Manualshelf

User Guide

ManualsBrandsCisco Systems ManualsOtherEA6500
51525354555657585960
3-15
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 3 Configuring the Switch for the First Time
Protecting Access to Privileged EXEC Commands
Protecting Access to Privileged EXEC Commands
The following tasks provide a way to control access to the system configuration file and privileged
EXEC commands:
Setting or Changing a Static Enable Password, page 3-15
Using the enable password and enable secret Commands, page 3-15
Setting or Changing a Line Password, page 3-16
Setting TACACS+ Password Protection for Privileged EXEC Mode, page 3-16
Encrypting Passwords, page 3-17
Configuring Multiple Privilege Levels, page 3-17
Setting or Changing a Static Enable Password
To set or change a static password that controls access to the privileged EXEC mode, perform this task:
This example shows how to configure an enable password as “lab” at the privileged EXEC mode:
Router# configure terminal
Router(config)# enable password lab
Router(config)#
To display the password or access level configuration, see the “Displaying the Password, Access Level,
and Privilege Level Configuration” section on page 3-19.
Using the enable password and enable secret Commands
To provide an additional layer of security, particularly for passwords that cross the network or that are
stored on a TFTP server, you can use either the enable password or enable secret commands. Both
commands configure an encrypted password that you must enter to access enable mode (the default) or
to access a specified privilege level. We recommend that you use the enable secret command.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
To configure the switch to require an enable password, perform either of these tasks:
Command Purpose
Router(config)# enable password password
Sets a new password or changes an existing password for the
privileged EXEC mode.
Command Purpose
Router(config)# enable password [level level]
{password | encryption-type encrypted-password}
Establishes a password for the privileged EXEC mode.
Router(config)# enable secret [level level] {password
| encryption-type encrypted-password}
Specifies a secret password, saved using a nonreversible
encryption method. (If enable password and enable secret
commands are both set, users must enter the enable secret
password.)