9-7
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter9 Configuring Switch-Ba sed Authentication Protecting Access to Privileged EXEC Comman d s
To remove the password, use the no password global configuration command.
This example shows how to set the Telnet password to let45me67in89:
Switch(config)# line vty 10
Switch(config-line)# password let45me67in89
Configuring Username and Password Pairs
You can configure username and password pairs, which are locally stored on the switch. These pairs are
assigned to lines or interfaces and authenticate each user before that user can access the switch. If you
have defined privilege levels, you can also assign a specific privilege level (with associated rights and
privileges) to each username and password pair.
Beginning in privileged EXEC mode, follow these steps to establish a username-based authentication
system that requests a login username and a password:
Step7 show running-config Verify your entries.
The password is listed under the command line vty 0 15.
Step8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 username name [privilege level]
{password encryption-type password} Enter the username, privilege level, and password for each user.
For name, specify the user ID as one word. Spaces and quot at ion
marks are not allowed.
(Optional) For level, specify the privilege level the user has after
gaining access. The range is 0 to 15. Level 15 gives pri v ile ged EXE C
mode access. Level 1 gives user EXEC mode access.
For encryption-type, enter 0 to specify that an unencrypted password
will follow. Enter 7 to specify that a hidden password will follow.
For password, specify the password the user must enter to gain access
to the switch. The password must be from 1 to 25 characters, can
contain embedded spaces, and must be the last option sp ecif ied in t he
username command.
Step3 line console 0
or
line vty 0 15
Enter line configuration mode, and configure the console port (line 0) or
the VTY lines (line 0 to 15).
Step4 login local Enable local password checking at login time. Authentication is bas ed o n
the username specified in Step 2.
Step5 end Return to privileged EXEC mode.
Step6 show running-config Verify your entries.
Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.