Support User Manuals

Brocade Communications Systems 6650 Switch User Manual

Open as PDF

of 332

16 Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Passwords used to secure access

• bgp-router – BGP4 router level; for example, Brocade(config-bgp-router)#

• vrrp-router – VRRP configuration level

• trunk – trunk configuration level

• port-vlan – Port-based VLAN level; for example, Brocade(config-vlan)#

• protocol-vlan – Protocol-based VLAN level

The privilege-level indicates the number of the management privilege level you are augmenting.

You can specify one of the following:

• 0 – Super User level (full read-write access)

• 4 – Port Configuration level

• 5 – Read Only level

The command-string parameter specifies the command you are allowing users with the specified

privilege level to enter. To display a list of the commands at a CLI level, enter “?” at that level's

command prompt.

Recovering from a lost password

Recovery from a lost password requires direct access to the serial port and a system reset.

NOTE

You can perform this procedure only from the CLI.

Follow the steps given below to recover from a lost password.

1. Start a CLI session over the serial interface to the device.

2. Reboot the device.

3. At the initial boot prompt at system startup, enter b to enter the boot monitor mode.

4. Enter no password at the prompt. (You cannot abbreviate this command.) This command will

cause the device to bypass the system password check.

5. Enter boot system flash primary at the prompt.

6. After the console prompt reappears, assign a new password.

Displaying the SNMP community string

If you want to display the SNMP community string, enter the following commands.

Brocade(config)# enable password-display

Brocade# show snmp server

The enable password-display command enables display of the community string, but only in the

output of the show snmp server command. Display of the string is still encrypted in the

startup-config file and running-config. Enter the command at the global CONFIG level of the CLI.

Specifying a minimum password length

By default, the Brocade device imposes no minimum length on the Line (Telnet), Enable, or Local

passwords. You can configure the device to require that Line, Enable, and Local passwords be at

least a specified length.

previous next