Access Security Guide K/KA/KB.15.15
Password commands
When the switch is in enhanced secure mode, a plaintext password cannot be entered inline; it is
prompted for interactively twice, for example, for an operator password:
New password for operator: *****
Please retype new password for operator: *****
Additional password command option
There is an additional password command option that allows the setting of a password for the
ROM console. See “Configuring Username and Password Security” (page 20) for more information
about setting passwords on the switch.
Syntax
password <manager | operator>[username
<ASCII-STR>][sha1<hashed-password>]
password <rom-console> | all
[no]
password port-access [username <ASCII-STR>]
Sets or clears the local password/username for a given access level. If no password
is entered in the command, you are prompted twice to enter the password. When
the switch is in enhanced secure mode, the password for manager, operator, and
the ROM console must be at least 8 characters long. The ROM password cannot
be set or changed in the Web Agent. When the no form of the command is
executed, the command removes specific local password protection. Note: The
port-access option is available only if “includecredentials” is enabled.
Prompt for password when first logging in
All usernames and passwords should be configured at startup after transitioning to enhanced secure
mode, however, the switch will enter enhanced secure mode regardless of the password settings.
After a cold reboot from a console session...
ROM console passwords must be set before continuing.
New Manager password:******
Retype password:******
New Operator password:******
Retype password:******
Behavior when changing or exiting levels
Table 57 Behavior for Manager and Operator Levels
CLI: logoutCLI: exitCLI: enableCurrent Role
Session terminatedSession terminatedEnter manager role - ask for
credential
operator
Session terminatedSession terminatedNot availablemanager
500 Secure Mode (3800, 5400zl, and 8200zl Switches)