8-4
Catalyst 2960 Switch SoftwareConfiguration Guide
78-16881-01
Chapter8 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
Beginning in privileged EXEC mode, follow these steps to configure encryption for enable and enable
secret passwords:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 enable password [level level] {password |
encryption-type encrypted-password}
or
enable secret [level level] {password |
encryption-type encrypted-password}
Define a new password or change an existing password for
access to privileged EXEC mode.
or
Define a secret password, which is saved using a
nonreversible encryption method.
(Optional) For level, the range is from 0 to 15. Level 1
is normal user EXEC mode privileges. The default level
is 15 (privileged EXEC mode privileges).
For password, specify a string from 1 to 25
alphanumeric characters. The string cannot start with a
number, is case sensitive, and allows spaces but ignores
leading spaces. By default, no password is defined.
(Optional) For encryption-type, only type 5, a Cisco
proprietary encryption algorithm, is available. If you
specify an encryption type, you must provide an
encrypted password—an encrypted password that you
copy from another switch configuration.
Note If you specify an encryption type and then enter a
clear text password, you can not re-enter privileged
EXEC mode. You cannot recover a lost encrypted
password by any method.
Step3 service password-encryption (Optional) Encrypt the password when the password is
defined or when the configuration is written.
Encryption prevents the password from being readable in the
configuration file.
Step4 end Return to privileged EXEC mode.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.