such as


1. enable secret <password>

2. no enable password


Due to #2, I couldn't telnet into the device anymore. Is anything additional required.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 12/30/2008 - 10:47
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Where does it fail when you try to telnet. You should be fine without the enable password but you still the password configured on the vty's.


Jon

cisco_lite Tue, 12/30/2008 - 11:08
User Badges:


I would like to correct my first post.


I can telnet into the device (Cat6500), but when I do 'enable' it says 'No password set'.


I believe the vty password is intact thats why I can successfully telnet into the device.


Can 'no enable password' remove the 'enable secret ' by any chance.

viyuan700 Tue, 12/30/2008 - 16:59
User Badges:
  • Silver, 250 points or more

Can 'no enable password' remove the 'enable secret ' by any chance


yes u need a enable passowrd.

Edison Ortiz Tue, 12/30/2008 - 17:11
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Can 'no enable password' remove the 'enable secret ' by any chance


yes u need a enable passowrd.


Really?


R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#enable password cisco

R1(config)#do show run | i enable

enable password cisco

R1(config)#enable secret cisco123

R1(config)#no enable password

R1(config)#do show run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1

R1(config)#exit




R1 con0 is now available






Press RETURN to get started.













R1>en

Password:

R1#sh run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1

R1#



__


Edison.

Richard Burts Tue, 12/30/2008 - 20:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I believe that Vishwamurti must have understood the original question much differently than Edison and I did.


Edison is quite right: the operation of enable password and of enable secret are entirely independent. Removing enable password will NOT remove enable secret. If the 6500 is giving an error about no enable password then the enable password was removed and there is no enable secret. Either the enable secret was overlooked in the original configuration or there was a keystoke error that produced a syntax error in the attempt to configure enable secret. But the generation of that error message indicates that neither the enable password nor the enable secret are configured.


HTH


Rick

finotti_br Mon, 12/19/2016 - 04:39
User Badges:

The answer is that when you disable "enable password" after configure an "enable secret" you will just get access in line vty with SSH transport to achieve EXEC mode using enable secret. No telnet is permitted anymore after thus configuration. I think this kind of thing is to secure more strongly because "enable password" has a weak encryption.

Actions

This Discussion