2950 and 3550 Switches

2950 and 3550 Switches
The commands for setting the passwords are the same as for a router. Those of you used to configuring
the password levels on a 1900 switch will find that they are optional on an IOS-based
device. The enable secret password supersedes the enable password and automatically encrypts
the displayed password by default.
Switch>enable
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password
secret Assign the privileged level secret
use-tacacs Use TACACS to check enable passwords
As you can see from the script, the password can be set locally or can be
assigned using a protocol called TACACS.
Switch(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
Entering the password with no additional options causes the password to be encrypted
automatically, thus preventing it from being read by unauthorized viewers. You can see that
san-fran has become $1$dytq$lj7l6VJbtocypNs1DgW2X.
Switch(config)#enable secret san-fran
Switch(config)#^Z
Switch#show running-config
Building configuration...
Current configuration : 1404 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$dytq$lj7l6VJbtocypNs1DgW2X.
!
Because the enable secret password takes precedence over the standard
enable password, it is common practice for many users to set only the enable
secret. More complex security is commonly obtained using TACACS.

The remote access Telnet (vty) password prevents unauthorized access by other network
users. By default, this is disabled, and the show running-config command will display no vty
numbers. The passwords are set using the line mode, after which they will appear, as in the following
example:
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 4
Switch(config-line)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
Switch(config-line)#password telnet
Switch(config-line)#^Z
Switch#
Now the running configuration displays both the lines configured for access and the password:
Switch#show running-config
Building configuration...
Current configuration : 1448 bytes
[output omitted]
line con 0
line vty 0 4
password telnet
login
line vty 5 15
login
!
end