Manualshelf

User Guide

ManualsBrandsCisco Systems ManualsOtherEA6500
51525354555657585960
3-16
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 3 Configuring the Switch for the First Time
Protecting Access to Privileged EXEC Commands
Use either of these commands with the level option to define a password for a specific privilege level.
After you specify the level and set a password, give the password only to users who need to have access
at this level. Use the privilege level configuration command to specify commands accessible at various
levels.
If you enable the service password-encryption command, the password you enter is encrypted. When
you display it with the more system:running-config command, it displays in encrypted form.
If you specify an encryption type, you must provide an encrypted password that you copy from another
Catalyst 6500 series switch configuration.
Note You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the
“Recovering a Lost Enable Password” section on page 3-19 if you lose or forget your password.
To display the password or access level configuration, see the “Displaying the Password, Access Level,
and Privilege Level Configuration” section on page 3-19.
Setting or Changing a Line Password
To set or change a password on a line, perform this task:
To display the password or access level configuration, see the “Displaying the Password, Access Level,
and Privilege Level Configuration” section on page 3-19.
Setting TACACS+ Password Protection for Privileged EXEC Mode
For complete information about TACACS+, refer to these publications:
Cisco IOS Security Configuration Guide, Release 12.1, “Authentication, Authorization, and
Accounting (AAA),” at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt1/index.htm
Cisco IOS Security Command Reference, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm
To set the TACACS+ protocol to determine whether or not a user can access privileged EXEC mode,
perform this task:
Command Purpose
Router(config-line)# password password
Sets a new password or change an existing password for the
privileged level.
Command Purpose
Router(config)# enable use-tacacs
Sets the TACACS-style user ID and password-checking
mechanism for the privileged EXEC mode.