Service password-encryption – ADTRAN 5000 Series User Manual

Command Reference Guide

Global Configuration Mode Command Set

61200990L1-35E

Copyright © 2005 ADTRAN

445

service password-encryption

Use the service password-encryption command to turn on global password protection. Use the no form
of this command to return to default settings.

Syntax Description

No subcommands.

Default Values

By default, global password protection is disabled.

Applicable Platforms

This command applies to the NetVanta 300, 1000, 1000R, 2000, 3000, 4000, and 5000 and
Total Access 900 Series units.

Command History

Release 11.1

Command was introduced.

Functional Notes

When enabled, all currently configured passwords are encrypted. Also, any new passwords are encrypted
after they are entered. Password encryption is applied to all passwords, including passwords for
username, enable, Telnet/console, PPP, BGP, and authentication keys. When passwords are encrypted,
unauthorized persons cannot view them in configuration files since the encrypted form of the password is
displayed in the running-config. While this provides some level of security, the encryption method used
with password encryption is not a strong form of encryption so you should take additional network security
measures.

Usage Examples

The following example enables password encryption for all passwords on the unit:

(config)#service password-encryption

If you need to go back to a previous revision of the code (e.g., AOS Revision 10), this
command must be disabled first. Once the service is disabled, all necessary passwords
must be re-entered so that they are in the clear text form. If this is not done properly, you
will not be able to log back in to the unit after you revert to a previous revision that does
not support password encryption.

You cannot recover a lost encrypted password. You must erase the startup-config and set a
new password.