Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

9-7

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 9 Configuring Switch-Based Authentication

Protecting Access to Privileged EXEC Commands

Configuring Username and Password Pairs

You can configure username and password pairs, which are locally stored on the switch. These pairs are

assigned to lines or ports and authenticate each user before that user can access the switch. If you have

defined privilege levels, you can also assign a specific privilege level (with associated rights and

privileges) to each username and password pair.

Beginning in privileged EXEC mode, follow these steps to establish a username-based authentication

system that requests a login username and a password:

To disable username authentication for a specific user, use the no username name global configuration

command. To disable password checking and allow connections without a password, use the no login

line configuration command.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

username name [privilege level]

{password encryption-type password}

Enter the username, privilege level, and password for each user.

• For name, specify the user ID as one word. Spaces and quotation

marks are not allowed.

• (Optional) For level, specify the privilege level the user has after

gaining access. The range is 0 to 15. Level 15 gives privileged EXEC

mode access. Level 1 gives user EXEC mode access.

• For encryption-type, enter 0 to specify that an unencrypted password

will follow. Enter 7 to specify that a hidden password will follow.

• For password, specify the password the user must enter to gain access

to the switch. The password must be from 1 to 25 characters, can

contain embedded spaces, and must be the last option specified in the

username command.

Step 3

line console 0

or

line vty 0 15

Enter line configuration mode, and configure the console port (line 0) or

the VTY lines (line 0 to 15).

Step 4

login local Enable local password checking at login time. Authentication is based on

the username specified in Step 2.

Step 5

end Return to privileged EXEC mode.

Step 6

show running-config Verify your entries.

Step 7

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next