CLI Passwords

Important

The default passwords are documented and well known. Change the default passwords and community strings immediately after you first log on.

The switch ships with default passwords assigned for access to Command Line Interface (CLI) through a console or management session. If you have read/write/all access authority, and you are using SNMPv3, you can change passwords that are in an encrypted format. If you are using Enterprise Device Manager (EDM), you can also specify the number of available Telnet sessions and rlogin sessions.

Note

Rlogin is only supported on VSP 8600 Series.

After a factory default or if your switch has no primary or backup configuration files, a password change is required to access the CLI. The system provides three attempts to change the password, if unsuccessful you are taken back to the login prompt but are not locked out. You cannot reuse a password and your password cannot be empty. A password change is required irrespective of security mode, console, SSH, or Telnet access.

You can select SHA1 for 160-bit or SHA2 for 512-bit password hash security. You can switch the password hashing with the password hash command. After a hashing change, all custom users and passwords are deleted, and on first login each default user must change their default password.

Note

If you upgrade to a release that supports password hash configuration, custom users are retained until a factory default reset or until a password hash level change. During a factory default reset, all customer users are deleted, all SHA1 passwords are removed, and SHA2 becomes the new default password hash.

If you enable enhanced secure mode with the boot config flags enhancedsecure-mode command, you enable different access levels, along with stronger password complexity, length, and minimum change intervals. For more information on system access fundamentals and configuration, see System Access.