Configure password encryption on Cisco devices

By default all passwords except secret password are not encrypted, what makes the device vulnerable. One of the standard procedures when you configure Cisco devices i to configure password encryption.

But lets start from beginning. First configure vty and console passwords as an example.

TestRouter(config)#line vty 0 4
TestRouter(config-line)#password somestring

TestRouter(config)#line console 0
TestRouter(config-line)#password somepass

Now verify your passwords with show runn command and passwords wont be encrypted. Output is omitted.

line con 0
password somepass

line vty 0 4
password somestring

Now from configuration mode type following command and verify configuration again. Password will be encrypted.

TestRouter(config)#service password-encryption

line con 0
password 7 120A0A1A171B0D1739

line vty 0 4
password 7 02150B560E151B3345400E

There is one more thing that has to be mentioned. Some non-Cisco sources, maybe evenĀ  released programs and wen pages to decrypt passwords. These programs will not be able to decrypt secret password. Because of this Cisco recommended AAA authentication based on Radius or TACACS+ standard.

That`s it, keep an eye on as we will continue with more tutorials . On our website you will find a lot of tips and tricks for any IT field !

Dejan Dzodan

Dejan Dzodan

IT professional for more then 15 years, mostly in financial institutions but with experience in ISP and retail. Proven in networking and overall infrastructure projects. Cisco instructor.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 4 =