By using only the login command, you are only enabling password checking for the line password, configured on that line. The login command enables password checking. This is different than just the login command, by itself. To tell each line to use these new user logins, you must go to each line and perform the login local command. Enabling Lines to use the Local Authentication Database Once these users are created, you need to enable the login on the lines to use the local database instead of just the line password, or no password at all. The user Bob will have level 7 access (moderate user access). The Admin user will have level 15 (Cisco administrator / super-user access). Let’s create 2 users with different privileges. To create the user database, you use the username command. In this example, we will create a basic local authentication database containing usernames and passwords, and then use that to login to the Cisco IOS device. The Cisco IOS can, of course, also support external authentication through services like Cisco ACS and RADIUS. If you chose to do so, this username could be logged so that you know when that user logged into the router, and when they logged off. By doing this, you have the real name of the person who is accessing the device. However, the Cisco IOS can take this a step further, and have actual usernames and passwords assigned for access. When this is done, a password is assigned to allow access to the privileged/global configuration mode, and to protect initial entry to the user mode of the IOS. The most basic level of security you can configure on a Cisco IOS device is a password.
0 kommentar(er)
