HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 5
...Contents 2-1 Overview 2-3 Configuring Local Password Security 2-6 Menu: Setting Passwords 2-6 CLI: Setting Passwords and Usernames 2-8 Web: Setting Passwords and Usernames 2-9 SNMP: Setting Passwords and Usernames 2-9 Saving Security Credentials in a Config File 2-10 Benefits of Saving Security Credentials 2-10 Enabling ...23 When Security Is Important 2-23 Front-Panel Button Functions 2-24 Clear Button 2-25 Reset Button 2-25 Restoring the Factory Default Configuration 2-25 Configuring Front-Panel Security 2-27 Disabling the Clear Password Function of the Clear Button . . . 2-29 Re...
...Contents 2-1 Overview 2-3 Configuring Local Password Security 2-6 Menu: Setting Passwords 2-6 CLI: Setting Passwords and Usernames 2-8 Web: Setting Passwords and Usernames 2-9 SNMP: Setting Passwords and Usernames 2-9 Saving Security Credentials in a Config File 2-10 Benefits of Saving Security Credentials 2-10 Enabling ...23 When Security Is Important 2-23 Front-Panel Button Functions 2-24 Clear Button 2-25 Reset Button 2-25 Restoring the Factory Default Configuration 2-25 Configuring Front-Panel Security 2-27 Disabling the Clear Password Function of the Clear Button . . . 2-29 Re...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 27
...authenticated transactions and encrypted paths Wizard" on page 1-15 applications capable of Configuration Guide, your network. TACACS+ uses username/password sets with associated privilege levels to grant or deny access through the following : • Telnet and other ...VLAN. Security Overview Access Security Features Feature SSL SNMP Authorized IP Managers Secure Management VLAN TACACS+ Authentication RADIUS Authentication Default Setting Security Guidelines More Information and Configuration Details disabled Secure Socket Layer (SSL) and Transport Layer Security "Quick ...
...authenticated transactions and encrypted paths Wizard" on page 1-15 applications capable of Configuration Guide, your network. TACACS+ uses username/password sets with associated privilege levels to grant or deny access through the following : • Telnet and other ...VLAN. Security Overview Access Security Features Feature SSL SNMP Authorized IP Managers Secure Management VLAN TACACS+ Authentication RADIUS Authentication Default Setting Security Guidelines More Information and Configuration Details disabled Secure Socket Layer (SSL) and Transport Layer Security "Quick ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 32
...re-enable the password-clearing function of the Reset+Clear button combination so that the switch reboots, but does not restore the switch's factory default settings. ■ Disable or re-enable password recovery. Quick Start: Using the Management Interface Wizard The Management Interface wizard provides a convenient..." on preparing and configuring the switch for SSH and SSL operation, refer to reboot the switch after clearing any local usernames and passwords. ■ Modify the operation of the Clear button. ■ Configure the Clear button to chapters 6 and 7 respectively.
...re-enable the password-clearing function of the Reset+Clear button combination so that the switch reboots, but does not restore the switch's factory default settings. ■ Disable or re-enable password recovery. Quick Start: Using the Management Interface Wizard The Management Interface wizard provides a convenient..." on preparing and configuring the switch for SSH and SSL operation, refer to reboot the switch after clearing any local usernames and passwords. ■ Modify the operation of the Clear button. ■ Configure the Clear button to chapters 6 and 7 respectively.
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 44
...Password Security Contents Overview 2-3 Configuring Local Password Security 2-6 Menu: Setting Passwords 2-6 CLI: Setting Passwords and Usernames 2-8 Web: Setting Passwords and Usernames 2-9 SNMP: Setting Passwords and Usernames 2-9 Saving Security Credentials in a Config File 2-10 Benefits of Saving Security Credentials 2-10 Enabling the Storage... 2-23 Front-Panel Button Functions 2-24 Clear Button 2-25 Reset Button 2-25 Restoring the Factory Default Configuration 2-25 Configuring Front-Panel Security 2-27 Disabling the Clear Password Function of the Clear Button . . . 2-29 2-1
...Password Security Contents Overview 2-3 Configuring Local Password Security 2-6 Menu: Setting Passwords 2-6 CLI: Setting Passwords and Usernames 2-8 Web: Setting Passwords and Usernames 2-9 SNMP: Setting Passwords and Usernames 2-9 Saving Security Credentials in a Config File 2-10 Benefits of Saving Security Credentials 2-10 Enabling the Storage... 2-23 Front-Panel Button Functions 2-24 Clear Button 2-25 Reset Button 2-25 Restoring the Factory Default Configuration 2-25 Configuring Front-Panel Security 2-27 Disabling the Clear Password Function of the Clear Button . . . 2-29 2-1
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 46
... SNMP. For more information, refer to "Quick Start: Using the Management Interface Wizard" on -clear factory-reset password-recovery Default Menu none - page 1-15 - Usernames are two levels of these levels. Also, in the menu interface, you can configure passwords, but not...console access: Manager and Operator. enabled - page 1-14 - page 1-13 - Console access includes both the menu interface and the CLI. Usernames and passwords for Manager and Operator access can also be configured using the Management Interface Wizard. enabled - For security, you can set a password ...
