AAA - secret

sendalot

Having some AAA crisis.


Please help me clrafiy somethings.


"enable secret level 5 abc" means pw "abc" for level 5 access?


"enable secret 5 abc" means pw "abc" with md5 hashed form?
Some textbook examples show "enable sercert 5 @38diL?1i2jfSS" but how can a human being enter in hashed format?
or does the CLI automtically convert the command input?


But then when I do "run config" after I hit above command, would I see "enable sercert 5 @38diL?1i2jfSS" ?



Lastly, if I do a "debug" on localDB aaa later on, would the only the password matter? since there is no username?


(If you could cite a published source upon answering, I'd greatly apprecieate it).


Thanks.

RouteMyPacket

sendalot wrote: »

Having some AAA crisis.


Please help me clrafiy somethings.


"enable secret level 5 abc" means pw "abc" for level 5 access?

Correct

"enable secret 5 abc" means pw "abc" with md5 hashed form?
Some textbook examples show "enable sercert 5 @38diL?1i2jfSS" but how can a human being enter in hashed format? or does the CLI automtically convert the command input?

If you are pasting in a hashed password from another device perse, this is where "5" comes in. Do an "enable secret ?" to learn more on this.

But then when I do "run config" after I hit above command, would I see "enable sercert 5 @38diL?1i2jfSS" ?

If you entered it hashed with the "5" yes, if you did a normal "enable secret password123" it would return hashed off a sh run if you had service password-encryption enabled

Lastly, if I do a "debug" on localDB aaa later on, would the only the password matter? since there is no username?

(If you could cite a published source upon answering, I'd greatly apprecieate it).

Published resource = my brain

Thanks.

In bold above