privilege-mode-password

Configures the CLI‘s privilege mode access password. Use this option to strengthen security by enforcing a second level authentication to access the privilege configuration mode.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

privilege-mode-password <PASSWORD/HASHED-STRING-ALIAS-NAME>

Parameters

privilege-mode-password <PASSWORD/HASHED-STRING-ALIAS-NAME>

privilege-mode-password

Configures the password required to enter the privilege configuration mode. When configured, users are prompted to provide the password when enabling the privilege configuration mode.
<PASSWORD/HASHED-STRING-ALIAS-NAME> Enter the password as a clear text, or provide a hashed-string alias. Enter the password as a clear text, or provide a hashed-string alias. If using a hashed-string alias, ensure that the alias is existing and configured.
Note: The clear text password is saved and displayed as a hashed string. Hashing is a means of establishing the integrity of transmitted messages. Before transmission, a hash of the message is generated, encrypted and sent along with the message. At the receiving end, the message and the hash are both decrypted, and another hash is generated from the received message. The two hashes are compared. If both are identical the message is considered to have been transmitted intact.
Note: For more information on configuring a hashed-string alias, see alias.

Examples

The following example shows the privilege mode password being configured as a hashed string:

rfs4000-6DB5D4(config-management-policy-test)#privilege-mode-password 1 2e9f038ac2ed27f919ed5a4dceb3d30e32f356f2ceff6fbf26a153d0339c734f
rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 http server
 no ssh
 privilege-mode-password 1 2e9f038ac2ed27f919ed5a4dceb3d30e32f356f2ceff6fbf26a153d0339c734f
rfs4000-6DB5D4(config-management-policy-test)#

Example: Configuring privilege mode password using a hashed-string alias.

Follow the steps below to configure a hashed-string alias and use it as a privilege mode password:

  1. In the global-configuration context, create a hashed-string alias.
    nx9500-6C8809(config)#alias hashed-string $PriMode Test12345
    nx9500-6C8809(config)#show context | include alias
    alias vlan $BLR-01 1
    alias string $IN-Blr-EcoSpace-Floor-4 IBEF4
    alias encrypted-string $READ 0 public
    alias encrypted-string $WRITE 0 private
    alias hashed-string $PriMode 1 faffdde27cb49ad634ea20df4f7c8ef2685894d10ffcb1b2efba054112ecfc75
    nx9500-6C8809(config)#
  2. In the management-policy context, configure the hashed-string alias created in step 1 as the privilege mode password.
    nx9500-6C8809(config-management-policy-default)#privilege-mode-password $PrivMode
    nx9500-6C8809(config-management-policy-default)#show context
    management-policy default
    https server
     rest-server
     ssh
     user admin password 1 ad4d8797f007444ccdda3788b9ee0e8b46f3facb4308e045239eb7771e127ed5 role superuser access all
     snmp-server community 0 $WRITE rw
     snmp-server community 0 $READ ro
     snmp-server user snmptrap v3 encrypted des auth md5 2 yqr96yyVzmD4ZbU2I7Eh/QAAAAjWNKa4KXF95pruUCSnhOiT
     snmp-server user snmpmanager v3 encrypted des auth md5 2 NOf8+2+AY2r4ZbU2I7Eh/QAAAAgc0l8ahJYo3AjHo9wXzYGo
     t5 snmp-server community public ro 192.168.0.1
     t5 snmp-server community private rw 192.168.0.1
     privilege-mode-password $PriMode
    nx9500-6C8809(config-management-policy-default)#
  3. Confirm, if the privilege mode is password protected.
    nx9500-6C8809 login: admin
    Password:
    Feb 07 14:40:47 2017: %AUTH-6-INFO: login[28768]: user 'admin' on 'ttyS0' from 'Console' logged in
    Feb 07 14:40:47 2017: nx9500-6C8809 : %SYSTEM-5-LOGIN: Successfully logged in user 'admin' with privilege 'superuser' from 'ttyS0'
    nx9500-6C8809>en
    Password:

Related Commands

no (management-policy)

Removes the configured CLI privilege mode access password