10-2
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 10 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
If you want to use username and password pairs, but you want to store them centrally on a server
instead of locally, you can store them in a database on a security server. Multiple networking devices
can then use the same database to obtain user authentication (and, if necessary, authorization)
information. For more information, see the “Controlling Switch Access with TACACS+” section on
page 10-10.
You can also enable the login enhancements feature, which logs both failed and unsuccessful login
attempts. Login enhancements can also be configured to block future login attempts after a set
number of unsuccessful attempts are made. For more information, see the Cisco IOS Login
Enhancements documentation at this URL:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_login.html
Protecting Access to Privileged EXEC Commands
A simple way of providing terminal access control in your network is to use passwords and assign
privilege levels. Password protection restricts access to a network or network device. Privilege levels
define what commands users can enter after they have logged into a network device.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Security Command Reference, Release 12.2.
These sections contain this configuration information:
Default Password and Privilege Level Configuration, page 10-2
Setting or Changing a Static Enable Password, page 10-3
Protecting Enable and Enable Secret Passwords with Encryption, page 10-3
Disabling Password Recovery, page 10-5
Setting a Telnet Password for a Terminal Line, page 10-6
Configuring Username and Password Pairs, page 10-6
Configuring Multiple Privilege Levels, page 10-7

Default Password and Privilege Level Configuration

Table 10-1 shows the default password and privilege level configuration.
Tab le 10-1 Default Password and Privilege Levels
Feature Default Setting
Enable password and privilege level No password is defined. The default is level 15 (privileged EXEC level).
The password is not encrypted in the configuration file.
Enable secret password and privilege level No password is defined. The default is level 15 (privileged EXEC level).
The password is encrypted before it is written to the configuration file.
Line password No password is defined.