428
Chapter 11
Access Policies
You should already be aware of how to set passwords on Cisco routers and
switches and use the information presented in this section as a review.
Enable Passwords
Enable passwords are very important because they stop users from gaining
access to privileged mode, where they can view and change the configuration
of the device. You set the enable passwords from global configuration mode:
Router(config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password
secret Assign the privileged level secret
use-tacacs Use TACACS to check enable passwords
The commands are as follows:
last-resort
Used if you set up authentication through a tacacs server
and the server is not available. This will allow the administrator to still
enter the router. However, it is not used if the tacacs server is working.
password
Sets the enable password on older, pre-10.3 systems. Not
used if an enable secret is set.
secret
The newer, encrypted password. Overrides the enable password
if set.
use-tacacs
Tells the router to authenticate through a tacacs server.
This is convenient if you have dozens or even hundreds of routers. How
would you like to change the password on 200 routers? With the tacacs
server, you need to change the password only once.
Here is an example of how to set the enable secret password:
Router(config)#enable secret todd
Router(config)#enable password todd
The enable password you have chosen is the same as your
enable secret. This is not recommended. Re-enter the
enable password.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com