Protecting Access to Privileged EXEC Commands
To prevent unauthorized access into your switch, you should configure one or more of these security
features:
•
•
•
Protecting Access to Privileged EXEC Commands
A simple way of providing terminal access control in your network is to use passwords and assign
privilege levels. Password protection restricts access to a network or network device. Privilege levels
define what commands users can enter after they have logged into a network device.
For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS
Note
Security Command Reference for Release 12.1.
This section describes how to control access to the configuration file and privileged EXEC commands.
It contains this configuration information:
•
•
•
•
•
•
Catalyst 2950 Desktop Switch Software Configuration Guide
7-2
At a minimum, you should configure passwords and privileges at each switch port. These passwords
are locally stored on the switch. When users attempt to access the switch through a port or line, they
must enter the password specified for the port or line before they can access the switch. For more
information, see the
"Protecting Access to Privileged EXEC Commands" section on page
For an additional layer of security, you can also configure username and password pairs, which are
locally stored on the switch. These pairs are assigned to lines or interfaces and authenticate each
user before that user can access the switch. If you have defined privilege levels, you can also assign
a specific privilege level (with associated rights and privileges) to each username and password pair.
For more information, see the
If you want to use username and password pairs, but you want to store them centrally on a server
instead of locally, you can store them in a database on a security server. Multiple networking devices
can then use the same database to obtain user authentication (and, if necessary, authorization)
information. For more information, see the
page
7-9.
Default Password and Privilege Level Configuration, page 7-3
Setting or Changing a Static Enable Password, page 7-3
Protecting Enable and Enable Secret Passwords with Encryption, page 7-4
Setting a Telnet Password for a Terminal Line, page 7-5
Configuring Username and Password Pairs, page 7-6
Configuring Multiple Privilege Levels, page 7-7
"Configuring Username and Password Pairs" section on page
"Controlling Switch Access with TACACS+" section on
Chapter 7
Administering the Switch
7-2.
7-6.
78-11380-04