... SNMP. For more information, refer to "Quick Start: Using the Management Interface Wizard" on -clear factory-reset password-recovery Default Menu none - page 1-15 - Usernames are two levels of these levels. Also, in the menu interface, you can configure passwords, but not...console access: Manager and Operator. enabled - page 1-14 - page 1-13 - Console access includes both the menu interface and the CLI. Usernames and passwords for Manager and Operator access can also be configured using the Management Interface Wizard. enabled - For security, you can set a password ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 47
... having access to set a Manager password, you do steps 1 and 2, above, then the next time a console session is the default level. If you have protected both the Manager and Operator levels, the level of inactivity, thus giving you can provide the Manager password. ...Configuring Username and Password Security Overview Level Actions Permitted Manager: Access to configure an inactivity timer. Set a Manager password pair (and an Operator ...
... having access to set a Manager password, you do steps 1 and 2, above, then the next time a console session is the default level. If you have protected both the Manager and Operator levels, the level of inactivity, thus giving you can provide the Manager password. ...Configuring Username and Password Security Overview Level Actions Permitted Manager: Access to configure an inactivity timer. Set a Manager password pair (and an Operator ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 54
...and operator passwords and user names ■ SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames, authentication, and privacy settings ■ 802.1X port-access passwords and usernames ■ TACACS+ encryption keys ■ RADIUS shared secret (encryption) keys ■ Public ...access) security credentials, and SSH client public-keys in the running configuration. For more information, refer to the switch 2-11 Default: The security credentials described in "Security Settings that try to connect to "Switch Memory and Configuration" in the Management and ...
...and operator passwords and user names ■ SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames, authentication, and privacy settings ■ 802.1X port-access passwords and usernames ■ TACACS+ encryption keys ■ RADIUS shared secret (encryption) keys ■ Public ...access) security credentials, and SSH client public-keys in the running configuration. For more information, refer to the switch 2-11 Default: The security credentials described in "Security Settings that try to connect to "Switch Memory and Configuration" in the Management and ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 58
...syntax, the password is a text string used for management access to as the primary authentication method for authentication control if it defaults to its own locally assigned passwords for users who request access to do so. You are configured separately from the manager and... can use RADIUS servers as "shared secret" or "secret" key.) For more information, see "Password Command Options" on the switch. Configuring Username and Password Security Saving Security Credentials in a Config File The password port-access values are not prompted to contact a designated TACACS+ server for ...
...syntax, the password is a text string used for management access to as the primary authentication method for authentication control if it defaults to its own locally assigned passwords for users who request access to do so. You are configured separately from the manager and... can use RADIUS servers as "shared secret" or "secret" key.) For more information, see "Password Command Options" on the switch. Configuring Username and Password Security Saving Security Credentials in a Config File The password port-access values are not prompted to contact a designated TACACS+ server for ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 66
Configuring Username and Password Security Front-Panel Security Front-Panel Security The ...network switch because switches were typically placed in an area where non-authorized people have access to its factory default configuration (Reset+Clear buttons together). For some of the functions of the two buttons located on the front...to prevent malicious users from: ■ Resetting the password(s) by pressing the Clear button ■ Restoring the factory default configuration by using the Reset+Clear button combination. ■ Gaining management access to the switch by pressing the Clear ...
Configuring Username and Password Security Front-Panel Security Front-Panel Security The ...network switch because switches were typically placed in an area where non-authorized people have access to its factory default configuration (Reset+Clear buttons together). For some of the functions of the two buttons located on the front...to prevent malicious users from: ■ Resetting the password(s) by pressing the Clear button ■ Restoring the factory default configuration by using the Reset+Clear button combination. ■ Gaining management access to the switch by pressing the Clear ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 68
... the Reset Button for One Second To Reboot the Switch Restoring the Factory Default Configuration You can also use the Reset button together with the Clear button (Reset+Clear) to reboot. Clear Reset Figure 2-9. To do this: 1. Configuring Username and Password Security Front-Panel Security Clear Button Pressing the Clear button alone... Button for Five Seconds To Reset the Password(s) Reset Button Pressing the Reset button alone for one second causes the switch to restore the factory default configuration for five seconds resets the password(s) configured on the switch.
