ā04-25-2025 03:13 AM
Hi,
We have VOSS fabric switches and we want to enable password complexity rule on all switches. I have faced some issues after enabling enhanced secure mode in 1 switch.
1. All user account deleted, I have logged in with default credential (admin/password) and luckily it asked me to create new user.
2. Now I want to create another user with privilege access but it says that you can not create it with telnet/ssh session. I can create users in operator or auditor mode but not with privilege
3. I read in user guide that when you migrate from enhanced secure mode disabled to enabled mode, configuration file can not guaranteed to be transferred. I have many more switches in which enhanced secure mode needs to be enabled. What will be best way to enable it without loosing config?
ā05-01-2025 08:15 AM
Hi Gaurav,
1. All user account deleted, I have logged in with default credential (admin/password) and luckily it asked me to create new user.
Response: This is expected behavior - for Enhanced Secured mode we have different users to meet security requirements of various certifications like FIPS, Common Criteria etc.
2. Now I want to create another user with privilege access but it says that you can not create it with telnet/ssh session. I can create users in operator or auditor mode but not with privilege
Response: Again, due to the same security requirements, Privilege user can only access the switch via the serial console.
3. I read in user guide that when you migrate from enhanced secure mode disabled to enabled mode, configuration file can not guaranteed to be transferred. I have many more switches in which enhanced secure mode needs to be enabled. What will be best way to enable it without loosing config?
Response: It is true, the security related config and user accounts are not preserved - again this is due to security requirements to zeroize them in case of change Enhanced Secured Mode. Layer 2/Layer 3 and the other config not security related is preserved. The recommendation is to log in via console after you change to Enhanced Secured Mode, admin/admin is the default admin password and you will be asked to change at the first login as you've seen already.
I also noticed a follow-on question - if you are trying to login as a privileged user, you can only do this through the serial console.
Hope this helps!
ā04-28-2025 11:51 PM
Hello,
safely enable Enhanced Secure Mode on VOSS switches without losing config:
Back up the config first.
Prepare a secure-mode-compatible config (adjust passwords, users).
Use console access to enable secure mode ā not SSH/Telnet.
Immediately create a new admin user via console.
Reload the modified config after secure mode is enabled.
ā04-29-2025 05:22 AM
Thanks for the reply.
I will follow suggested procedure for remaining switches. I am facing issue for couple of switches for which I have already enabled enhanced secure mode. Switches are not accessible through credentials which I have created first time after enabling enhanced secure mode.