User's Manual

ManualsBrandsCisco Systems ManualsSwitchCisco Systems WSC3750X48TS

231

232

233

234

235

236

237

238

239

240

10-4

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 10 Configuring Switch-Based Authentication

Protecting Access to Privileged EXEC Commands

Beginning in privileged EXEC mode, follow these steps to configure encryption for enable and enable

secret passwords:

If both the enable and enable secret passwords are def

ined, users must enter the enable secret password.

Use the le

vel keyword to define a password for a specific privilege level. After you specify the level and

set a password, give the password only to users who need to have access at this level. Use the privilege

level global configuration command to specify commands accessible at various levels. For more

information, see the “Configuring Multiple Privilege Levels” section on page 10-7.

If you enable password encryption, it applies to all passwords including username passwords,

aut

hentication key passwords, the privileged command password, and console and virtual terminal line

passwords.

To remove a password and level, use the no enable passw

ord [level level] or no enable secret [level

level] global configuration command. To disable password encryption, use the no service

password-encryption global configuration command.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

enable password [level level] {password |

encryption-type encrypted-password}

enable secret [le

vel level] {password |

encryption-type encrypted-password}

Define a new password or change an existing password for

access t

o privileged EXEC mode.

Define a secret password, which is saved using a

non

reversible encryption method.

• (Optional) For level, the range is from 0 to 15. Level 1 is

normal user EXEC mode privileges. The default level is

15 (privileged EXEC mode privileges).

• For password, specify a string from 1 to 25

alphanumeric characters. The string cannot start with a

number, is case sensitive, and allows spaces but ignores

leading spaces. By default, no password is defined.

• (Optional) For encryption-type, only type 5, a Cisco

proprietary encryption algorithm, is available. If you

specify an encryption type, you must provide an

encrypted password—an encrypted password that you

copy from another switch configuration.

Note If you specify an encryption type and then enter a

clear text password, you can not re-enter privileged

EXEC mode. You cannot recover a lost encrypted

password by any method.

Step 3

service password-encryption (Optional) Encrypt the password when the password is

defined or when the configuration is written.

Encryption prevents the password from being readable in the

nfiguration file.

Step 4

end Return to privileged EXEC mode.

Step 5

copy running-config startup-config (Optional) Save your entries in the configuration file.