Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

no enable password

I am applying certain security policies from given template such as

1. enable secret <password>

2. no enable password

Due to #2, I couldn't telnet into the device anymore. Is anything additional required.

7 REPLIES
Hall of Fame Super Blue

Re: no enable password

Where does it fail when you try to telnet. You should be fine without the enable password but you still the password configured on the vty's.

Jon

Silver

Re: no enable password

you are probably getting the following, password required none set.

you need to set a line password

see the following:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products_configuration_example09186a0080204528.shtml

Community Member

Re: no enable password

I would like to correct my first post.

I can telnet into the device (Cat6500), but when I do 'enable' it says 'No password set'.

I believe the vty password is intact thats why I can successfully telnet into the device.

Can 'no enable password' remove the 'enable secret ' by any chance.

Silver

Re: no enable password

Can 'no enable password' remove the 'enable secret ' by any chance

yes u need a enable passowrd.

Hall of Fame Super Bronze

Re: no enable password

Can 'no enable password' remove the 'enable secret ' by any chance

yes u need a enable passowrd.

Really?

R1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#enable password cisco

R1(config)#do show run | i enable

enable password cisco

R1(config)#enable secret cisco123

R1(config)#no enable password

R1(config)#do show run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1

R1(config)#exit

R1 con0 is now available

Press RETURN to get started.

R1>en

Password:

R1#sh run | i enable

enable secret 5 $1$0Obq$Juq8Mz8QtkNdy0Y/V5x5Z1

R1#

__

Edison.

Hall of Fame Super Gold

Re: no enable password

I believe that Vishwamurti must have understood the original question much differently than Edison and I did.

Edison is quite right: the operation of enable password and of enable secret are entirely independent. Removing enable password will NOT remove enable secret. If the 6500 is giving an error about no enable password then the enable password was removed and there is no enable secret. Either the enable secret was overlooked in the original configuration or there was a keystoke error that produced a syntax error in the attempt to configure enable secret. But the generation of that error message indicates that neither the enable password nor the enable secret are configured.

HTH

Rick

Community Member

The answer is that when you

The answer is that when you disable "enable password" after configure an "enable secret" you will just get access in line vty with SSH transport to achieve EXEC mode using enable secret. No telnet is permitted anymore after thus configuration. I think this kind of thing is to secure more strongly because "enable password" has a weak encryption.

6535
Views
0
Helpful
7
Replies
CreatePlease to create content