×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Password showing in running configuration on 3750's and 3560's

Answered Question
Mar 6th, 2014
User Badges:

Hi All,


Forigve the stupid question here but I was just backing up the running configuration on the switches at work before we have a big powerdown at the weekend and I noticed that the passwords to access the switches are showing in readable text in the running configuration. Under line vty 0.4 and line vt 5.15 there is an entry for the password.


I have never seen this before in cisco switch running configurations so I was just wondering if it was normal? I'm new to the company so before I go rock the boat I thought I would ask if it is just a normal occurance as I've never seen it before on other 29 series switches that I have worked with.


If it isn't normal should I just remove it from the configuration files and then write mem to write a new config file minus the passwords? Just seems a bit risky to have passwords showing in plain sight especially if somebody ever saw the configuration file?


Any advice on the above would be greatly appreciated?


Thanks.

Correct Answer by glen.grant about 3 years 5 months ago

  No do not remove the passwords . As Rick said it's missing the "service password-encryption "  command. Just add it and the passwords will be non readable  unless you have one of the hundreds of available cisco password crackers !!  

Correct Answer by Richard Burts about 3 years 5 months ago

There is an option for service password-encryption which is not enabled by default. Most of us enable it as one of the first things we do in configuring IOS devices. Sounds like the switches you have seen before have the service enabled and this switch does not.  I suggest that you enable the service on this switch. I urge you to be very VERY careful about just removing the passwords.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Richard Burts Thu, 03/06/2014 - 14:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

There is an option for service password-encryption which is not enabled by default. Most of us enable it as one of the first things we do in configuring IOS devices. Sounds like the switches you have seen before have the service enabled and this switch does not.  I suggest that you enable the service on this switch. I urge you to be very VERY careful about just removing the passwords.


HTH


Rick

NJackson3 Thu, 03/06/2014 - 23:36
User Badges:

Hi Rick,


Thanks for the advice I will enable that service on our switches then for added security thank you very much for responding I didn't want to remove the passwords so will heed your advice there.


Cheers,

Nick

Correct Answer
glen.grant Thu, 03/06/2014 - 16:33
User Badges:
  • Purple, 4500 points or more

  No do not remove the passwords . As Rick said it's missing the "service password-encryption "  command. Just add it and the passwords will be non readable  unless you have one of the hundreds of available cisco password crackers !!  

NJackson3 Fri, 03/07/2014 - 02:11
User Badges:

Thanks when I try entering the command service password-encryption I get invalid marker detected at the third character in the word service is their a condensed form of this command so that I can turn this service on please?


I am trying to enable the service password-encryption from the elevated access mode on the switch or do I need to be in just the normal mode? I thought that in order to make any configuration changes and be able to write those changes to memory you had to be in the elevated access mode?

Parvesh Paliwal Fri, 03/07/2014 - 02:21
User Badges:

The syntax/ command is :


Router(config)#  service password-encryption


feel free to revert for further support.

Actions

This Discussion

Related Content