Header Only - DO NOT REMOVE - Extreme Networks

SecureStack User Login Settings and Limitations


Userlevel 3
Article ID: 9757

Products
C5, C3, C2-Series
B5, B3, B2-Series
A2-Series

Goals
Overview of the SecureStack user login settings and limitations as of December 2010.

Solution
By default there are three login accounts created on the switch:
  1. ro for read only access
  2. rw for read write access
  3. admin for administrator access
The default password (5463) for all three accounts is (no password).

Change the password for any account with the 'set password <account>' command:
C2(su)->set password admin
Please enter new password:4support
Please re-enter new password:4support
Password Changed.
C2(su)->[/code]
    This would change the password to '4support', for the admin super-user.[list]
Limits on the password are that you cannot use the exclamation point ("!") or the question mark ("?"), but all other characters are permitted.[/list] View the current accounts with the 'show system login' command:
C2(su)->show system login
Password history size: 0
Password aging : disabled

Username Access State

admin super-user enabled
ro read-Only enabled
rw read-write enabled
C2(su)->[/code]
Create a new login account, or modify an existing account's access or status, with the 'set system login <username> <access> <status>' command:
C2(su)->set system login Enterasys read-write enable
C2(su)->[/code]
    This would permit a user named 'Enterasys' to login using a blank password, for read-write access.[list]
Limits on the username are that you can only use letters (upper and/or lower case) and numbers (7707).
    The minimum is 1 and the maximum is 80 characters in length.[/list] Optionally set the password at creation time by adding the 'password <password>' option onto the end of the command:
    C2(su)->set system login Enterasys read-write enable password 4support
    C2(su)->[/code]
      This would permit a user named 'Enterasys' to login using a password of '4support', for read-write access.
    Remove a user account with the 'clear system login <username>' command:
    C2(su)->clear system login Enterasys
    C2(su)->[/code]
      To restore a deleted account, it will need to be created again.
    Create a super-user account using the standard command, except specifying "super-user" access:
    C2(su)->set system login Enterasys super-user enable password 4support
    C2(su)->[/code]
      This would permit a user named 'Enterasys' to login using a password of '4support', for super-user access.
    Removing a user-created super-user account first requires changing its access to read-only or read-write:
    C2(su)->set system login Enterasys super-user enable
    C2(su)->clear system login Enterasys
    Admin cannot be deleted
    C2(su)->set system login Enterasys read-write enable
    C2(su)->clear system login Enterasys
    C2(su)->[/code]
    The default "admin" account cannot be deleted or have its super-user access changed.
    It can, however, be disabled with the 'set system login admin super-user disable' command (There must be at least one other user with super-user privileges before the admin user may be disabled.):
    C2(su)->set system login admin read-write enable
    Incorrect access for this default user.
    Set was unsuccessful.
    C2(su)->set system login admin super-user disable
    C2(su)->[/code]
    The minimum password length may be adjusted to anywhere within the range of 0-40 with the 'set system password length ' command:
    C2(su)->set system password length 4
    C2(su)->set system login Enterasys read-write enable password 1234
    C2(su)->[/code]
      The default minimum password length is 8 characters, and the maximum is 80 characters.
    Force non-admin users to change their passwords at a set interval with the 'set system password aging

    0 replies

    Be the first to reply!

    Reply