This is part of a Getting Started series in configuring Cisco switches and routers. The series can be used to help prepare for the CCNA certification. Our last post was on Configuring a Management IP Address.
The story of our lives.. username and passwords. Make it secure and complex. In this post I will show you how to configure a username that has god-like privileges on a switch. The user account will be configured with a secret.
The secret is a password for the user account but is different from using the password keyword. The difference is one is stored in cleartext and the other is encrypted. And you got it, the secret is encrypted.
A username and password is required if you want to log in remotely and configure a switch. To do this, enter global configuration mode. Then the username syntax is used to create a username and password.
Core-Switch-A#configure terminal Core-Switch-A(config)#username rowell privilege 15 secret Cisco619
Break down the command:
username rowell creates a username with my name, rowell
privilege 15 sets the privilege level for this user account. Privilege levels 0 through 15. Level 15 is the highest. Other privilege levels need to be perviously defined.
secret Cisco619 sets the secret to Cisco619. This is the password for the user account.
That is all she wrote. More enhanced security measures include using RADIUS or TACACS for authenticating user logins. This allows each user to log in with their own account and have all their actions performed on the switch documented.
If you cannot have a RADIUS/TACACS server, at the minimum, configure each network administrator with their own set of credentials.
Get certified on Cisco technologies with the CCNA Official Certification Guide.