Configuring password security

To set up password security:

Procedure
  1. Set a Manager password pair (and an operator password pair, if applicable for your system).
  2. Exit from the current console session. A Manager password pair will now be needed for full access to the console.

If you do steps 1 and 2, above, then the next time a console session is started for either the menu interface or the CLI, a prompt appears for a password. Assuming you have protected both the manager and operator levels, the level of access to the console interface is determined by which password is entered in response to the prompt.

If you set a manager password, you may also want to configure an inactivity timer. Doing this causes the console session to end after the specified period of inactivity, thus giving you added security against unauthorized console access.

NOTE:

If the console inactivity-timer expires, any outbound Telnet or SSH sessions open on the switch are terminated.

You can use either of the following to set the inactivity timer:

  • Menu Interface: System Information screen, Select option 2 — Switch Configuration.

  • CLI: Use the command (and options) as follows:

    console inactivity-timer <0|1|5|10|15|20|30|60|120>

CAUTION:

If the switch has no a manager or operator password, anyone having access to the switch through either Telnet, the serial port, or the WebAgent can access the switch with full manager privileges. Also, if you configure only an operator password, entering the operator password enables full manager privileges.

NOTE:

The manager and operator passwords and (optional) usernames control access to the menu interface, CLI, and WebAgent.

If you configure only a manager password (with no operator password), and in a later session the manager password is not entered correctly in response to a prompt from the switch, then the switch does not allow management access for that session.

If the switch has a password for both the manager and operator levels, and neither is entered correctly in response to the switch password prompt, then the switch does not allow management access for that session.

Passwords are case-sensitive.