Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual
Page 204
204
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Chapter 6
Administering the WAP Access
Protecting Enable and
Enable Secret Passwords
with Encryption
To provide an additional layer of security, particularly for passwords that cross the
network or that are stored on a Trivial File Transfer Protocol (TFTP) server, you
can use either the
enable password
or
enable secret
global
configuration commands. Both commands accomplish the same thing; that is,
you can establish an encrypted password that users must enter to access privileged
EXEC mode (the default) or any privilege level you specify.
We recommend that you use the
enable secret
command because it uses an
improved encryption algorithm.
If you configure the
enable secret
command, it takes precedence over the
enable password
command; the two commands cannot be in effect
simultaneously.
Beginning in privileged EXEC mode, follow these steps to configure encryption
for enable and enable secret passwords:
1. Enter global configuration mode.
configure terminal
2. Define a new password or change an existing password for access to
privileged EXEC mode.
enable password [level level] {password |
encryption-type encrypted-password}
or
enable secret [level level] {password | encryption-
type encrypted-password}
Define a secret password, that is saved by using a nonreversible encryption
method.
• (Optional) For
level
, the range is from 0 to 15. Level 1 is normal user
EXEC mode privileges. The default level is 15 (privileged EXEC mode
privileges).
• For
password
, specify a string from 1…25 alphanumeric characters.
The string cannot start with a number, is case sensitive, and allows
spaces but ignores leading spaces. By default, no password is defined.
• (Optional) For
encryption-type
, type only a 5, a Cisco
proprietary encryption algorithm, is available. If you specify an
encryption type, you must provide an encrypted password—an
encrypted password you copy from another access point configuration.
3. (Optional) Encrypt the password when the password is defined or when
the configuration is written.
service password-encryption
TIP
If you specify an encryption type and then enter a clear text password,
you can not re-enter privileged EXEC mode. You cannot recover a lost
encrypted password by any method.