search

Configuration Files

There are two separate configuration files kept on the device at once.

hashtag
Running-config

The current, active configuration file on the device. As you enter commands in the CLI, you edit the active configuration.

To view this file we type:

Router# show running-config
Building configuration...

Current configuration: 719 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable password CCNA

To save this file we type:

or

or

This wirtes the running configurations to the startup configuration file.

hashtag
Startup-config

The configuration file that will be loaded upon restart of the device.

To view this file we type:

hashtag
Level-Up The Security

Anyone who can see the configuration files will be able to see the Privileged EXEC Mode password. This is a security risk.

hashtag
Service Password-encryption

This will encrypt all passwords.

When we view the running configuration file again, this is what we will see:

The 7 before the password indicates the type of encryption used to encrypt the password.

(7 corresponds to a proprietary type of encryption from CISCO).

This is not very secure since it can be cracked with online tools

hashtag
Enable secret

A more secure way of encrypting the passwords

The enable secret command configures a password that is automatically encrypted. It uses MD5, a more secure form of encryption than the service password-encryption command.

The new password is Cisco.

The 5 corresponds to MD5 encryption.

hashtag
Notes

In the second command, we use do in order to execute Privileged EXEC commands in other configuration levels.

If both enable secret and enable password are configured the enable password will be ignored.

We should always use enable secret.

PreviousEnable PasswordNextCanceling commands

Last updated