User's Manual
12-2
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 12 Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication 
Prevention for Unauthorized Switch Access
You can prevent unauthorized users from reconfiguring your switch and viewing configuration 
information. Typically, you want network administrators to have access to your switch while you restrict 
access to users who dial from outside the network through an asynchronous port, connect from outside 
the network through a serial port, or connect through a terminal or workstation from within the local 
network.
To prevent unauthorized access into your switch, you should configure one or more of these security 
features:
  • At a minimum, you should configure passwords and privileges at each switch port. These passwords 
are locally stored on the switch. When users attempt to access the switch through a port or line, they 
must enter the password specified for the port or line before they can access the switch. 
  • For an additional layer of security, you can also configure username and password pairs, which are 
locally stored on the switch. These pairs are assigned to lines or ports and authenticate each user 
before that user can access the switch. If you have defined privilege levels, you can also assign a 
specific privilege level (with associated rights and privileges) to each username and password pair. 
  • If you want to use username and password pairs, but you want to store them centrally on a server 
instead of locally, you can store them in a database on a security server. Multiple networking devices 
can then use the same database to obtain user authentication (and, if necessary, authorization) 
information. 
  • You can also enable the login enhancements feature, which logs both failed and unsuccessful login 
attempts. Login enhancements can also be configured to block future login attempts after a set 
number of unsuccessful attempts are made. 
Password Protection
A simple way of providing terminal access control in your network is to use passwords and assign 
privilege levels. Password protection restricts access to a network or network device. Privilege levels 
define what commands users can enter after they have logged into a network device.
Default Password and Privilege Level Configuration
Ta b l e  12-1 Default Password and Privilege Levels 
Feature Default Setting
Enable password and privilege level No password is defined. The default is level 15 (privileged EXEC level). 
The password is not encrypted in the configuration file.
Enable secret password and privilege level No password is defined. The default is level 15 (privileged EXEC level). 
The password is encrypted before it is written to the configuration file.
Line password No password is defined.










