SecureStack User Login Settings and Limitations

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 9757 

Products
C5, C3, C2-Series
B5, B3, B2-Series
A2-Series 

Goals
Overview of the SecureStack user login settings and limitations as of December 2010. 

Solution
By default there are three login accounts created on the switch:
  1. ro for read only access
  2. rw for read write access
  3. admin for administrator access
The default password (5463) for all three accounts is <enter> (no password). 

Change the password for any account with the 'set password <account>' command:

C2(su)->set password admin
Please enter new password:4support
Please re-enter new password:4support
Password Changed.
C2(su)->
    This would change the password to '4support', for the admin super-user.
      Limits on the password are that you cannot use the exclamation point ("!") or the question mark ("?"), but all other characters are permitted.

    View the current accounts with the 'show system login' command:

    C2(su)->show system login
    Password history size: 0
    Password aging : disabled

    Username Access State

    admin super-user enabled
    ro read-Only enabled
    rw read-write enabled
    C2(su)->

    Create a new login account, or modify an existing account's access or status, with the 'set system login <username> <access> <status>' command:

    C2(su)->set system login Enterasys read-write enable
    C2(su)->
      This would permit a user named 'Enterasys' to login using a blank password, for read-write access.
        Limits on the username are that you can only use letters (upper and/or lower case) and numbers (7707).
          The minimum is 1 and the maximum is 80 characters in length.

        Optionally set the password at creation time by adding the 'password <password>' option onto the end of the command:

        C2(su)->set system login Enterasys read-write enable password 4support
        C2(su)->
          This would permit a user named 'Enterasys' to login using a password of '4support', for read-write access.

        Remove a user account with the 'clear system login <username>' command:

        C2(su)->clear system login Enterasys
        C2(su)->
          To restore a deleted account, it will need to be created again.

        Create a super-user account using the standard command, except specifying "super-user" access:

        C2(su)->set system login Enterasys super-user enable password 4support
        C2(su)->
          This would permit a user named 'Enterasys' to login using a password of '4support', for super-user access.

        Removing a user-created super-user account first requires changing its access to read-only or read-write:

        C2(su)->set system login Enterasys super-user enable
        C2(su)->clear system login Enterasys
        Admin cannot be deleted
        C2(su)->set system login Enterasys read-write enable
        C2(su)->clear system login Enterasys
        C2(su)->

        The default "admin" account cannot be deleted or have its super-user access changed. 
        It can, however, be disabled with the 'set system login admin super-user disable' command (There must be at least one other user with super-user privileges before the admin user may be disabled.):

        C2(su)->set system login admin read-write enable
        Incorrect access for this default user.
        Set was unsuccessful.
        C2(su)->set system login admin super-user disable
        C2(su)->

        The minimum password length may be adjusted to anywhere within the range of 0-40 with the 'set system password length <length>' command:

        C2(su)->set system password length 4
        C2(su)->set system login Enterasys read-write enable password 1234
        C2(su)->
          The default minimum password length is 8 characters, and the maximum is 80 characters.

        Force non-admin users to change their passwords at a set interval with the 'set system password aging <option>' command. 
        Force changed passwords to be non-duplicates of earlier passwords with the 'set system password history <number>' command:

        C2(su)->set system password aging 365
        C2(su)->set system password history 10
        C2(su)->
          The default aging is disabled, and it can be adjusted within the range of 1-365 days.
            The default history size is 0, and it can be adjusted within the range of 0 (repetition is allowed) to 10 (the last 10 passwords must be unique).

          Returning the password aging and history settings to defaults:

          C2(su)->set system password aging disable
          C2(su)->set system password history 0
          C2(su)->

          Set the system to lock an account after a number of failed login attempts with the 'set system lockout [attempts <number>] [time <minutes>]' command:

          C2(su)->set system lockout attempts 2 time 10
          C2(su)->show system lockout
          Lockout attempts: 2
          Lockout time: 10 minutes.
          C2(su)->set system lockout attempts 5
          C2(su)->set system lockout time 5
          C2(su)->show system lockout
          Lockout attempts: 5
          Lockout time: 5 minutes.
          C2(su)->
            The default number of attempts is 3 times, and it can be adjusted within the range of 1-15.
              The default lockout time is 15 minutes, and it can be adjusted within the range of 0 (lock out the account until super-user intervention) to 65535 minutes (about 45 days).

            Investigate a non-functioning (apparently locked) account from another account with the 'show system login' command, and manually re-enable it from a super-user access account with the 'set system login <username> <access> enable' command:

            C2(su)->show system login
            Password history size: 0
            Password aging : disabled

            Username Access State

            admin super-user enabled
            ro read-Only disabled
            rw read-write enabled
            C2(su)->set system login ro read-only enable
            C2(su)->

            See also: 5628.
            Photo of FAQ User

            FAQ User, Official Rep

            • 13,610 Points 10k badge 2x thumb

            Posted 5 years ago

            • 0
            • 1

            There are no replies.

            This conversation is no longer open for comments or replies.