Configuring Username and Password Security

Saving Security Credentials in a Config File

Local Manager and Operator Passwords

The information saved to the running-config file when the include-credentialscommand is entered includes:

password manager [user-name <name>] <hash-type> <pass-hash> password operator [user-name <name>] <hash-type> <pass-hash>

where

<name> is an alphanumeric string for the user name assigned to the manager or operator.

<hash-type> indicates the type of hash algorithm used: SHA-1 or plain text.

<pass-hash> is the SHA-1 authentication protocol’s hash of the password or clear ASCII text.

For example, a manager username and password may be stored in a running- config file as follows:

 

password manager user-name George SHA1

 

2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

 

Use the write memory command to save the password configurations in the

 

startup-config file. The passwords take effect when the switch boots with the

 

software version associated with that configuration.

 

 

C a u t i o n

If a startup configuration file includes other security credentials, but does not

 

contain a manager or operator password, the switch will not have password

 

protection and can be accessed through Telnet, the serial port, or web

 

interface with full manager privileges.

 

 

Password Command Options

The password command has the following options:

Syntax: [no] password <manager operator port-access> [user-name <name>] <hash-type> <password>

Set or clear a local username/password for a given access level.

manager: configures access to the switch with manager-level privileges.

operator: configures access to the switch with operator-level privileges.

port-access:configures access to the switch through 802.1X authentication with operator-level privileges.

2-12