Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Using Safe Defaults Mode

When you take your switch from the box and set it up for the first time, you set the safe defaults mode. You should use the safe defaults mode, which disables Telnet and SNMP. All ports are enabled in the factory default setting; you can choose to have all unconfigured ports disabled on reboot using the interactive questions.

After you connect to the console port of the switch, or after you run unconfigure switch {all} or configure safe-default-script, you can change management access to your device to enhance security.

  1. Connect the console and log in to the switch.

    You are prompted with an interactive script that specifically asks if you want to disable Telnet and SNMP.

  2. Follow the prompts and set your access preferences.
    Note

    Note

    In ExtremeXOS 16.1 and later, an enhanced security mode was added as an option to the startup script. If this is selected, all default SNMP users and communities will be deleted.
    This switch currently has all management methods enabled for convenience reasons. Please answer these questions about the security settings you would like to use. You may quit and accept the default settings by entering 'q' at any time. The switch offers an enhanced security mode. Would you like to read more, and have the choice to enable this enhanced security mode? [y/N/q]: Yes Enhanced security mode configures the following defaults: * Disable Telnet server. * Disable HTTP server. * Disable SNMP server. * Remove all factory default SNMP users & community names. * Remove all factory default login accounts. * Force creation of a new admin (read-write) account. * Force setting of failsafe username & password. * Lockout accounts for 5 minutes after 3 consecutive login failures. * Plaintext password entry will not be allowed. * Generate an event when the logging memory buffer exceeds 90% of capacity. * Only admin privilege accounts are permitted to run "show log". * Only admin privilege accounts are permitted to run "show diagnostics". Would you like to use this enhanced security mode? [Y/n/q]:
  3. Reboot the switch.

Email this topicEmail this topic

Print this pagePrint this page