Using Safe Defaults Mode
When you take your switch from the box and set it up for the first time,
you set the safe defaults mode. You should use the safe defaults mode, which disables
Telnet and SNMP. All ports are enabled in the factory default setting; you can choose to
have all unconfigured ports disabled on reboot using the interactive questions.
After you connect to the console port of the switch, or after you run
unconfigure switch {all} or configure safe-default-script,
you can change management access to your device to enhance security.
-
Connect the console and log in to the switch.
You are prompted with an interactive script that specifically
asks if you want to disable Telnet and SNMP.
-
Follow the prompts and set your access preferences.
Note
In ExtremeXOS 16.1 and later, an enhanced
security mode was added as an option to the startup script. If this is selected, all
default SNMP users and communities will be deleted.
This switch
currently has all management methods enabled for convenience reasons. Please answer
these questions about the security settings you would like to use. You may quit and
accept the default settings by entering 'q' at any time. The switch offers an enhanced
security mode. Would you like to read more, and have the choice to enable this enhanced
security mode? [y/N/q]: Yes Enhanced security mode configures the following defaults:
* Disable Telnet server. * Disable HTTP server. * Disable SNMP server.
* Remove all factory default SNMP users & community names. * Remove all
factory default login accounts. * Force creation of a new admin (read-write)
account. * Force setting of failsafe username & password. * Lockout
accounts for 5 minutes after 3 consecutive login failures. *
Plaintext password entry will not be allowed. * Generate an event when the
logging memory buffer exceeds 90% of capacity. * Only admin privilege
accounts are permitted to run "show log". * Only admin privilege
accounts are permitted to run "show diagnostics". Would you like to use this
enhanced security mode? [Y/n/q]:
-
Reboot the switch.