configure failsafe-account

configure failsafe-account {[deny | permit] [all | control | serial | ssh {vr vr-name} | telnet {vr vr-name}]}

Description

Configures a name and password for the failsafe account, or restricts access to specified connection types.

Syntax Description

deny Prohibits failsafe account usage over the specified connection type(s).
permit Allows a failsafe account to be used over the specified connection type(s).
all Specifies all connection types.
control Specifies internal access between nodes in a SummitStack.
serial Specifies access over the switch console port.
ssh Specifies access using SSH on specified or all virtual routers.
telnet Specifies access using Telnet on specified or all virtual routers.

Default

The failsafe account is always configured.

The default connection types over which failsafe account access is permitted are the same as if permit all is configured.

Usage Guidelines

The failsafe account is the account of last resort to access your switch.

If you use the command with no parameters, you are prompted for the failsafe account name and prompted twice to specify the password for the account. The password does not appear on the display at any time. You are not required to know the current failsafe account and password in order to change it.

If you use the command with the permit or deny parameter, the permitted connection types are altered as specified.

The failsafe account or permitted connection types are immediately saved to NVRAM on active nodes in a SummitStack.

Note

Note

The information that you use to configure the failsafe account cannot be recovered by Extreme Networks. Technical support cannot retrieve passwords or account names for this account. Protect this information carefully.

Once you enter the failsafe account name, you are prompted to enter the password. Once you successfully log in to the failsafe account, you are logged in to an admin-level account.

Example

The following example restricts usage of the failsafe account to the series console port:

# configure failsafe-account deny all
# configure failsafe-account permit serial
# configure failsafe-account permit control

History

This command was first available in ExtremeXOS 11.0.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.