Secure Mode allows the transition between standard secure mode and enhanced secure mode for several security functions. Standard secure mode is the existing, default security mode on the switch. Enhanced secure mode provides an additional level of switch security.
|
|
|
![[CAUTION: ]](images/caution.gif) |
CAUTION: For the 3800, 5400zl, and 8200zl switches, when transitioning between standard and enhanced secure mode, the switch must be removed from production and commands must be executed from a serial terminal connected to the switch. Executing the secure-mode command initiates a switch reboot which erases all the configuration files and everything on the compact flash card except the firmware images, similar to the erase all zeroize command. (See “Switch Memory and Configuration” in the Basic Operation Guide for your switch). After the system reboots, the switch must be power-cycled. |
|
|
|
|
|
![[NOTE: ]](images/note.gif) |
NOTE: For the 3800 switch, stacking and enhanced secure mode are mutually exclusive. If enhanced secure mode is enabled, you cannot enable stacking. If stacking is enabled, you cannot enable enhanced secure mode. |
|
|
The following rules are in effect when enhanced secure mode is enabled or the system is transitioning to enhanced secure mode.
-
Switching access levels, for example, from manager to operator, requires going through the appropriate authentication process for that access level.
-
Passwords must be at least 8 characters.
-
The password for operator, manager, or ROM cannot be disabled. See Secure Mode (3800, 5400zl, and 8200zl Switches).
-
If a password is changed, it has to be entered twice, unless it is already hashed by SHA1 in the existing command for Operator or Manager.
-
When setting the password at the Operator level, the word “Manager” cannot be a user name; conversely, when setting a password at the Manager level, the word “Operator” cannot be a user name. These are case-insensitive.
-
A password is required for every login regardless of access level. The user name corresponding to the login level (Manager/Operator) must be specified.
-
Access to ROM functionality is password protected.
-
When there is a Standby Management Module (SMM), the passwords are synchronized to the SMM.