Cisco 2950 Software Configuration Guide - Page 185
Disabling Password Recovery - recovery xmodem
UPC - 746320454504
View all Cisco 2950 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 185 highlights
Chapter 9 Configuring Switch-Based Authentication Protecting Access to Privileged EXEC Commands If both the enable and enable secret passwords are defined, users must enter the enable secret password. Use the level keyword to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level global configuration command to specify commands accessible at various levels. For more information, see the "Configuring Multiple Privilege Levels" section on page 9-8. If you enable password encryption, it applies to all passwords including username passwords, authentication key passwords, the privileged command password, and console and virtual terminal line passwords. To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. This example shows how to configure the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8 for privilege level 2: Switch(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Disabling Password Recovery By default, any end user with physical access to the Catalyst 2950 Long-Reach Ethernet (LRE) switch can recover from a lost password by interrupting the boot process while the switch is powering on and then by entering a new password. The password-recovery disable feature protects access to the switch password by disabling part of this functionality. When this feature is enabled, the end user can interrupt the boot process only by agreeing to set the system back to the default configuration. With password recovery disabled, you can still interrupt the boot process and change the password, but the configuration file (config.text) and the VLAN database file (vlan.dat) are deleted. Note The password recovery disable feature is available only on Catalyst 2950 LRE switches; it is not available for non-LRE Catalyst 2950 switches or for Catalyst 2955 switches. Note If you disable password recovery, we recommend that you keep a backup copy of the configuration file on a secure server in case the end user interrupts the boot process and sets the system back to default values. Do not keep a backup copy of the configuration file on the switch. If the switch is operating in VTP transparent mode, we recommend that you also keep a backup copy of the VLAN database file on a secure server. When the switch is returned to the default system configuration, you can download the saved files to the switch by using the Xmodem protocol. For more information, see the "Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches" section on page 32-2, the "Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches" section on page 32-4, and the "Recovering from Lost or Forgotten Passwords on Catalyst 2955 Switches" section on page 32-8. 78-11380-10 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 9-5