Table of Contents
Advertisement
Chapter 7
Configuring Switch-Based Authentication
This example shows how to configure the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8 for
privilege level 2:
Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8
Disabling Password Recovery
By default, any end user with physical access to the switch can recover from a lost password by
interrupting the bootup process while the switch is powering on and then by entering a new password.
The password-recovery disable feature protects access to the switch password by disabling part of this
functionality. When this feature is enabled, the end user can interrupt the bootup process only by
agreeing to set the system back to the default configuration. With password recovery disabled, you can
still interrupt the bootup process and change the password, but the configuration file (config.text) and
the VLAN database file (vlan.dat) are deleted.
Note
If you disable password recovery, we recommend that you keep a backup copy of the configuration file
on a secure server in case the end user interrupts the bootup process and sets the system back to default
values. Do not keep a backup copy of the configuration file on the switch. If the switch is operating in
VTP transparent mode, we recommend that you also keep a backup copy of the VLAN database file on
a secure server. When the switch is returned to the default system configuration, you can download the
saved files to the switch by using the Xmodem protocol. For more information, see the
a Lost or Forgotten Password" section on page
Beginning in privileged EXEC mode, follow these steps to disable password recovery:
Command
Step 1
configure terminal
Step 2
no service password-recovery
Step 3
end
Step 4
show version
To re-enable password recovery, use the service password-recovery global configuration command.
Disabling password recovery will not work if you have set the switch to boot up manually by using the
Note
boot manual global configuration command. This command produces the bootloader prompt (switch:)
after the switch is power cycled.
OL-8915-03
40-3.
Purpose
Enter global configuration mode.
Disable password recovery.
This setting is saved in an area of the flash memory that is accessible by
the bootloader and the Cisco IOS image, but it is not part of the file system
and is not accessible by any user.
Return to privileged EXEC mode.
Verify the configuration by checking the last few lines of the command
output.
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
Protecting Access to Privileged EXEC Commands
"Recovering from
7-5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
