CLI Passwords

Table 1. Password Hash

Feature

Product

Release introduced

SHA512 Password Hashing

Note:

When upgrading, SHA1 password hashes and custom users are retained, until a factory default reset or until the password hash level is changed. During a factory default reset,SHA2 512-bit becomes the default password hash, all custom users are deleted, and SHA1 passwords are removed.

5320 Series

Fabric Engine 8.8

5420 Series

Fabric Engine 8.8

5520 Series

Fabric Engine 8.8

5720 Series

Fabric Engine 8.8

Important

Important

The default passwords are documented and well known. Change the default passwords and community strings immediately after you first log on.

The switch ships with default passwords assigned for access to Command Line Interface (CLI) through a console or management session. If you have read/write/all access authority, and you are using SNMPv3, you can change passwords that are in an encrypted format. If you are using Enterprise Device Manager (EDM), you can also specify the number of available Telnet sessions.

After a factory default or if your switch has no primary or backup configuration files, a password change is required to access the CLI. The system provides three attempts to change the password, if unsuccessful you are taken back to the login prompt but are not locked out. You cannot reuse a password and your password cannot be empty. A password change is required irrespective of security mode, console, SSH, or Telnet access.

You can select SHA1 for 160-bit or SHA2 for 512-bit password hash security. You can switch the password hashing with the password hash command. After a hashing change, all custom users and passwords are deleted, and on first login each default user must change their default password.
Note

Note

If you upgrade to a release that supports password hash configuration, custom users are retained until a factory default reset or until a password hash level change. During a factory default reset, all customer users are deleted, all SHA1 passwords are removed, and SHA2 becomes the new default password hash.

If you enable enhanced secure mode with the boot config flags enhancedsecure-mode command, you enable different access levels, along with stronger password complexity, length, and minimum change intervals. For more information on system access fundamentals and configuration, see System Access.