5-8
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter5 Administrating the Access Point
Protecting Access to Privileged EXEC Commands
To disable username authentication for a specific user, use the no username name global configuration
command.
To disable password checking and allow connections without a password, use the no login line
configuration command.
Note You must have at least one username configured and you must have login local set to open a Telnet
session to the wireless device. If you enter the only username for the no username command, you can
be locked out of the wireless device.
Alternatively, you can disable username verification for telnet with the line configuration command no
login. You can then login to the AP with user verification, and then you will need the enable password
(or enable secret) commands to gain privilege exec level. You can also grant this level by default to the
telnet line with the command privilege level 15.
Note If you use both the no login and privilege level 15 commands, any telnet client connecting to the AP will
have full privilege access to the AP.
ap(config)# line vty 0 4
ap(config-line)# no login
ap(config-line)# privilege level 15
Configuring Multiple Privilege Levels
By default, Cisco IOS software has two modes of password security: user EXEC and privileged EXEC.
You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple
passwords, you can allow different sets of users to have access to specified commands.
For example, if you want many users to have access to the clear line command, you can assign it
level2 security and distribute the level 2 password fairly widely. But if you want more restricted access
to the configure command, you can assign it level 3 security and distribute that password to a more
restricted group of users.
This section includes this configuration information:
Setting the Privilege Level for a Command, page5-9
Logging Into and Exiting a Privilege Level, page5-9