beautypg.com

Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 204

background image

204

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 6

Administering the WAP Access

Protecting Enable and
Enable Secret Passwords
with Encryption

To provide an additional layer of security, particularly for passwords that cross the
network or that are stored on a Trivial File Transfer Protocol (TFTP) server, you
can use either the

enable password

or

enable secret

global

configuration commands. Both commands accomplish the same thing; that is,
you can establish an encrypted password that users must enter to access privileged
EXEC mode (the default) or any privilege level you specify.

We recommend that you use the

enable secret

command because it uses an

improved encryption algorithm.

If you configure the

enable secret

command, it takes precedence over the

enable password

command; the two commands cannot be in effect

simultaneously.

Beginning in privileged EXEC mode, follow these steps to configure encryption
for enable and enable secret passwords:

1. Enter global configuration mode.

configure terminal

2. Define a new password or change an existing password for access to

privileged EXEC mode.

enable password [level level] {password |

encryption-type encrypted-password}

or

enable secret [level level] {password | encryption-

type encrypted-password}

Define a secret password, that is saved by using a nonreversible encryption
method.
(Optional) For

level

, the range is from 0 to 15. Level 1 is normal user

EXEC mode privileges. The default level is 15 (privileged EXEC mode
privileges).

For

password

, specify a string from 1…25 alphanumeric characters.

The string cannot start with a number, is case sensitive, and allows
spaces but ignores leading spaces. By default, no password is defined.

(Optional) For

encryption-type

, type only a 5, a Cisco

proprietary encryption algorithm, is available. If you specify an
encryption type, you must provide an encrypted password—an
encrypted password you copy from another access point configuration.

3. (Optional) Encrypt the password when the password is defined or when

the configuration is written.

service password-encryption

TIP

If you specify an encryption type and then enter a clear text password,
you can not re-enter privileged EXEC mode. You cannot recover a lost
encrypted password by any method.

See also other documents in the category Rockwell Automation Equipment: