Access Security Guide K/KA/KB.15.15
16 Secure Mode (3800, 5400zl, and 8200zl Switches)
Configuring
Configuring secure mode
When using enhanced secure mode, several commands have differences from standard secure
mode in their options or output. To transition from one security mode to the other, enter this command
from a serial terminal connected to the switch.
Syntax
secure-mode <standard | enhanced>
Enables the selected secure mode. This command must be executed from a serial
terminal.
standard
Use standard security. This is the default.
enhanced
Use enhanced security
HP Switch(config)# secure-mode enhanced
Validating software and configurations, this may take a
minute...
The system will be rebooted and all management module files
except software images will be erased and zeroized. This
will take up to 60 minutes and the switch will not be usable
during that time. A power-cycle will then be required to
complete the transition. Continue (y/n)? y
(Switch reboots...)
.
Zeroizing the file system ... 100%
Verifying cleanness of the file system... 100%
Restoring firmware image and other system files...
Zeroization of file system completed
Continue initializing...
...
HP Switch(config)# show secure-mode
Level: Enhanced
If the secure-mode transition fails, this message displays:
Secure-mode transition failed.
Commands affected when enhanced secure mode is enabled
There are several types of CLI commands that show sensitive information in plain text:
• Feature-specific show commands
• Show config commands
• Password commands
• Secret key commands
• MIB CLI commands
Feature-specific show commands
For feature-specific show commands, the following prompt appears before the sensitive information
is displayed when using enhanced secure mode:
This may show sensitive information. Continue (y/n)?
498 Secure Mode (3800, 5400zl, and 8200zl Switches)