Password Config: Answer

certskills
By certskills April 17, 2015 09:05

Here’s the letter answer and explanation for last week’s CCENT passwords question, below the fold as usual to hide the answer. Follow up as needed. Thanks!

Answer: D

This question hinges on two key points. First, switches (and routers) never display the actual enable secret password in the output of the show running-config command, instead listing the MD5 hash of the password, with an encryption or encoding type of 5.

Second, the service password-encryption global configuration command tells the switch to hide the passwords that would otherwise be visible in clear-text in the output of the show running-config command. These passwords include:

  • Those defined with the password command in vty and console modes
  • Those defined with the username command
  • The password defined by the enable password command

The following example lists the output of the show running-config command on SW1 from this question, showing only the lines with the relevant passwords.

Password Config Question
Question: Switch LEDs
certskills
By certskills April 17, 2015 09:05
Write a comment

4 Comments

  1. Anna August 25, 13:11

    Hi Wendell,

    Can you explain which command enables md5 hash?
    The question illustrates enable secret secretpw? Is that value 7?

    Thanks,
    Anna

    Reply to this comment
  2. CCENTSkills August 26, 08:02

    Hi Anna,
    The age old “enable secret whatever” command, as typed by us, causes IOS to use MD5. That is, it uses an MD5 has h by default So, there’s no separate command or keyword to make the enable secret command use MD5. Then, once IOS adds it to the config, IOS just shows the hash, and a “5” as the type meaning that it uses MD5.

    Cisco later added some additional options for other types of hashes to hide the password. Those are detailed in chapter 34 of the new 100-105 cert guide book (I think).

    Reply to this comment
  3. abrakour April 3, 10:20

    Hi everyone,
    First timer…. The “service password-encryption” command appears in chapter 34 page 805 of the new 100-105 guide. This Q really got me looking like :O “How did I miss this command??”. Maybe not a Q for Part II. Anyways!! Thank you!!

    Reply to this comment
    • CCENTSkills April 5, 06:33

      Hi Abrakour,
      You’re welcome!
      Yep, I agree, I should have marked this one as in Part 9 and in chapter 34. I changed those tags on the post. Thanks for the heads up!
      Wendell

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories