configure switch safe-default-script

configure switch safe-default-script

Description

Allows you to change management access to your device and to enhance security.

Syntax Description

This command has no arguments or variables.

Default

N/A.

Usage Guidelines

This command runs an interactive script that prompts you to choose to enable or disable SNMP, Telnet, and enabled ports.

Refer to “Using Safe Defaults Mode” in the Switch Engine 32.2 User Guide for complete information on the safe default mode.

After you issue this command, the system presents you with the following interactive script:

 Telnet is enabled by default. Telnet is unencrypted and has been the target of security exploits in the past. Would you like to disable Telnet? [y/N]: SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be configured to eliminate this problem. Would you like to disable SNMP? [y/N]: All ports are enabled by default. In some secure applications, it maybe more desirable for the ports to be turned off. Would you like unconfigured ports to be turned off by default? [y/N]: Changing the default failsafe account username and password is highly recommended. If you choose to do so, please remember the username and password as this information cannot be recovered by Extreme Networks. Would you like to change the failsafe account username and password now? [y/N]: Would you like to permit failsafe account access via the management port? [y/N]: Since you have chosen less secure management methods, please remember to increase the security of your network by taking the following actions: * change your admin password * change your failsafe account username and password * change your SNMP public and private strings * consider using SNMPv3 to secure network management traffic 

Example

The following command reruns the interactive script to configure management access:

configure switch safe-default-script

History

This command was first available in ExtremeXOS 11.2.

The switch keyword was added in ExtremeXOS 30.3.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.