... the Reset Button for One Second To Reboot the Switch Restoring the Factory Default Configuration You can also use the Reset button together with the Clear button (Reset+Clear) to reboot. Clear Reset Figure 2-9. To do this: 1. Configuring Username and Password Security Front-Panel Security Clear Button Pressing the Clear button alone... Button for Five Seconds To Reset the Password(s) Reset Button Pressing the Reset button alone for one second causes the switch to restore the factory default configuration for five seconds resets the password(s) configured on the switch.
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 69
Configuring Username and Password Security Front-Panel Security 2. It can take approximately 20-25 seconds for greater then 2.5 seconds, configuration will be cleared, and the switch will reboot. Clear Reset 2-26 Release the Reset button. Clear Reset 4. If the Clear button is held for the switch to the factory default settings. . This process restores the switch configuration to reboot. Clear Reset 3. While holding the Reset button, press and hold the Clear button for five seconds.
Configuring Username and Password Security Front-Panel Security 2. It can take approximately 20-25 seconds for greater then 2.5 seconds, configuration will be cleared, and the switch will reboot. Clear Reset 2-26 Release the Reset button. Clear Reset 4. If the Clear button is held for the switch to the factory default settings. . This process restores the switch configuration to reboot. Clear Reset 3. While holding the Reset button, press and hold the Clear button for five seconds.
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 70
...plus an Event Log message) for verifying that any local usernames and passwords. Disabled means that the switch still reboots, but does not affect the operation of the Reset+Clear combination described under "Restoring the Factory Default Configuration" on the switch (and thus removes local password ...action affects the Clear button when used alone, but does not restore the switch's factory default configuration settings. (Use of the Reset button alone, to reboot the switch after clearing any usernames and passwords in the CLI you can: • Disable or re-enable the password-clearing...
...plus an Event Log message) for verifying that any local usernames and passwords. Disabled means that the switch still reboots, but does not affect the operation of the Reset+Clear combination described under "Restoring the Factory Default Configuration" on the switch (and thus removes local password ...action affects the Clear button when used alone, but does not restore the switch's factory default configuration settings. (Use of the Reset button alone, to reboot the switch after clearing any usernames and passwords in the CLI you can: • Disable or re-enable the password-clearing...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 71
...Reset button to be used with the Clear button (page 2-25) to reset the switch to its factory-default configuration and create a new password. Figure 2-10. Configuring Username and Password Security Front-Panel Security Reset-on-clear: Shows the status of the reset-on the front ...option is an extreme measure and is enabled, then pressing the Clear button erases the local usernames and passwords from the startup configuration file, but the switch does not reboot. The Default Front-Panel Security Settings 2-28 If you will have stored security credentials (including the local...
...Reset button to be used with the Clear button (page 2-25) to reset the switch to its factory-default configuration and create a new password. Figure 2-10. Configuring Username and Password Security Front-Panel Security Reset-on-clear: Shows the status of the reset-on the front ...option is an extreme measure and is enabled, then pressing the Clear button erases the local usernames and passwords from the startup configuration file, but the switch does not reboot. The Default Front-Panel Security Settings 2-28 If you will have stored security credentials (including the local...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 72
...status because it has no front-panel-security password-clear In the factory-default configuration, pressing the Clear button on the switch's front panel erases any local usernames and passwords. (Default: Enabled.) Note: Although the Clear button does not erase passwords when disabled..., you want to its factory default configuration, as described under "Restoring the Factory Default Configuration" on page 2-25. otherwise type [N]. ...
...status because it has no front-panel-security password-clear In the factory-default configuration, pressing the Clear button on the switch's front panel erases any local usernames and passwords. (Default: Enabled.) Note: Although the Clear button does not erase passwords when disabled..., you want to its factory default configuration, as described under "Restoring the Factory Default Configuration" on page 2-25. otherwise type [N]. ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 73
... password-clear.) Note: If you disable password-clear and also disable the password-recovery option, you must also specify whether to its factory default configuration. password-clear: Enabled. - You can still recover from a lost password by using the Reset+Clear button combination at reboot as ...-clear is pressed. To re-enable password-clear, you can then get access to the switch to its default configuration (enabled, with reset-on page 2-25. Configuring Username and Password Security Front-Panel Security Re-Enabling the Clear Button and Setting or Changing the "Reset-On-Clear...
