Enter privileged mode
Switch> enable
Switch#
Examine the current
switch configuration
Switch# show running-config
Create a Basic Switch Configuration
Assign a name to a
switch
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# exit
S1#
Secure access to the
console line (Console Password)
S1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)# line console 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# exit
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Verify that console access is secured
S1# exit
Switch con0 is now available
Press RETURN to get started.
User Access Verification
Password:
S1>
Note:
If the switch did not prompt you for a password, then you did not configure the
login parameter on console line
Secure privileged mode access (Privileged password)
Set the enable
password to cisco1. This password
protects access to privileged mode.
S1> enable
S1# configure terminal
S1(config)# enable password
cisco1
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Note:
This password will not grade as correct until after you encrypt it
Configure an encrypted password to secure access to
privileged mode
S1# config t
S1(config)# enable secret class
S1(config)# exit
S1#
The enable
password should be replaced with the newer encrypted secret password using
the enable secret command
Note: The enable secret password overrides the enable password. If both are configured
on the switch, you must enter the enable
secret password to enter privileged EXEC mode.
Verify that the enable
secret password is added to the configuration file.
a.
Enter the show
running-configuration command again to verify the new enable secret password is configured.
Note: You can
abbreviate show running-configuration
as
S1# show run
b.
What is displayed for the enable secret password? $1$mERr$ILwq/b7kc.7X/ejA4Aosn0
c.
Why is the enable
secret password displayed differently from what we configured? The enable secret is shown in encrypted form, whereas the
enable password is in plain text.
Encrypt the
enable and console passwords
S1# config t
S1(config)# service
password-encryption
S1(config)# exit
The enable secret
password was encrypted, but the enable
and console passwords were still in
plain text. We will now encrypt these plain text passwords using the service password-encryption command
Configure a MOTD Banner
S1# config t
S1(config)# banner motd
"This is a secure system. Authorized Access Only!"
S1(config)# exit
When will this banner be displayed? The message will be displayed when someone enters the
switch through the console port.
Save Configuration Files
to NVRAM
S1# copy running-config
startup-config
Destination filename [startup-config]?[Enter]
Building configuration...
[OK]
What is the shortest, abbreviated version of the copy running-config startup-config
command? cop r s