Configuration Files
There are two separate configuration files kept on the device at once.
Running-config
The current, active configuration file on the device. As you enter commands in the CLI, you edit the active configuration.
To view this file we type:
Router# show running-config
Building configuration...
Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password CCNA
To save this file we type:
Router# write
or
Router# write memory
or
Router# copy running-config startup-config
This wirtes the running configurations to the startup configuration file.
Startup-config
The configuration file that will be loaded upon restart of the device.
To view this file we type:
Router# show startup-config
Building configuration...
Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password CCNA
Level-Up The Security
Anyone who can see the configuration files will be able to see the Privileged EXEC Mode password. This is a security risk.
Service Password-encryption
Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# service password-encryption
This will encrypt all passwords.
When we view the running configuration file again, this is what we will see:
Router# show running-config
Building configuration...
Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password 7 08026F6028
The 7 before the password indicates the type of encryption used to encrypt the password.
(7 corresponds to a proprietary type of encryption from CISCO).
This is not very secure since it can be cracked with online tools
Enable secret
A more secure way of encrypting the passwords
The enable secret command configures a password that is automatically encrypted. It uses MD5, a more secure form of encryption than the service password-encryption command.
Router(config)# enable secret Cisco
Router(config)# do sh run
Building configuration...
Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable secret 5 7b1d1185b835814de783483f686e9825.
enable password 7 08026F6028
The new password is Cisco.
The 5 corresponds to MD5 encryption.
Notes
In the second command, we use do in order to execute Privileged EXEC commands in other configuration levels.
If both enable secret and enable password are configured the enable password will be ignored.
We should always use enable secret.
Last updated