Set up local user accounts with different privilege levels and secure password policies for switch management access.

Step 1: Configure the enable password Set the privileged EXEC mode password that grants administrative access to the switch.

1
2
3

SW1>enable
SW1#configure terminal
SW1(config)#enable secret Cisco123!

Step 2: Create local user accounts Create user accounts with different privilege levels - level 15 for full admin access, level 1 for basic monitoring.

1
2
3

SW1(config)#username admin privilege 15 secret AdminPass456!
SW1(config)#username operator privilege 1 secret OpPass789!
SW1(config)#username neteng privilege 15 secret NetEng321!

Step 3: Configure console line security Secure the console port to require local authentication and set session timeout.

1
2
3
4
5

SW1(config)#line console 0
SW1(config-line)#login local
SW1(config-line)#exec-timeout 10 0
SW1(config-line)#logging synchronous
SW1(config-line)#exit

Step 4: Configure VTY lines for remote access Set up Telnet/SSH access with local authentication and connection limits.

1
2
3
4
5

SW1(config)#line vty 0 15
SW1(config-line)#login local
SW1(config-line)#transport input ssh telnet
SW1(config-line)#exec-timeout 15 0
SW1(config-line)#exit

Step 5: Set password policies (optional) Configure minimum password length and complexity requirements.

1
2
3

SW1(config)#security passwords min-length 8
SW1(config)#service password-encryption
SW1(config)#end

Step 6: Verify the configuration

1
2
3

SW1#show running-config | section username
SW1#show privilege
SW1#show users

Key Points:

• Use secret instead of password for stronger encryption
• Privilege level 15 = full admin, level 1 = basic user access
• service password-encryption encrypts all plaintext passwords in config
• Always test new accounts before logging out of current session