To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. Use the no form of this command to remove the password requirement.
enable password [level level] {password | [encryption-type] encrypted-password}no enable password [level level]
Syntax Description
level level | (Optional) Level for which the password applies. You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified in the command or the no form of the command, the privilege level defaults to 15 (traditional enable privileges). |
password | Password users type to enter enable mode. |
encryption-type | (Optional) Cisco-proprietary algorithm used to encrypt the password. Currently the only encryption type available is 7. If you specify encryption-type, the next argument you supply must be an encrypted password (a password already encrypted by a Cisco router). |
encrypted-password | Encrypted password you enter, copied from another router configuration. |
Defaults
No password is defined. The default is level 15.
Command Modes
Global configuration
Command History
Release | Modification |
---|---|
10.0 | This command was introduced. |
Usage Guidelines
Use this command with the level option to define a password for a specific privilege level. After you specify the level and the password, give the password to the users who need to access this level. Use the privilege level (global) configuration command to specify commands accessible at various levels.
You will not ordinarily enter an encryption type. Typically you enter an encryption type only if you copy and paste into this command a password that has already been encrypted by a Cisco router.
CautionIf you specify an encryption type and then enter a clear text password, you will not be able to reenter enable mode. You cannot recover a lost password that has been encrypted by any method.If the service password-encryption command is set, the encrypted form of the password you create with the enable password command is displayed when a more nvram:startup-config command is entered.
You can enable or disable password encryption with the service password-encryption command.
An enable password is defined as follows:
- Must contain from 1 to 25 uppercase and lowercase alphanumeric characters.
- Must not have a number as the first character.
- Can have leading spaces, but they are ignored. However, intermediate and trailing spaces are recognized.
- Can contain the question mark (?) character if you precede the question mark with the key combination Crtl-v when you create the password; for example, to create the password abc?123, do the following:
- Enter abc.
- Type Crtl-v.
- Enter ?123.
When the system prompts you to enter the enable password, you need not precede the question mark with the Ctrl-v; you can simply enter abc?123 at the password prompt.
Examples
The following example enables the password pswd2 for privilege level 2:
enable password level 2 pswd2
The following example sets the encrypted password $1$i5Rkls3LoyxzS8t9, which has been copied from a router configuration file, for privilege level 2 using encryption type 7:
enable password level 2 7 $1$i5Rkls3LoyxzS8t9