Brocade Communications Systems 6650 Switch User Manual


 
16 Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Passwords used to secure access
bgp-router – BGP4 router level; for example, Brocade(config-bgp-router)#
vrrp-router – VRRP configuration level
trunk – trunk configuration level
port-vlan – Port-based VLAN level; for example, Brocade(config-vlan)#
protocol-vlan – Protocol-based VLAN level
The privilege-level indicates the number of the management privilege level you are augmenting.
You can specify one of the following:
0 – Super User level (full read-write access)
4 – Port Configuration level
5 – Read Only level
The command-string parameter specifies the command you are allowing users with the specified
privilege level to enter. To display a list of the commands at a CLI level, enter “?” at that level's
command prompt.
Recovering from a lost password
Recovery from a lost password requires direct access to the serial port and a system reset.
NOTE
You can perform this procedure only from the CLI.
Follow the steps given below to recover from a lost password.
1. Start a CLI session over the serial interface to the device.
2. Reboot the device.
3. At the initial boot prompt at system startup, enter b to enter the boot monitor mode.
4. Enter no password at the prompt. (You cannot abbreviate this command.) This command will
cause the device to bypass the system password check.
5. Enter boot system flash primary at the prompt.
6. After the console prompt reappears, assign a new password.
Displaying the SNMP community string
If you want to display the SNMP community string, enter the following commands.
Brocade(config)# enable password-display
Brocade# show snmp server
The enable password-display command enables display of the community string, but only in the
output of the show snmp server command. Display of the string is still encrypted in the
startup-config file and running-config. Enter the command at the global CONFIG level of the CLI.
Specifying a minimum password length
By default, the Brocade device imposes no minimum length on the Line (Telnet), Enable, or Local
passwords. You can configure the device to require that Line, Enable, and Local passwords be at
least a specified length.