Cisco Router System Configuration Dialog

The next section allows us to configure what are known as global parameters. The first option involves giving the router a hostname, followed by the configuration of various passwords.

Configuring global parameters:
Enter host name [Router]: toronto-1
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: cisco
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: cisco2
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: cisco3

The first prompt asked for a hostname. I chose toronto-1, which will ultimately be shown at the router’s command prompt, as we’ll see shortly. This is followed by the configuration of passwords. The first password required is what is known as the “enable secret”. This password will ultimately be encrypted, such that it cannot be read in the router’s configuration file as plain text. Enable passwords are used to access what is known as privileged EXEC mode, where router configuration takes place. We’ll take a look at privileged EXEC mode in detail later in this chapter.

The second password you are asked to provide is what is known as the “enable password”. This is different from the enable secret, in that it is not encrypted. The enable password is used with older IOS versions, as well as older boot images found in ROM. When both an enable secret password and an enable password are configured, only the enable secret password is used. Technically these cannot be the same – if you enter the same value for the enable password as you did for the enable secret, you will be prompted to change it. The truth of the matter is that if you enter the same password again, it will be accepted. I would suggest choosing different values, if only for the sake of not having the “real” enable password appear in the configuration file in plain text.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.