3.2 Basic Configuration of the Switch
3.2.2 Setting a password

One of the first tasks to perform when configuring a device is to secure it against unauthorized access. The simplest form of security is to limit access to the switches with passwords. By setting passwords, you limit the level of access or completely exclude a user from logging on to a switch.

Two types of login passwords can be applied to switches. The login password requires authorization before accessing any line, including the console. The enable password requires authentication before setting or changing switch parameters.

Cisco also provides levels of authority. A privilege level of "1" allows the user normal EXEC-mode user privileges. A privilege level of "15" is the level of access permitted by the enable password.

To set passwords on a set-based switch, enter the commands demonstrated in Figure . To remove a password, enter the no enable password level number command. Figure shows an example of a Cisco 5000 Series Switch that has both a console login and enable password set. Passwords are displayed in encrypted text. 

To set passwords on a Cisco IOS software-based switch, enter either one or both of the following commands in global configuration mode:

Switch(config)#enable password password
Switch(config)#enable secret password

where password is a combination of four to eight alphanumeric characters. The difference between the two is that the enable secret command encrypts the password, whereas the enable password command displays the password in cleartext. Figure has an example of these commands being used.

Figure contains an example of a switch where the console password is cisco and the password cisco4me is the enable password required for privileged mode. Notice how both passwords are encrypted.