Confused on which password takes precedence on a config

JockVSJock

Making progress on my studies, however I can't wrap my brain around this config file that Odom has from Chp 9, 2nd edition.

Which password takes precedence, especially when you have the console and the telnet/ssh involved?

We have the following:

sw1(config)#enable secret cisco 

Then we have from the same config

sw1(config-line)#line con 0 
sw1(config-line)#password hate
sw1(config-line)#login 
sw1(config-line)#exit
sw1(config)#line vty 0 15 
sw1(config-line)#password love 
sw1(config-line)#login
sw1(config-line)#end 

ayori

1. vty/console password
2. enable secret/password

The vty or console password will be asked first. Once you've typed in your password (love/hate) and in the host> prompt, you then type enable command with the enable password (which is cisco in your example) to make changes on the device. The prompt will then change to host#.

If you have privilege level 15 command entered under the vty or console config mode, then you wouldn't need the enable password as once you've typed in your vty/console password, you will automatically be in enable mode.

Try it on GNS3!

ChickenNuggetz

Think of it like this:

vty and console passwords are used for accessing the device

enable passwords are used for accessing privileged exec mode


One doesnt really take precedence over the other; the passwords protect different things. I'm with ayori though, if you have privilege level 15 command configured under vty and console, logging in will automatically put you into privilege exec mode thus negating the need for an enable secret password.

Hope that helps!