Enable hsecure

The hsecure flag is disabled by default. When you enable it, the software enforces the 10 character rule for all passwords.

About this task

When you upgrade from a previous release, if the password does not have at least 10 characters, you receive a prompt to change your password to the mandatory 10-character length.

If you enable hsecure for the first time and the password file does not exist, then the device creates a normal default username (rwa) and password (rwa). In this case, the password does not meet the minimum requirements for hsecure and as a result the system prompts you to change the password.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enable or disable hsecure mode:

    boot config flags hsecure

    The following warning messages appear:

    Warning: For security purposes, all unsecure services - TFTP, FTP, Rlogin, Telnet, SNMP are disabled. Individually enable the required services.
    Warning: Please save boot configuration and reboot the switch for this to take effect.
    
    Note

    Note

    Warning message text can vary across hardware models.

  3. Save the configuration and restart the device for the change to take effect.

Example

Enable hsecure mode. Save the configuration. Restart the switch.

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#boot config flags hsecure
Warning: For security purposes, all unsecure services - TFTP, FTP, Rlogin, Telnet, SNMP are disabled. Individually enable the required services. Warning: Please save boot configuration and reboot the switch for this to take effect.
Switch:1(config)#save config
Switch:1(config)#reset
Are you sure you want to reset the switch (y/n)?y