The hsecure flag is disabled by default. When you enable it, the software enforces the 10 character rule for all passwords.
When you upgrade from a previous release, if the password does not have at least 10 characters, you receive a prompt to change your password to the mandatory 10-character length.
If you enable hsecure for the first time and the password file does not exist, then the device creates a normal default username (rwa) and password (rwa). In this case, the password does not meet the minimum requirements for hsecure and as a result the system prompts you to change the password.
enable
configure terminal
boot config flags hsecure
The following warning messages appear:
Warning: For security purposes, all unsecure services - TFTP, FTP, Rlogin, Telnet, SNMP are disabled. Individually enable the required services. Warning: Please save boot configuration and reboot the switch for this to take effect.
Note
Warning message text can vary across hardware models.
Enable hsecure mode. Save the configuration. Restart the switch.
Switch:1>enable Switch:1#configure terminal Switch:1(config)#boot config flags hsecure Warning: For security purposes, all unsecure services - TFTP, FTP, Rlogin, Telnet, SNMP are disabled. Individually enable the required services. Warning: Please save boot configuration and reboot the switch for this to take effect. Switch:1(config)#save config Switch:1(config)#reset Are you sure you want to reset the switch (y/n)?y