Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
21222324252627282930
Unable to use previous password
If you cannot access the switch after a software version downgrade, clear the password by using
the [Clear] button on the switch to regain access. Then boot into a software version that supports
long passwords, and perform steps 1, 2, or 3 in the preceding section.
Security credentials
You can store and view the following security settings in the running-config file associated with the
current software image. The security settings that can be saved to a configuration file are:
Local manager and operator passwords and user names.
SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames,
authentication, and privacy settings.
802.1X port-access passwords and usernames.
TACACS+ encryption keys.
RADIUS shared secret (encryption) keys.
Public keys of SSH-enabled management stations that are used by the switch to authenticate
SSH clients that try to connect to the switch.
Local manager and operator credentials
The information saved to the running-config file when the include-credentials command is entered
includes:
password manager[user-name<name>]<hash type><pass-hash>
password operator[user-name<name>]<hash type><pass-hash>
where
name is an alphanumeric string for the user name assigned to the manager or
operator.
<hash type> indicates the type of hash algorithm used: SHA-1 or plain text.
<pass hash> is the SHA-1 authentication protocol’s hash of the password or clear
ASCII text.
For example, a manager username and password can be stored in a runningconfig file as
follows:
password manager user-name George SHA1
2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
Use the write memory command to save the password configurations in the startup-config
file. The passwords take effect when the switch boots with the software version associated with
that configuration file.
CAUTION: If a startup configuration file includes other security credentials, but does not contain
a manager or operator password, the switch will not have password protection and can be accessed
through Telnet or the serial port of the switch with full manager privileges.
Password command options
The password command has the following options:
Syntax
[no]password<manager|operator|port
access>[user-name<name>]<hash-type><password>
26 Configuring Username and Password Security