cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Queries about enhanced secure mode

Queries about enhanced secure mode

gaurav-pandya
New Contributor II

Hi,

We have VOSS fabric switches and we want to enable password complexity rule on all switches. I have faced some issues after enabling enhanced secure mode in 1 switch.

1. All user account deleted, I have logged in with default credential (admin/password) and luckily it asked me to create new user.

2. Now I want to create another user with privilege access but it says that you can not create it with telnet/ssh session. I can create users in operator or auditor mode but not with privilege

3. I read in user guide that when you migrate from enhanced secure mode disabled to enabled mode, configuration file can not guaranteed to be transferred. I have many more switches in which enhanced secure mode needs to be enabled. What will be best way to enable it without loosing config?

3 REPLIES 3

Dinesh_Rego
Extreme Employee

Hi Gaurav,

1. All user account deleted, I have logged in with default credential (admin/password) and luckily it asked me to create new user.

Response: This is expected behavior - for Enhanced Secured mode we have different users to meet security requirements of various certifications like FIPS, Common Criteria etc.

2. Now I want to create another user with privilege access but it says that you can not create it with telnet/ssh session. I can create users in operator or auditor mode but not with privilege

Response: Again, due to the same security requirements, Privilege user can only access the switch via the serial console.

3. I read in user guide that when you migrate from enhanced secure mode disabled to enabled mode, configuration file can not guaranteed to be transferred. I have many more switches in which enhanced secure mode needs to be enabled. What will be best way to enable it without loosing config?

Response: It is true, the security related config and user accounts are not preserved - again this is due to security requirements to zeroize them in case of change Enhanced Secured Mode. Layer 2/Layer 3 and the other config not security related is preserved. The recommendation is to log in via console after you change to Enhanced Secured Mode, admin/admin is the default admin password and you will be asked to change at the first login as you've seen already.

I also noticed a follow-on question - if you are trying to login as a privileged user, you can only do this through the serial console. 

Hope this helps!

 

nipo535darly
New Contributor

Hello,

safely enable Enhanced Secure Mode on VOSS switches without losing config:

Back up the config first.

Prepare a secure-mode-compatible config (adjust passwords, users).

Use console access to enable secure mode — not SSH/Telnet.

Immediately create a new admin user via console.

Reload the modified config after secure mode is enabled.

Thanks for the reply.

I will follow suggested procedure for remaining switches. I am facing issue for couple of switches for which I have already enabled enhanced secure mode. Switches are not accessible through credentials which I have created first time after enabling enhanced secure mode.

GTM-P2G8KFN