HP ProCurve 9304M Security Manual page 32

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

1. Start a CLI session over the serial interface to the device.

2. Reboot the device.

3. At the initial boot prompt at system startup, enter b to enter the boot monitor mode.

4. Enter no password at the prompt. (You cannot abbreviate this command.) This command will cause the

device to bypass the system password check.

5. Enter boot system flash primary at the prompt.

6. After the console prompt reappears, assign a new password.

Displaying the SNMP Community String

If you want to display the SNMP community string, enter the following commands:

ProCurveRS(config)# enable password-display

ProCurveRS(config)# show snmp server

The enable password-display command enables display of the community string, but only in the output of the

show snmp server command. Display of the string is still encrypted in the startup-config file and running-config.

Enter the command at the global CONFIG level of the CLI.

Disabling Password Encryption

When you configure a password, then save the configuration to the HP device's flash memory, the password is

also saved to flash as part of the configuration file. By default, the passwords are encrypted so that the passwords

cannot be observed by another user who displays the configuration file. Even if someone observes the file while it

is being transmitted over TFTP, the password is encrypted.

NOTE: You cannot disable password encryption using the Web management interface.

If you want to remove the password encryption, you can disable encryption by entering the following command:

ProCurveRS(config)# no service password-encryption

Syntax: [no] service password-encryption

Specifying a Minimum Password Length

By default, the HP device imposes no minimum length on the Line (Telnet), Enable, or Local passwords. You can

configure the device to require that Line, Enable, and Local passwords be at least a specified length.

For example, to specify that the Line, Enable, and Local passwords be at least 8 characters, enter the following

command:

ProCurveRS(config)# enable password-min-length 8

Syntax: enable password-min-length <number-of-characters>

The <number-of-characters> can be from 1 – 48.

Setting Up Local User Accounts

You can define up to 16 local user accounts on an HP device. User accounts regulate who can access the

management functions in the CLI using the following methods:

•

Telnet access

•

Web management access

•

S NMP access

Local user accounts provide greater flexibility for controlling management access to HP devices than do

management privilege level passwords and SNMP community strings of SNMP versions 1 and 2. You can

2 - 16

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 32

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents