Configuring Username and Password Security > Password recovery

  

 next

Password recovery

The password recovery feature is enabled by default and provides a method for regaining management access to the switch (without resetting the switch to its factory default configuration) in the event that the system administrator loses the local manager username (if configured) or password. Using password recovery requires:

  • password-recovery enabled (the default) on the switch prior to an attempt to recover from a lost username/password situation

  • Contacting your HP Customer Care Center to acquire a one-time-use password

Disabling or re-enabling the password recovery process

Disabling the password recovery process means that the only method for recovering from a lost manager username (if configured) and password is to reset the switch to its factory-default configuration, removing any non-default configuration settings.
[CAUTION: ]

CAUTION: Disabling password-recovery requires that factory-reset be enabled, and locks out the ability to recover a lost manager username and password on the switch. In this event, there is no way to recover from a lost manager username/password situation without resetting the switch to its factory default configuration. This can disrupt network operation and make it necessary to temporarily disconnect the switch from the network to prevent unauthorized access and other problems while it is being reconfigured. Also, with factory-reset enabled, unauthorized users can use the Reset +Clear button combination to reset the switch to factory default configuration and gain management access to the switch.

Syntax:

[no] front-panel-security password-recovery

Enables or disables the ability to recover a lost password.

When enabled, the switch allows management access through the password recovery process described below. This provides a method for recovering from lost manager usernames and passwords.

When disabled, the password recovery process is disabled and the only way to regain management access to the switch is to use the Reset+Clear button combination. See Restoring the factory default configuration to restore the switch to its factory default configuration.

Default: Enabled.
[NOTE: ]

NOTE: To disable password-recovery:

  • You must have physical access to the front panel of the switch.

  • The factory-reset replaceable must be enabled (the default).

Steps for disabling password-recovery:

  1. Set the CLI to the global interface context.

  2. Use show front-panel-security to determine whether the factory-reset parameter is enabled. If it is disabled, use the front-panel-security factory-reset command to enable it.

  3. Press and release the Clear button on the front panel of the switch.

  4. Within 60-seconds of pressing the Clear button, enter the following command:

    [no] front-panel-security password-recovery

  5. Do one of the following after the CAUTION message appears:

    • If you want to complete the command, press [Y] (for "Yes").

    • If you want to abort the command, press [N] (for "No")

Steps for disabling password-recovery

Switch(config)# no front—panel—security password—recovery
                         **** CAUTION ****
Disabling the clear button without password recovery prevents switch passwords
from being reset. If the switch password is lost, restoring the default factory
configuration will be required to regain access!

Continue with disabling password recovery [y/n]?

Password recovery process

If you lose the manager username/password, but password-recovery is enabled, then you can use the password recovery process to gain management access to the switch with an alternate password supplied by HP Networking Support.
[NOTE: ]

NOTE: Disabled password-recovery locks out the ability to recover a manager username/password pair on the switch. The only way to recover from this is to use the Reset+Clear button combination described under Restoring the factory default configuration. This disrupts network operation and necessitates temporarily disconnecting the switch from the network to prevent unauthorized access and other problems while it is being reconfigured.

To recover a lost password:

  1. Note the switch base MAC address. It is shown on the label located on the upper right front corner of the switch.

  2. Contact HP Networking Support for further assistance. Using the switch MAC address, HP Networking Support will generate and provide a "one-time use" alternate password to gain management access to the switch. Once you gain access, configure a new, known password.
[NOTE: ]

NOTE: The alternate password provided by HP Networking Support is valid only for a single login attempt. You cannot use the same "one-time-use" password if you lose the password a second time. Because the password algorithm is randomized based upon your switch MAC address, the password will change as soon as you use the "one-time-use" password provided by HP Networking Support.

prev

 

up

 next

Front panel security 

home

 Web and MAC Authentication

Copyright © 2015 Hewlett-Packard Development Company, L.P.