Table of Contents
Advertisement
30 Cisco LAN Switching Configuration Handbook
3-3: Passwords and Password Recovery
Passwords provide a layer of protection for the switch to prevent unauthorized use.
■
■
Catalyst switches have two levels of password protection (user level and privileged
level).
Privileged passwords are encrypted for tighter security.
■
■
If a password is lost, IOS offers a password recovery process to gain access to the de-
vice.
Configuration of Passwords
(Optional; highly recommended) Configure a user-level password:
1.
(line) login
(line) password password
The user-level password prevents anyone who is not authorized from accessing the
command-line interface (CLI) from Telnet or console sessions. The command login
and a password must be configured on each line (con0 or vty). To enable password
checking at login, use the login command. The vty lines are often referred to as
Telnet. You can SSH into vty lines.
Note On a switch, you can configure a different user-level password for any line,
such as Telnet or console connections.
(Optional; highly recommended) Configure a privileged-level password:
2.
(global) enable secret password
The privileged password prevents anyone who is not authorized from gaining access
to privileged level, where configuration changes can be made to the switch and other
features. The enable secret command followed by the password is used to configure
the password.
Note Only the secret, privileged password is encrypted by default. You can use
the service password-encryption command to prevent the console and vty pass-
words from being stored in clear text.
Feature Example
This example shows a typical configuration for setting the user and privileged passwords:
Switch(config)# enable secret san-fran
Switch(config)# line vty 0 4
Switch(config-line)# password cisco
Hide quick links:
Advertisement
Table of Contents
