Cisco Cisco Aironet 3500e Access Point
5-7
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter 5 Administering the Access Point
Protecting Access to Privileged EXEC Commands
If both the enable and enable secret passwords are defined, users must enter the enable secret password.
Use the level keyword to define a password for a specific privilege level. After you specify the level and
set a password, give the password only to users who need to have access at this level. Use the privilege
level global configuration command to specify commands accessible at various levels. For more
information, see the
set a password, give the password only to users who need to have access at this level. Use the privilege
level global configuration command to specify commands accessible at various levels. For more
information, see the
.
If you enable password encryption, it applies to all passwords including username passwords,
authentication key passwords, the privileged command password, and console and virtual terminal line
passwords.
authentication key passwords, the privileged command password, and console and virtual terminal line
passwords.
To remove a password and level, use the no enable password [level level] or no enable secret [level
level] global configuration command. To disable password encryption, use the no service
password-encryption global configuration command.
level] global configuration command. To disable password encryption, use the no service
password-encryption global configuration command.
This example shows how to configure the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8 for
privilege level 2:
privilege level 2:
AP(config)# enable secret level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8
Configuring Username and Password Pairs
Command
Purpose
Step 1
Step 2
•
For name, specify the user ID as one word. Spaces and quotation
marks are not allowed.
marks are not allowed.
•
(Optional) For level, specify the privilege level the user has after
gaining access. The range is 0 to 15. Level 15 gives privileged EXEC
mode access. Level 1 gives user EXEC mode access.
gaining access. The range is 0 to 15. Level 15 gives privileged EXEC
mode access. Level 1 gives user EXEC mode access.
•
For encryption-type, enter 0 to specify that an unencrypted password
will follow. Enter 7 to specify that a hidden password will follow.
will follow. Enter 7 to specify that a hidden password will follow.
•
For password, specify the password the user must enter to gain access
to the wireless device. The password must be from 1 to 25 characters,
can contain embedded spaces, and must be the last option specified
in the username command.
to the wireless device. The password must be from 1 to 25 characters,
can contain embedded spaces, and must be the last option specified
in the username command.
Step 3
Step 4
Step 5
Step 6
You can configure username and password pairs, which are locally stored on the wireless device. These
pairs are assigned to lines or interfaces and authenticate each user before that user can access the wireless
device. If you have defined privilege levels, you can also assign a specific privilege level (with associated
rights and privileges) to each username and password pair.
pairs are assigned to lines or interfaces and authenticate each user before that user can access the wireless
device. If you have defined privilege levels, you can also assign a specific privilege level (with associated
rights and privileges) to each username and password pair.
Beginning in privileged EXEC mode, follow these steps to establish a username-based authentication
system that requests a login username and a password:
system that requests a login username and a password:
configure terminal
Enter global configuration mode.
username name [privilege level]
{password encryption-type password}
{password encryption-type password}
Enter the username, privilege level, and password for each user.
login local
Enable local password checking at login time. Authentication is based on
the username specified in Step 2.
the username specified in Step 2.
end
Return to privileged EXEC mode.
show running-config
Verify your entries.
copy running-config startup-config
(Optional) Save your entries in the configuration file.