Cisco Systems 0L-11350-01 Configuring Username and Password Pairs

5-7

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter5 Administering the Access PointWireless Device Access

Protecting Access to Privileged EXEC Commands

If both the enable and enable secret passwords are defined, users must enter the enable secret password.

Use the level keyword to define a password for a specific privilege level. After you specify the level and

set a password, give the password only to users who need to have access at this level. Use the privilege

level global configuration command to specify commands accessible at various levels. For more

information, see the “Configuring Multiple Privilege Levels” section on page5-8.

If you enable password encryption, it applies to all passwords including username passwords,

authentication key passwords, the privileged command password, and console and virtual terminal line

passwords.

To remove a password and level, use the no enable password [level level] or no enable secret [level

level] global configuration command. To disable password encryption, use the no service

password-encryption global configuration command.

This example shows how to configure the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8 for

privilege level 2:

AP(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8

Configuring Username and Password Pairs

You can configure username and password pairs, which are locally stored on the wireless device. These

pairs are assigned to lines or interfaces and authenticate each user before that user can access the wireless

device. If you have defined privilege levels, you can also assign a specific privilege level (with

associated rights and privileges) to each username and password pair.

Beginning in privileged EXEC mode, follow these steps to establish a username-based authentication

system that requests a login username and a password:

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 username name [privilege level]

{password encryption-type password}

Enter the username, privilege level, and password for each user.

•For name, specify the user ID as one word. Spaces and quotation

marks are not allowed.

•(Optional) For level, specify the privilege level the user has after

gaining access. The range is 0 to 15. Level 15 gives privileged EXEC

mode access. Level 1 gives user EXEC mode access.

•For encryption-type, enter 0 to specify that an unencrypted password

will follow. Enter 7 to specify that a hidden password will follow.

•For password, specify the password the user must enter to gain access

to the wireless device. The password must be from 1 to 25 characters,

can contain embedded spaces, and must be the last option specified

in the username command.

Step3 login local Enable local password checking at login time. Authentication is based on

the username specified in Step 2.

Step4 end Return to privileged EXEC mode.

Step5 show running-config Verify your entries.

Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.