Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
919293949596979899100
99
OL-11615-01
Retype new password: <
new_password
>
Password changed.
Console> (enable)
For more information about the set password command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/set_m
_pi.htm#wp1025848
The set enablepass Command
In switches running Catalyst OS, privileged access to the CLI is controlled with a local enable password,
which by default is not configured. Use the set enablepass command to configure a CLI enable
password. Passwords are case sensitive and can be from 0 to 19 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are prompted
to enter a new password and to verify the new password.
This example shows how to set a new enable password:
Console> (enable) set enablepass
Enter old password: <
old_password
>
Enter new password: <
new_password
>
Retype new password: <
new_password
>
Password changed.
Console> (enable)
For more information about the set password command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/set_f
_l.htm#wp1061821
The set authentication login Command
In Catalyst OS, by default, access to the switches is controlled with the local login password. The set
authentication login command can be used to enable TACACS+, RADIUS, or Kerberos as alternative
authentication methods for login.
In addition, the set authentication login command allows you to limit the number of unsuccessful login
attempts. When a user fails to authenticate after the specified number of attempts, the system delays
access and logs the user ID and the IP address of the station with a syslog message and a SNMP trap.
The maximum number of login attempts is configurable through the set authentication login attempt
count command. The configurable range is three (default) to ten tries. Setting the login authentication
limit to zero (0) disables this function.
The lockout (delay) time can be configured through the set authentication login lockout time command.
The configurable range is 30-43200 seconds. Setting the lockout time to zero (0) disables this function.
When a user is locked out at the console, the console does not allow any login attempt during the lockout
time. If the user is locked out with a Telnet session, the connection closes when the time limit is reached.
The switch closes any subsequent access from that station during the lockout time and provides an
appropriate notice.
This example shows how to limit login attempts to 5, set the lockout time for both console and Telnet
connections to 50 seconds, and verify the configuration:
Console> (enable) set authentication login attempt 5
Login authentication attempts for console and telnet logins set to 5.
Console> (enable) set authentication login lockout 50
Login lockout time for console and telnet logins set to 50.
For more information about the set authentication login attempt command, refer to the following URL: