Manualshelf

System information

ManualsBrandsAllied Telesis ManualsComputer equipmentAT-2501 Series
11121314151617181920
Operation 1-17
Software Release 2.0.1
C613-03018-00 REV A
Recovering Lost Passwords
If a user forgets their password, the password can be reset from an account
with MANAGER privilege, using the command:
SET USER=login-name PASSWORD=password
Passwords for accounts with MANAGER privilege can be reset with the same
command, provided the manager can login to at least one account with
MANAGER privilege. However, in the event that all manager account
passwords are forgotten, the password for the MANAGER account can be reset
to the default password “friend” using the following procedure:
1. Switch the router off at the power supply and remove the router lid.
2. Set switch 3 of the DIP switch package on the CPU board to “ON”. See the
relevant section of Appendix A, Hardware for the specific router model.
3. Restart the router. The router will not become operational but as the startup
sequence completes the MANAGER account is restored to its default
settings and a startup message is displayed to this effect.
4. Switch the router off at the power supply.
5. Set switch 3 of the DIP switch package on the CPU board to “OFF”. See the
relevant section of Appendix A, Hardware for the specific router model.
6. Replace the lid and restart the router. After the startup sequence the router
will become operational with the MANAGER account restored to its default
settings.
Asynchronous Port Security
Asynchronous ports may be set to SECURE mode, using the command:
SET PORT SECURE=ON
See Chapter 2, Interfaces for a detailed description of the SET PORT command
on page 2-32 of Chapter 2, Interfaces. By default, all asynchronous ports are set
to SECURE mode. Telnet sessions are always in SECURE mode. A user
accessing the router via a terminal connected to an asynchronous port in
SECURE mode, or via Telnet, must login before the router will accept any other
commands. When a user Telnets to a router the login and password prompts
are always displayed. The password prompt is displayed even if the login
name does not match an entry in the User Authentication Database, to make it
more difficult for an intruder to discover a valid login name. When a login
name and password is entered that does not match an entry in the database,
and is not accepted by any defined TACACS servers, the login sequence is
repeated. If successive login failures occur, the login prompt is withheld for a
specified lockout period. This makes it much more difficult for an intruder to
randomly try login names and passwords hoping to gain entry. A log message
is generated when the number of retries for a connection is exceeded and the
lockout period is instigated. Telnet logins from an offending IP address are also
locked out for this period once the permitted number of failures is exceeded.
The number of login attempts permitted and the length of the lockout period
can be configured with the command:
SET USER [LOGINFAIL=1..10] [LOCKOUTPD=0..30000]