Configuration Files
There are two separate configuration files kept on the device at once.
Running-config
The current, active configuration file on the device. As you enter commands in the CLI, you edit the active configuration.
To view this file we type:
To save this file we type:
or
or
This wirtes the running configurations to the startup configuration file.
Startup-config
The configuration file that will be loaded upon restart of the device.
To view this file we type:
Level-Up The Security
Anyone who can see the configuration files will be able to see the Privileged EXEC Mode password. This is a security risk.
Service Password-encryption
This will encrypt all passwords.
When we view the running configuration file again, this is what we will see:
The 7 before the password indicates the type of encryption used to encrypt the password.
(7 corresponds to a proprietary type of encryption from CISCO).
This is not very secure since it can be cracked with online tools
Enable secret
A more secure way of encrypting the passwords
The enable secret command configures a password that is automatically encrypted. It uses MD5, a more secure form of encryption than the service password-encryption command.
The new password is Cisco.
The 5 corresponds to MD5 encryption.
Notes
In the second command, we use do in order to execute Privileged EXEC commands in other configuration levels.
If both enable secret and enable password are configured the enable password will be ignored.
We should always use enable secret.
Last updated