Protecting Access to Privileged EXEC Commands
Use either of these commands with the level option to define a password for a specific privilege level.
After you specify the level and set a password, give the password only to users who need to have access
at this level. Use the privilege level configuration command to specify commands accessible at various
levels.
If you enable the service password-encryption command, the password you enter is encrypted. When
you display it with the more system:running-config command, it displays in encrypted form.
If you specify an encryption type, you must provide an encrypted password that you copy from another
Cisco 7600 series router configuration.
You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the
Note
"Recovering a Lost Enable Password" section on page 3-19
To display the password or access level configuration, see the
and Privilege Level Configuration" section on page
Setting or Changing a Line Password
To set or change a password on a line, perform this task:
Command
Router(config-line)# password password
To display the password or access level configuration, see the
and Privilege Level Configuration" section on page
Setting TACACS+ Password Protection for Privileged EXEC Mode
For complete information about TACACS+, refer to these publications:
•
•
To set the TACACS+ protocol to determine whether or not a user can access privileged EXEC mode,
perform this task:
Command
Router(config)# enable use-tacacs
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
3-16
Cisco IOS Security Configuration Guide, Release 12.2, "Authentication, Authorization, and
Accounting (AAA)," at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html
Cisco IOS Security Command Reference, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
Chapter 3
if you lose or forget your password.
"Displaying the Password, Access Level,
3-19.
Purpose
Sets a new password or change an existing password for the
privileged level.
"Displaying the Password, Access Level,
3-19.
Purpose
Sets the TACACS-style user ID and password-checking
mechanism for the privileged EXEC mode.
Configuring the Router for the First Time
OL-4266-08