3-14
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter3 Configuring the Switch for the First Time
Controlling Access to Privileged EXEC Commands
Using the enable password and enable secret Commands
To provide an additional layer of security, particularly for passwords that cross the network or that are
stored on a TFTP server, you can use either the enable password or enable secret command. Both
commands configure an encrypted password that you must enter to ac cess the enable mode (the default)
or any other privilege level that you specify.
We recommend that you use the enable secret command.
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
To configure the switch to require an enable password, perform either one of these tasks:
When you enter either of these password commands with the level option, you define a password for a
specific privilege level. After you specify the level and set a password, give the password only to users
who need to have access at this level. Use the privilege level configuration command to specify
commands accessible at various levels.
If you enable the service password-encryption command, the password you enter is encrypted. When
you display the password with the more system:running-config command, the password displays the
password in encrypted form.
If you specify an encryption type, you must provide an encry pted password—an encrypted password you
copy from another Catalyst 4500 series switch configuration.
Note You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the
“Recovering a Lost Enable Password” section on page 3-18 for more in formation.
For information on how to display the password or access level configuration, see the “Displaying the
Password, Access Level, and Privilege Level Configuration” section on page 3-17.
Setting or Changing a Privileged Password
To set or change a privileged password, perform this task:
Command Purpose
Switch(config)# enable password [level
level
] {
password
|
encryption-type
encrypted-password
}
Establishes a password for the privileged EXEC
mode.
Switch(config)# enable secret [level
level
] {
password
|
encryption-type
encrypted-password
}
Specifies a secret password that will be saved using
a nonreversible encryption method. (If
enable password and enable secret commands are
both set, users must enter the enable secret
password.)
Command Purpose
Switch(config-line)# password
password
Sets a new password or changes an existing password
for the privileged level.