... password-clear.) Note: If you disable password-clear and also disable the password-recovery option, you must also specify whether to its factory default configuration. password-clear: Enabled. - You can still recover from a lost password by using the Reset+Clear button combination at reboot as ...-clear is pressed. To re-enable password-clear, you can then get access to the switch to its default configuration (enabled, with reset-on page 2-25. Configuring Username and Password Security Front-Panel Security Re-Enabling the Clear Button and Setting or Changing the "Reset-On-Clear...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 74
...used for this button combination to replace the switch's current configuration with the factory-default startup-config file, then reboots the switch, and removes local password protection. Configuring Username and Password Security Front-Panel Security Shows password-clear disabled. Figure 2-12. Syntax:... startup-config file • Clearing any local usernames and passwords configured on -clear disabled. Enables password-clear, with reset-onclear disabled by the "no " form of the Reset+Clear Combination In their default configuration, using the Reset+Clear buttons in the...
...used for this button combination to replace the switch's current configuration with the factory-default startup-config file, then reboots the switch, and removes local password protection. Configuring Username and Password Security Front-Panel Security Shows password-clear disabled. Figure 2-12. Syntax:... startup-config file • Clearing any local usernames and passwords configured on -clear disabled. Enables password-clear, with reset-onclear disabled by the "no " form of the Reset+Clear Combination In their default configuration, using the Reset+Clear buttons in the...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 75
... prior to an attempt to recover from a lost username/password situation ■ Contacting your ProCurve Customer Care Center to acquire a one-time- Using Password Recovery requires: ■ password-recovery enabled (the default) on the switch. use password Disabling or Re-... recover from a lost manager username/password situation without resetting the switch to its factory default configuration) in the event that the system administrator loses the local manager username (if configured) or password. In this caution. Configuring Username and Password Security Password Recovery ...
... prior to an attempt to recover from a lost username/password situation ■ Contacting your ProCurve Customer Care Center to acquire a one-time- Using Password Recovery requires: ■ password-recovery enabled (the default) on the switch. use password Disabling or Re-... recover from a lost manager username/password situation without resetting the switch to its factory default configuration) in the event that the system administrator loses the local manager username (if configured) or password. In this caution. Configuring Username and Password Security Password Recovery ...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 76
... a lost password. Note: To disable password-recovery: - You must be enabled (the default). (Default: Enabled.) Steps for recovering from the network to recover a lost manager username (if configured) and password. When this feature is disabled, the password recovery process is ...1. Do one of the following command: no " form of disabling the password-recovery parameter. 2-33 Configuring Username and Password Security Password Recovery factory-default configuration. This can use the front-panel-security factoryreset command to the front panel of the switch. 4. Press...
... a lost password. Note: To disable password-recovery: - You must be enabled (the default). (Default: Enabled.) Steps for recovering from the network to recover a lost manager username (if configured) and password. When this feature is disabled, the password recovery process is ...1. Do one of the following command: no " form of disabling the password-recovery parameter. 2-33 Configuring Username and Password Security Password Recovery factory-default configuration. This can use the front-panel-security factoryreset command to the front panel of the switch. 4. Press...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 77
To use the Reset+Clear button combination described under "Restoring the Factory Default Configuration" on page 2-25. Because the password algorithm is randomized based upon your ProCurve Customer Care Center for further assistance. Note the switch's ...Password Recovery Process If you have disabled password-recovery, which locks out the ability to recover a manager username/password pair on the upper right front corner of the Steps for a single login attempt. Configuring Username and Password Security Password Recovery Figure 2-14. You cannot use the same "one -time use" alternate...
To use the Reset+Clear button combination described under "Restoring the Factory Default Configuration" on page 2-25. Because the password algorithm is randomized based upon your ProCurve Customer Care Center for further assistance. Note the switch's ...Password Recovery Process If you have disabled password-recovery, which locks out the ability to recover a manager username/password pair on the upper right front corner of the Steps for a single login attempt. Configuring Username and Password Security Password Recovery Figure 2-14. You cannot use the same "one -time use" alternate...
HP ProCurve Series 6120 Blade Switches Access Security Guide
Page 81
...client, the switch grants access to the RADIUS server for clients that are not capable of 32 clients is supported on the port. (The default is one client.) Web and/or MAC authentication and MAC lockdown, MAC lockout, and portsecurity are mutually exclusive on a given port. MAC ... MAC address cannot be authenticated by both Web and MAC authentication at the same time. 3-4 A maximum of providing interactive logons, such as the username and password, and grants or denies network access in the same way that it does for clients capable of interactive logons. (The process does not...
...client, the switch grants access to the RADIUS server for clients that are not capable of 32 clients is supported on the port. (The default is one client.) Web and/or MAC authentication and MAC lockdown, MAC lockout, and portsecurity are mutually exclusive on a given port. MAC ... MAC address cannot be authenticated by both Web and MAC authentication at the same time. 3-4 A maximum of providing interactive logons, such as the username and password, and grants or denies network access in the same way that it does for clients capable of interactive logons. (The process does not...