enable password [password]
Sets a plaintext password for privileged EXEC access in global configuration mode, used when no enable secret is configured.
enable password [password]When to Use This Command
- Configuring a simple password for lab or test environments where encryption is not required.
- Setting an initial enable password on a new router before upgrading to enable secret.
- Providing a fallback password for older IOS versions that do not support enable secret.
- Quickly securing privileged mode in a non-production network.
Command Examples
Setting a basic enable password
Router(config)# enable password cisco123Router(config)#
No output is displayed; the command is executed silently. The password 'cisco123' is now set for privileged EXEC access.
Verifying the enable password configuration
Router# show running-config | include enable passwordenable password cisco123
The running configuration shows the password in plaintext. This is a security risk; use 'enable secret' instead.
Understanding the Output
The 'enable password' command does not produce any output upon execution. To verify, use 'show running-config | include enable password' which displays the password in plaintext. In production, this is a security concern because anyone with access to the config can see the password. Always prefer 'enable secret' which encrypts the password using MD5. The absence of 'enable secret' means the 'enable password' is used for authentication.
CCNA Exam Tips
CCNA exam tip: 'enable password' stores the password in plaintext; 'enable secret' uses MD5 hashing and takes precedence.
CCNA exam tip: If both 'enable password' and 'enable secret' are configured, only 'enable secret' is used for authentication.
CCNA exam tip: The 'service password-encryption' command encrypts 'enable password' in the config, but it's weak; 'enable secret' is still preferred.
CCNA exam tip: In the exam, you may be asked to identify the most secure method: always choose 'enable secret'.
Common Mistakes
Mistake 1: Using 'enable password' in production instead of 'enable secret' — exposes password in config.
Mistake 2: Forgetting that 'enable secret' overrides 'enable password' — if both are set, only secret works.
Mistake 3: Typing 'enable password' in user EXEC mode instead of global config mode — command is rejected.
Related Commands
enable secret [password]
Sets an encrypted password for privileged EXEC access, replacing the less secure 'enable password' command.
service password-encryption
Encrypts all plaintext passwords in the running configuration to prevent unauthorized viewing of password data.
show running-config
Displays the current active configuration in DRAM, showing all non-default settings.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions