Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
41424344454647484950
Password recovery
The password recovery feature is enabled by default and provides a method for regaining
management access to the switch (without resetting the switch to its factory default configuration)
in the event that the system administrator loses the local manager username or password. Using
the password recovery feature requires:
password-recovery enabled (the default) on the switch prior to an attempt to recover from
a lost username/password situation
Contacting HP Networking Support to acquire a one-time-use password.
Saving username and password security
Security settings that can be saved
The security settings that can be saved to a configuration file are:
Local manager and operator passwords and user names.
SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames,
authentication, and privacy settings.
802.1X port-access passwords and usernames.
TACACS+ encryption keys.
RADIUS shared secret (encryption) keys.
Public keys of SSH-enabled management stations that are used by the switch to authenticate
SSH clients that try to connect to the switch.
Benefits of saving security credentials
The benefits of including and saving security credentials in a configuration file are:
After making changes to security replaceables in the running configuration, you can experiment
with the new configuration and, if necessary, view the new security settings during the session.
After verifying the configuration, you can then save it permanently by writing the settings to
the startup-config file.
By permanently saving a switch security credentials in a configuration file, you can upload
the file to a TFTP server or Xmodem host, and later download the file to the HP switches on
which you want to use the same security settings without having to manually configure the
settings (except for SNMPv3 user replaceables) on each switch.
By storing different security settings in different files, you can test different security configurations
when you first download a new software version that supports multiple configuration files, by
changing the configuration file used when you reboot the switch.
For more information about how to experiment with, upload, download, and use configuration
files with different software versions, see:
"Switch Memory and Configuration" in the Management and Configuration Guide.
“Configuring local password security” (page 21).
Saving local manager and operator passwords
The information saved to the running-config file when the include-credentials command
is entered includes:
password manager [user-name <name>] <hash-type> <pass-hash>
password operator [user-name <name>] <hash-type> <pass-hash>
where
46 Configuring Username and Password Security