9-6
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter9 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
Beginning in privileged EXEC mode, follow these steps to disable password recovery:
To re-enable password recovery, use the service password-recovery global configuration command.
Note Disabling password recovery will not work if you have set the switch to boot manually by usin g the boot
manual global configuration command. This command produces the boo t loader prompt (switch:) after
the switch is power cycled.
Setting a Telnet Password for a Terminal Line
When you power-up your switch for the first time, an automatic setup p rog ram run s t o as sig n IP
information and to create a default configuration for continued use. The setup program a lso prompts you
to configure your switch for Telnet access through a password. If you neglected to co nfigure thi s
password during the setup program, you can configure it now through the command-line inte rface (CLI).
Beginning in privileged EXEC mode, follow these steps to configure your switch for Telnet access:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 no service password-recovery Disable password recovery.
This setting is saved in an area of the flash memory that is accessible by
the boot loader and the software image, but it is not part of the file system
and is not accessible by any user.
Step3 end Return to privileged EXEC mode.
Step4 show version Verify the configuration by checking the last few lines of the display.
Command Purpose
Step1 Attach a PC or workstation with emulation software to the switch console
port.
The default data characteristics of the console port are 9600 , 8, 1, n o
parity. You might need to press the Return key several times to see the
command-line prompt.
Step2 enable password password Enter privileged EXEC mode.
Step3 configure terminal Enter global configuration mode.
Step4 line vty 0 15 Configure the number of Telnet sessions (lines), and enter line
configuration mode.
There are 16 possible sessions on a command-capable switch. The 0
and 15 mean that you are configuring all 16 possible Telnet sessions.
Step5 password password Enter a Telnet password for the line or lines.
For password, specify a string from 1 to 25 alphanumeric char acters. The
string cannot start with a number, is case sensitive, and allows spaces but
ignores leading spaces. By default, no password is defined.
Step6 end Return to privileged EXEC mode.