8-4
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 8 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
Beginning in privileged EXEC mode, follow these steps to configure encryption for enable and enable
secret passwords:
If both the enable and enable secret passwords are defined, users must enter the enable secret password.
Use the
level
keyword to define a password for a specific privilege level. After you specify the level and
set a password, give the password only to users who need to have access at this level. Use the
privilege
level
global configuration command to specify commands accessible at various levels. For more
information, see the
“Configuring Multiple Privilege Levels” section on page 8-7
If you enable password encryption, it applies to all passwords including username passwords,
authentication key passwords, the privileged command password, and console and virtual terminal line
passwords.
To remove a password and level, use the
no enable password
[
level
level
] or
no enable secret
[
level
level
] global configuration command. To disable password encryption, use the
no service
password-encryption
global configuration command.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
enable password
[
level
level
] {
password
|
encryption-type encrypted-password
}
or
enable secret
[
level
level
] {
password
|
encryption-type encrypted-password
}
Define a new password or change an existing password for
access to privileged EXEC mode.
or
Define a secret password, which is saved using a
nonreversible encryption method.
•
(Optional) For
level
, the range is from 0 to 15. Level 1 is
normal user EXEC mode privileges. The default level is
15 (privileged EXEC mode privileges).
•
For
password
, specify a string from 1 to 25
alphanumeric characters. The string cannot start with a
number, is case sensitive, and allows spaces but ignores
leading spaces. By default, no password is defined.
•
(Optional) For
encryption-type
, only type 5, a Cisco
proprietary encryption algorithm, is available. If you
specify an encryption type, you must provide an
encrypted password—an encrypted password that you
copy from another switch configuration.
Note
If you specify an encryption type and then enter a
clear text password, you can not re-enter privileged
EXEC mode. You cannot recover a lost encrypted
password by any method.
Step 3
service password-encryption
(Optional) Encrypt the password when the password is
defined or when the configuration is written.
Encryption prevents the password from being readable in the
configuration file.
Step 4
end
Return to privileged EXEC mode.
Step 5
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Содержание Catalyst 2928
Страница 28: ...Contents xxviii Catalyst 2928 Switch Software Configuration Guide OL 23389 01 ...
Страница 32: ...xxx Catalyst 2928 Switch Software Configuration Guide OL 23389 01 Preface ...
Страница 496: ...26 14 Catalyst 2928 Switch Software Configuration Guide OL 23389 01 Chapter 26 Configuring SPAN Displaying SPAN Status ...
Страница 534: ...29 18 Catalyst 2928 Switch Software Configuration Guide OL 23389 01 Chapter 29 Configuring SNMP Displaying SNMP Status ...
Страница 700: ...Index IN 36 Catalyst 2928 Switch Software Configuration Guide OL 23389 01 ...