trouble changing enable password

Is there also an "enable secret" command in the config?

If so try:-

conf t no enable password enable secret

James

I think the enable secret should be preferred because its not easily decodable.

but forms have a number before the actual password (IIRC)

enable secret 0

or

enable password 0

Rainer

Yes I think there is a enable secret password. What is the difference between the enable and secret password or are they the same? Also is it okay to keep the service password-encryption on? Glenn

"enable secret" stores the password in a way that can not be decrypted. It wins over "enable password" as method that allows access to privilege mode. So you were changing something that wasn't used when authoriziting you to the privilege mode.

Yes of course, even if the encryption algorithm is very weak. Can be decrypted in few milliseconds.

HTH

Alex.

enable password is stored either in clear or in a reversible "encryption"[1] noted by a prefix of 7[2] if "service password-encryption" is set. enable secret is stored as an MD5 hash (prefix 5), which you might be able to reverse but it will take you some effort.

If there's an enable secret the router will use it, if not it will fall back to enable password. There used to be situations where you needed both but I don't suppose there are many cases now.

Sam

[1] At one point Cisco used to refer to it as "obscured" rather than "encrypted" - there are several trivial password decryptors around. [2] A correspondent on a Cisco mailing list once asked why his password didn't work - it turned out it began with the name of a well known soft drink and even though password encryption wasn't set when the router read the config it saw the initial "7 up" and tried to decrypt the rest of the plain text password.