cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
55321
Views
0
Helpful
7
Replies

no enable password

cisco_lite
Level 1
Level 1

I am applying certain security policies from given template such as

1. enable secret <password>

2. no enable password

Due to #2, I couldn't telnet into the device anymore. Is anything additional required.

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Where does it fail when you try to telnet. You should be fine without the enable password but you still the password configured on the vty's.

Jon

ropethic
Level 4
Level 4

you are probably getting the following, password required none set.

you need to set a line password

see the following:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products_configuration_example09186a0080204528.shtml

I would like to correct my first post.

I can telnet into the device (Cat6500), but when I do 'enable' it says 'No password set'.

I believe the vty password is intact thats why I can successfully telnet into the device.

Can 'no enable password' remove the 'enable secret ' by any chance.

Can 'no enable password' remove the 'enable secret ' by any chance

yes u need a enable passowrd.

Can 'no enable password' remove the 'enable secret ' by any chance

yes u need a enable passowrd.

Really?

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#enable password cisco

R1(config)#do show run | i enable

enable password cisco

R1(config)#enable secret cisco123

R1(config)#no enable password

R1(config)#do show run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1

R1(config)#exit

R1 con0 is now available

Press RETURN to get started.

R1>en

Password:

R1#sh run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1

R1#

__

Edison.

I believe that Vishwamurti must have understood the original question much differently than Edison and I did.

Edison is quite right: the operation of enable password and of enable secret are entirely independent. Removing enable password will NOT remove enable secret. If the 6500 is giving an error about no enable password then the enable password was removed and there is no enable secret. Either the enable secret was overlooked in the original configuration or there was a keystoke error that produced a syntax error in the attempt to configure enable secret. But the generation of that error message indicates that neither the enable password nor the enable secret are configured.

HTH

Rick

HTH

Rick

The answer is that when you disable "enable password" after configure an "enable secret" you will just get access in line vty with SSH transport to achieve EXEC mode using enable secret. No telnet is permitted anymore after thus configuration. I think this kind of thing is to secure more strongly because "enable password" has a weak encryption.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco