Chapter 9
Configuring Switch-Based Authentication
Default Password and Privilege Level Configuration
Table 9-1
Table 9-1
Default Password and Privilege Levels
Feature
Enable password and privilege level
Enable secret password and privilege level
Line password
Setting or Changing a Static Enable Password
The enable password controls access to the privileged EXEC mode. Beginning in privileged EXEC
mode, follow these steps to set or change a static enable password:
Command
Step 1
configure terminal
Step 2
enable password password
Step 3
end
Step 4
show running-config
Step 5
copy running-config startup-config
To remove the password, use the no enable password global configuration command.
This example shows how to change the enable password to l1u2c3k4y5. The password is not encrypted
and provides access to level 15 (traditional privileged EXEC mode access):
Switch(config)# enable password l1u2c3k4y5
OL-19720-02
shows the default password and privilege level configuration.
Default Setting
No password is defined. The default is level 15 (privileged EXEC level).
The password is not encrypted in the configuration file.
No password is defined. The default is level 15 (privileged EXEC level).
The password is encrypted before it is written to the configuration file.
No password is defined.
Purpose
Enter global configuration mode.
Define a new password or change an existing password for access to
privileged EXEC mode.
By default, no password is defined.
For password, specify a string from 1 to 25 alphanumeric characters. The
string cannot start with a number, is case sensitive, and allows spaces but
ignores leading spaces. It can contain the question mark (?) character if
you precede the question mark with the key combination Crtl-v when you
create the password; for example, to create the password abc?123, do this:
Enter abc.
Enter Crtl-v.
Enter ?123.
When the system prompts you to enter the enable password, you need not
precede the question mark with the Ctrl-v; you can simply enter abc?123
at the password prompt.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
The enable password is not encrypted and can be read in the switch
configuration file.
Protecting Access to Privileged EXEC Commands
Catalyst 2975 Switch Software Configuration Guide
9-3