|
2950 and 3550 Switches
Dec 03,2008 00:00
by
alperen
2950 and 3550 Switches The commands for setting the passwords are the same as for a router. Those of you used to configuring the password levels on a 1900 switch will find that they are optional on an IOS-based device. The enable secret password supersedes the enable password and automatically encrypts the displayed password by default. Switch>enable Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#enable ? last-resort Define enable action if no TACACS servers respond password Assign the privileged level password secret Assign the privileged level secret use-tacacs Use TACACS to check enable passwords As you can see from the script, the password can be set locally or can be assigned using a protocol called TACACS. Switch(config)#enable secret ? 0 Specifies an UNENCRYPTED password will follow 5 Specifies an ENCRYPTED secret will follow LINE The UNENCRYPTED (cleartext) 'enable' secret level Set exec level password Entering the password with no additional options causes the password to be encrypted automatically, thus preventing it from being read by unauthorized viewers. You can see that san-fran has become $1$dytq$lj7l6VJbtocypNs1DgW2X. Switch(config)#enable secret san-fran Switch(config)#^Z Switch#show running-config Building configuration... Current configuration : 1404 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! enable secret 5 $1$dytq$lj7l6VJbtocypNs1DgW2X. ! Because the enable secret password takes precedence over the standard enable password, it is common practice for many users to set only the enable secret. More complex security is commonly obtained using TACACS. The remote access Telnet (vty) password prevents unauthorized access by other network users. By default, this is disabled, and the show running-config command will display no vty numbers. The passwords are set using the line mode, after which they will appear, as in the following example: Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#line vty 0 4 Switch(config-line)#login % Login disabled on line 1, until 'password' is set % Login disabled on line 2, until 'password' is set % Login disabled on line 3, until 'password' is set % Login disabled on line 4, until 'password' is set % Login disabled on line 5, until 'password' is set Switch(config-line)#password telnet Switch(config-line)#^Z Switch# Now the running configuration displays both the lines configured for access and the password: Switch#show running-config Building configuration... Current configuration : 1448 bytes [output omitted] line con 0 line vty 0 4 password telnet login line vty 5 15 login ! end |