privilege-mode-password

Configures the CLI‘s privilege mode access password. Use this option to strengthen security by enforcing a second level authentication to access the privilege configuration mode.

Supported on the following devices:

Syntax

privilege-mode-password <PASSWORD/HASHED-STRING-ALIAS-NAME>

Parameters

privilege-mode-password <PASSWORD/HASHED-STRING-ALIAS-NAME>

privilege-mode-password

 Configures the password required to enter the privilege configuration mode. When configured, users are prompted to provide the password when enabling the privilege configuration mode.
<PASSWORD/HASHED-STRING-ALIAS-NAME> <PASSWORD/HASHED-STRING-ALIAS-NAME> – Enter the password as a clear text, or provide a hashed-string alias. Enter the password as a clear text, or provide a hashed-string alias. If using a hashed-string alias, ensure that the alias is existing and configured.
Note: The clear text password is saved and displayed as a hashed string. Hashing is a means of establishing the integrity of transmitted messages. Before transmission, a hash of the message is generated, encrypted and sent along with the message. At the receiving end, the message and the hash are both decrypted, and another hash is generated from the received message. The two hashes are compared. If both are identical the message is considered to have been transmitted intact.
Note: For more information on configuring a hashed-string alias, see alias.

Examples

The following example shows the privilege mode password being configured as a hashed string:

nx9500-6C8809(config-management-policy-test)#privilege-mode-password 1 2e9f038ac2ed27f919ed5a4dceb3d30e32f356f2ceff6fbf26a153d0339c734f
nx9500-6C8809(config-management-policy-test)#show context
management-policy test
 http server
 no ssh
 privilege-mode-password 1 2e9f038ac2ed27f919ed5a4dceb3d30e32f356f2ceff6fbf26a153d0339c734f
nx9500-6C8809(config-management-policy-test)#

Example: Configuring privilege mode password using a hashed-string alias.

Follow the steps below to configure a hashed-string alias and use it as a privilege mode password:

  1. In the global-configuration context, create a hashed-string alias.
    nx9500-6C8809(config)#alias hashed-string $PriMode Test12345
    nx9500-6C8809(config)#show context | include alias
alias vlan $BLR-01 1
alias string $IN-Blr-EcoSpace-Floor-4 IBEF4
alias encrypted-string $READ 0 public
alias encrypted-string $WRITE 0 private
alias hashed-string $PriMode 1 faffdde27cb49ad634ea20df4f7c8ef2685894d10ffcb1b2efba054112ecfc75
nx9500-6C8809(config)#
  2. In the management-policy context, configure the hashed-string alias created in step 1 as the privilege mode password.
    nx9500-6C8809(config-management-policy-default)#privilege-mode-password $PrivMode
    nx9500-6C8809(config-management-policy-default)#show context
management-policy default
https server
 rest-server
 ssh
 user admin password 1 ad4d8797f007444ccdda3788b9ee0e8b46f3facb4308e045239eb7771e127ed5 role superuser access all
 snmp-server community 0 $WRITE rw
 snmp-server community 0 $READ ro
 snmp-server user snmptrap v3 encrypted des auth md5 2 yqr96yyVzmD4ZbU2I7Eh/QAAAAjWNKa4KXF95pruUCSnhOiT
 snmp-server user snmpmanager v3 encrypted des auth md5 2 NOf8+2+AY2r4ZbU2I7Eh/QAAAAgc0l8ahJYo3AjHo9wXzYGo
 t5 snmp-server community public ro 192.168.0.1
 t5 snmp-server community private rw 192.168.0.1
 privilege-mode-password $PriMode
nx9500-6C8809(config-management-policy-default)#
  3. Confirm, if the privilege mode is password protected.
    nx9500-6C8809 login: admin
Password:
Feb 07 14:40:47 2017: %AUTH-6-INFO: login[28768]: user 'admin' on 'ttyS0' from 'Console' logged in
Feb 07 14:40:47 2017: nx9500-6C8809 : %SYSTEM-5-LOGIN: Successfully logged in user 'admin' with privilege 'superuser' from 'ttyS0'
nx9500-6C8809>en
Password:

Related Commands

no Removes the configured CLI privilege mode access password
9037762-01 Rev AA