Back to Command Reference
Global ConfigDomain 1.0 / 5.0
enable secret [password]
Secures access to Privileged EXEC mode using a strongly encrypted password. This prevents unauthorized users who gain access to User EXEC mode from elevating their privileges and modifying the router's configuration.
Quick Reference
Execution Mode
Router(config)#Encryption AlgorithmType 5 (MD5) or Type 9 (Scrypt)
Prerequisite ForVTY/SSH administrative elevation
Negation Command
no enable secretCLI Deployment Scenarios
Scenario 1: Applying the Secret
You want to lock down the router so only senior admins can reach the `#` prompt.
Router(config)# enable secret Cisco123!
! When checking the running-config, the password is mathematically hashed:
Router# show running-config | include enable
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
CCNA Exam Gotchas
[!]
Enable Secret vs. Enable Password
The CCNA heavily tests the difference between enable secret and enable password.
• enable password stores the text in plain, unencrypted text in the configuration file. It is deeply insecure.
• enable secret hashes the password.
If an administrator configures both commands on the same router, the enable secret permanently overrides the enable password.