Enables High Secure mode. This mode provides the following password behavior:
10 character enforcement
The password must contain a minimum of 2 uppercase characters, 2 lowercase characters, 2 numbers, and 2 special characters.
Aging time
Failed login attempt limitation
If you enable the hsecure flag, you cannot enable the flags for the web server or SSH password-authentication.
When you upgrade from a previous release, if the password does not have at least 10 characters, you receive a prompt to change your password to the mandatory 10-character length.
If you enable hsecure for the first time and the password file does not exist, then the device creates a normal default username (rwa) and password (rwa). In this case, the password does not meet the minimum requirements for hsecure and as a result the system prompts you to change the password.
The default value is disabled. If you enable High Secure mode, you must restart the switch to enforce secure passwords. If you operate the switch in High Secure mode, the switch prompts a password change if you enter invalid-length passwords.
enable
configure terminal
boot config flags hsecure
The system displays the following warning messages:
Warning: For security purposes, all unsecure services - TFTP, FTP, Rlogin, Telnet, SNMP are disabled. Individually enable the required services. Warning: Please save boot configuration and reboot the switch for this to take effect.
Note
Warning message text can vary across hardware models.
Enable hsecure mode. Save the configuration. Restart the switch.
Switch:1>enable Switch:1#configure terminal Switch:1(config)#boot config flags hsecure Warning: For security purposes, all unsecure services - TFTP, FTP, Rlogin, Telnet, SNMP are disabled. Individually enable the required services. Warning: Please save boot configuration and reboot the switch for this to take effect. Switch:1(config)#save config Switch:1(config)#reset Are you sure you want to reset the switch (y/n)?y