Password Config: Answer

 In 200-301 V2 Ch05: Securing Network Devices, 200-301 V2 Part 2: Security Services, CCENT-OLD, Q&A

Here’s the letter answer and explanation for last week’s CCENT passwords question, below the fold as usual to hide the answer. Follow up as needed. Thanks!

Answer: D

This question hinges on two key points. First, switches (and routers) never display the actual enable secret password in the output of the show running-config command, instead listing the MD5 hash of the password, with an encryption or encoding type of 5.

Second, the service password-encryption global configuration command tells the switch to hide the passwords that would otherwise be visible in clear-text in the output of the show running-config command. These passwords include:

  • Those defined with the password command in vty and console modes
  • Those defined with the username command
  • The password defined by the enable password command

The following example lists the output of the show running-config command on SW1 from this question, showing only the lines with the relevant passwords.

Password Config Question
Question: Frame Relay Terms and Concepts
Subscribe
Notify of
guest

7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Anna

Hi Wendell,

Can you explain which command enables md5 hash?
The question illustrates enable secret secretpw? Is that value 7?

Thanks,
Anna

lyjo

Hi Anna,
The age old “enable secret whatever” command, as typed by us, causes IOS to use MD5. That is, it uses an MD5 has h by default So, there’s no separate command or keyword to make the enable secret command use MD5. Then, once IOS adds it to the config, IOS just shows the hash, and a “5” as the type meaning that it uses MD5.

Cisco later added some additional options for other types of hashes to hide the password. Those are detailed in chapter 34 of the new 100-105 cert guide book (I think).

abrakour

Hi everyone,
First timer…. The “service password-encryption” command appears in chapter 34 page 805 of the new 100-105 guide. This Q really got me looking like :O “How did I miss this command??”. Maybe not a Q for Part II. Anyways!! Thank you!!

lyjo

Hi Abrakour,
You’re welcome!
Yep, I agree, I should have marked this one as in Part 9 and in chapter 34. I changed those tags on the post. Thanks for the heads up!
Wendell

essa

can u explain what is the difference btwn answer And E

essa

answer and e

7
0
Would love your thoughts, please comment.x
()
x