8-2
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 8 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
Protecting Access to Privileged EXEC Commands
A simple way of providing terminal access control in your network is to use passwords and assign
privilege levels. Password protection restricts access to a network or network device. Privilege levels
define what commands users can enter after they have logged into a network device.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Security Command Reference for Cisco IOS Release 12.
This section describes how to control access to the configuration file and privileged EXEC commands.
It contains this configuration information:
• Default Password and Privilege Level Configuration, page 8-2
• Setting or Changing a Static Enable Password, page 8-3
• Protecting Enable and Enable Secret Passwords with Encryption, page 8-4
• Disabling Password Recovery, page 8-5
•Setting a Telnet Password for a Terminal Line, page 8-6
• Configuring Username and Password Pairs, page 8-7
• Configuring Multiple Privilege Levels, page 8-8
Default Password and Privilege Level Configuration
Table 8-1 shows the default password and privilege level configuration.
Ta b l e 8-1 Default Password and Privilege Levels
Feature Default Setting
Enable password and privilege level No password is defined. The default is level 15 (privileged EXEC level).
The password is not encrypted in the configuration file.
Enable secret password and privilege level No password is defined. The default is level 15 (privileged EXEC level).
The password is encrypted before it is written to the configuration file.
Line password No password is defined.