Cisco CISCO1401 Software Guide - Page 57

Chapter 5 Administering the Bridge Protecting Access to Privileged EXEC Commands If both the enable and enable secret passwords are defined, users must enter the enable secret password. Use the level keyword to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level global configuration command to specify commands accessible at various levels. For more information, see the "Configuring Multiple Privilege Levels" section on page 5-6. If you enable password encryption, it applies to all passwords including username passwords, authentication key passwords, the privileged command password, and console and virtual terminal line passwords. To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. This example shows how to configure the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8 for privilege level 2: bridge(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8 Configuring Username and Password Pairs You can configure username and password pairs, which are locally stored on the bridge. These pairs are assigned to lines or interfaces and authenticate each user before that user can access the bridge. If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Beginning in privileged EXEC mode, follow these steps to establish a username-based authentication system that requests a login username and a password: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal username name [privilege level] {password encryption-type password} login local end show running-config copy running-config startup-config Purpose Enter global configuration mode. Enter the username, privilege level, and password for each user. • For name, specify the user ID as one word. Spaces and quotation marks are not allowed. • (Optional) For level, specify the privilege level the user has after gaining access. The range is 0 to 15. Level 15 gives privileged EXEC mode access. Level 1 gives user EXEC mode access. • For encryption-type, enter 0 to specify that an unencrypted password will follow. Enter 7 to specify that a hidden password will follow. • For password, specify the password the user must enter to gain access to the bridge. The password must be from 1 to 25 characters, can contain embedded spaces, and must be the last option specified in the username command. Enable local password checking at login time. Authentication is based on the username specified in Step 2. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. OL-4059-01 Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide 5-5