Configure New Passwords
Configure new passwords for each access level, or change the logon or password for the different access levels of the switch. After you receive the switch, use default passwords to initially access CLI. If you use Simple Network Management Protocol version 3 (SNMPv3), you can change encrypted passwords.
Before you begin
You must use an account with read-write-all privileges to change passwords. For security, the switch saves passwords to a hidden file.
About this task
If you enable the hsecure flag, after the aging time expires, the system prompts you to change your password. If you do not configure the aging time, the default is 90 days.
Procedure
Example
Switch:1>enable Switch:1#configure terminal
Change a password:
Switch:1(config)# password smith read-write-all
Enter the old password:
Switch:1(config)#*********
Enter the new password:
Switch:1(config)#*********
Enter the new password a second time:
Switch:1(config)#*********
Set password to an access level of read-write-all and the expiration period for the password to 60 days:
Switch:1(config)#access-level rwa aging-time 60
Variable Definitions
The following table defines parameters for the cli password command.
Variable |
Value |
---|---|
layer1|layer2|layer3|read-only|read-write|read-write-all |
Changes the password for the specific access level. |
WORD<1–20> |
Specifies the user logon name. |
The following table defines parameters for the password command.
Variable |
Value |
|
---|---|---|
access level WORD<2–8> |
Permits or blocks this access level. The available access level values are as follows:
|
|
aging-time day <1-365> |
Configures the expiration period for passwords in days, from 1–365. The default is 90 days. |
|
default-lockout-retries <1-255> |
Configures the default number of login attempts. The default is 3. |
|
default-lockout-time <60-65000> |
Changes the default lockout time after three invalid attempts. Configures the lockout time, in seconds, and is in the 60–65000 range. The default is 60 seconds. To configure this option to the default value, use the default operator with the command. |
|
lockout WORD<0–46> time <60-65000> |
Configures the host lockout time.
|
|
min-passwd-len <10-20> |
Configures the minimum length for passwords in high-secure mode. The default is 10 characters. To configure this option to the default value, use the default operator with the command. |
|
password-history <3-32> |
Specifies the number of previous passwords the switch stores. You cannot reuse a password that is stored in the password history. The default is 3. To configure this option to the default value, use the default operator with the command. |