Manualshelf

Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router
141142143144145146147148149150
7-4 Dial Solutions Quick Configuration Guide
Configuring Authentication
3 Enabling AAA Globally on the Access Server
4 Defining Authentication Method Lists
1. Issue the aaa authentication Command
2. Specify Protocol or Login Authentication
3. Identify a List Name
4. Specify the Authentication Method
5 Applying Authentication Method Lists to Lines and Interfaces
Apply login lists to VTY lines and the console port
Apply authentication lists to asynchronous or ISDN interfaces configured for PPP
Apply authentication lists asynchronous (TTY) lines configured for ARA
Securing Access to Privileged EXEC and Configuration Mode
The first thing you secure is access to privileged EXEC (enable) mode. Enable mode provides access
to configuration mode, which enables any type of configuration change to the access server. To
secure privileged EXEC mode, use one of the commands listed in Table 7-1:
For more information about the enable password and enable secret commands and their complete
syntax, refer to the Security Command Reference.
Caution If you use the enable secret command and specify an encryption type, you must enter the
encrypted version of a specific password. Do not enter the cleartext version of the password after
specifying an encryption type. You must comply with the following procedure when you specify an
encryption type or you will be locked irretrievably out of privileged EXEC (enable) mode. The only
way to regain access to privileged EXEC mode will be to erase the contents of NVRAM, erase your
entire configuration, and reconfigure the router again.
Table 7-1 Commands Used to Secure Access to Privileged EXEC Mode
Command Purpose
enable password password Requires that network administrators enter a password to access
privileged EXEC mode. Do not provide access to non administrators.
enable secret password Specifies a secret password that is encrypted, so that the password
cannot be read when crossing a network. After you issue this command,
the encryption cannot be reversed. The encrypted version of the
password appears in output of the show running-config and show
startup-config commands. The enable secret password has precedence
over the enable password. Do not enter the same password as the enable
password. If the two passwords are the same, the enable secret
password is not a secret, because the enable password appears in output
of show running-config and show startup-config commands.