Manualshelf

Management and Configuration Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
301302303304305306307308309310
Autorun secure mode
You can use autorun secure mode to verify the authenticity of autorun command files. Secure-mode
is configured using the autorun secure-mode command and can be enabled under both of
the following conditions:
An encryption-key has already been configured using the autorun encryption key
command.
A trusted certificate for verifying autorun command files has been copied to the switch using
the
copy [ tftp | usb ] autorun-cert-file
command.
There is an additional security option to install a valid key-pair for signing the result files that are
generated during autorun operations. You can generate the key-pair on the switch using the crypto
key generate autorun [rsa] command.
NOTE: You can also install the key-pair from a tftp server or via the USB port using the
copy [ tftp | usb ] autorun-key-file ipaddr filename
command. The filename must contain the private key and the matching public key in a X509
certificate structure. Both the private key and the X509 certificate must be in PEM format.
Operating notes and restrictions
Autorun is enabled by default, until passwords are set on the device.
Secure-mode and encryption-key are disabled by default.
To enable secure mode, both an encryption key and trusted certificate must be set.
If secure-mode is enabled, the following conditions apply:
The encryption-key cannot be removed or unconfigured.
The key-pair cannot be removed.
If secure mode is disabled, the key-pair can be removed using the crypto key zeorize
autorun command.
When installing the autorun certificate file and/or the other key files, the files must be in PEM
format.
Autorun and configuring passwords
When an operator or manager password is configured on a switch, autorun is disabled
automatically, and a message is displayed on the screen, as shown in the following example:
HP Switch# password manager
New password for manager: *****
Please retype new password for manager: *****
Autorun is disabled as operator/manager is configured.
After passwords are set, you can re-enable autorun as needed using the autorun command.
Using USB autorun 301