User Account Management

User Account Management

1. Function Overview

This product provides the functions shown below for managing user accounts.

  • Functions for setting user information

  • Functions for user authentication by user name and password

2. Definition of Terms Used

Default Administrative User
Users with administrator rights specified in default factory settings.
Username: admin and password: admin

Administrative User
Users with administrator rights.
Administrative users are users with the privilege option switched on using the username command.

General User
Users without administrator rights and that require entering the privileged password in order to access the privileged EXEC mode.
General users are users with the privilege option switched off using the username command.

Privileged Password
The password used to assign administrator rights and specified using the enable password command.

Unnamed User
Users with a blank username setting.
Rev. 1.03.12 or earlier firmware versions permitted using unnamed user accounts under factory default settings, but unnamed user accounts were eliminated for newer firmware versions with stronger user account management functionality.

3. Function Details

3.1. User account function settings

3.1.1. User information settings

Use the username command to specify the following user information.

  • User name

  • Password

  • Assignment of administrator rights

With factory default settings, the administrative username and password are both “admin”.

3.1.2. Setting the privileged password

The privileged password is set using the enable password command.
The privileged password is used for the following applications.

  • To initialize devices

  • To transition users without administrator rights to the privileged EXEC mode by using the console

  • To use a TFTP client to send a config file or firmware to the switch

admin” is the privileged password specified in default factory settings, but the operations described above cannot be performed if the privileged password is the default setting.
To perform any of those operations, change the privileged password in advance.

3.1.3. Administrator rights

User login operations can be restricted depending on whether or not the user has administrator rights.

  • Administrative users (users with administrator rights) can change device settings or update firmware.

  • General users (users without administrator rights) can only view device information without changing any settings.

Specifically, the following differences apply depending on whether or not the user has administrator rights.

CLI

Web GUI

Administrative user (with rights)

General user (without rights)

Administrative user (with rights)

General user (without rights)

Show device information

Yes

Yes

Yes

Yes

View settings

Yes

No

Yes

Limited (*1)

Change settings

Yes

No

Yes

No

Restart or initialize devices

Yes

No

Yes

No

Update firmware

Yes

No

Yes

No

*1: Cannot view passwords or other security-related settings.

Once the enable command is executed and the privileged password is entered, the privileged EXEC mode can be accessed to perform operations equivalent to an administrative user, even if logged in as a general user.
For information about the rights required to execute each command, refer to the command reference.

3.1.4. Encrypt password

Specified passwords can be encrypted using the password-encryption command.
To encrypt a password, specify the password-encryption enable setting.
Once a password has been encrypted, it cannot be restored to an unencrypted character string state, even by specifying the password-encryption disable setting.
Encryption applies to the passwords specified by the following commands.

  • enable password command

  • username command

3.2. User authentication

3.2.1. When logging in to the console

When the following login prompt appears after connecting to the console, log in by entering the specified username and password.

Username:
Password:

For factory default settings, log in by entering “admin” as the default administrative username (and “admin” as the password).
After using “admin” to log in, the password must be changed to specify a new password.

Username: admin
Password: (1)

SWX2210P-10G Rev.1.03.13 (Fri Aug  2 19:08:24 2024)
  Copyright (c) 2018-2024 Yamaha Corporation. All Rights Reserved.

Please change the default password for admin.
New Password: (2)
New Password(Confirm): (3)
Saving ...
Succeeded to write configuration
1 Enter “admin”
2 Enter the new password.
3 Enter the same password again.

If an incorrect password is entered three successive times, login by that same user is restricted for one minute.

Username: User
Password:
% Incorrect username or password, or login as User is restricted.
Password:
% Incorrect username or password, or login as User is restricted.
Password:
% Incorrect username or password, or blocked upon 3 failed login attempts for User.
% Please try again later.

If a login restriction occurs, the following message is output in the INFO level SYSLOG.

Connection method

Output message

Serial console

Login access from serial console as \{username} was restricted

TELNET

Login access from TELNET as \{username} was restricted: \{IP address}

Web GUI

Login access from HTTP as \{username} was restricted: \{IP address}

Note that if a user with a login restriction enters an incorrect password again, the remaining time until the restriction is cancelled is reset to one minute again.

3.2.2. When logging in to the web GUI

When the following login form appears after accessing the web GUI, log in by entering the specified username and password.

image

For factory default settings, log in by entering “admin” as the default administrative username (and “admin” as the password).
Then specify a new password because the login password must be changed after logging in with factory settings.

image

4. Related Commands

Related commands are indicated below.
For details, refer to the Command Reference.

Operations Operating commands

Setting the privileged password

enable password

Encrypt password

password-encryption

Set user

username

Show user information

show users

5. Examples of Command Execution

5.1. Setting the administrator password

Specify yamaha_admin as the administrator password.

Yamaha>enable
Yamaha#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Yamaha(config)#enable password yamaha_admin

5.2. Adding a user

Grant privilege options to the user yamaha, and assign the password yamaha_pass.

Yamaha#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Yamaha(config)#username yamaha privilege on password yamaha_pass
Yamaha(config)#exit
Yamaha#exit

Username: yamaha
Password:

SWX2210P-10G Rev.1.03.13 (Fri Aug  2 19:08:24 2024)
  Copyright (c) 2018-2024 Yamaha Corporation. All Rights Reserved.

Yamaha>enable
Yamaha#

6. Points of Caution

  • If no administrative user (user with administrator rights) exists in startup-config when the product is booted, then a default administrative user (with username “admin” and password “admin”) will be added automatically.
    For example, that would occur in the following case.

    • Product is booted with factory default settings configured

    • Firmware is updated to a newer version than Rev. 1.03.12 after the product was operated using Rev. 1.03.12 or older firmware and only unnamed users.

  • If a user with no password is specified in startup-config when the product is booted, then a password with the same character string as the username will be added automatically.
    For example, that would occur in the following case.

    • Firmware is updated to a newer version than Rev. 1.03.12 after Rev. 1.03.12 or older firmware was used to specify users with no password.

      Setting with Rev. 1.03.12 or earlier firmware version

      username yamaha1
      username yamaha2 privilege on

      Setting after updating firmware to a newer version than Rev. 1.03.12

      username yamaha1 password yamaha1
      username yamaha2 privilege on password yamaha2
  • If the password (admin) for the default administrative user admin is left unchanged, then the following restrictions are applied.

    • This product cannot be accessed by TELNET, HTTP, or HTTPS from a network segment other than a VLAN where an IPv4 or IPv6 address is set.

    • Login by users other than the default administrative user is not permitted.

      Username: yamaha
      Password:
      % Please login as user "admin".