Allied Telesis AT-8100 Series User Manual

Chapter 84: Local Manager Accounts

1384

Activating Command Mode Restriction and Creating the Special
Password

Command mode restriction is a security feature. It requires that managers
who have the privilege level 1 enter a special password to manage the
switch. The switch prompts for the special password when the ENABLE
command is used to move to the Privileged Exec mode from the User
Exec mode. The prompt is shown in Figure 234 on page 1379. Managers
who do not know the password or have the privilege level 1 are restricted
to the User Exec mode.

Note

Managers with a privilege level of 15 are only required to enter the
ENABLE command to access the Privileged Exec mode and are not
required to enter this password.

The command for activating command mode restriction and creating or
changing the password is the ENABLE PASSWORD command in the
Global Configuration mode. The switch can have only one special
password. Here is the format of the command:

enable password [8]

password

The PASSWORD parameter specifies the special password. You can
enter the password in plaintext or encrypted. A plaintext password is case-
sensitive and can have up to 16 alphanumeric characters including special
characters. Spaces are not allowed. An encrypted password must be
preceded by the number “8” and a space.

This example activates command mode restriction and creates the special
password “Day89lane:”

awplus> enable
awplus# configure terminal
awplus(config)# enable password Day89lane

This example activates command mode restriction and specifies the
password as “ship247,” in encrypted form:

awplus> enable
awplus# configure terminal
awplus(config)# enable password 8 85076026566ed1dd84a709c0f
dd1fa9f

To confirm the configuration, display the running configuration with
“SHOW RUNNING-CONFIG” on page 170.