How to set passwords from the CLI?

Michael McNamara — Wed, 12 Mar 2008 02:00:00 +0000

There have been quite a few comments posted to the Factory Reset Nortel Ethernet Switch article. One of those comments requested some help in how to set the passwords from the CLI (command line interface). You’ll obviously need the read-write password in order to login to the switch and reset the passwords. Without the read-write password you’ll need to factory reset the switch.

Note: I’m still trying to figure out the best way to display the CLI stuff… if I use the PRE HTML tag the font is really too small, if I don’t use the PRE HTML tag the formatting (spacing) gets lost making it difficult to compare the post with the real world output from a CLI interface.

Nortel Ethernet Routing Switch 5500 Series (v5.1)

Here’s how to set the passwords on the Nortel Ethernet Routing Switch 5500 Series (v5.1 software).

5520-48T-PWR>enable
5520-48T-PWR#config term
Enter configuration commands, one per line.  End with CNTL/Z.

What’s the syntax to set the read-only and read-write passwords?

5520-48T-PWR(config)#cli password ?
read-only   Modify read-only password
read-write  Modify read-write password
serial      Enable/disable serial port password.
telnet      Enable/disable telnet and web password.

We’ll use the commands below to set the read-only (RO) password to “readonlypassword” and the ready-write (RW) passwords to “readwritepassword”;

5520-48T-PWR(config)#cli password read-only readonlypassword
5520-48T-PWR(config)#cli password read-write readwritepassword

What is the syntax to enable the passwords on the serial and telnet interfaces?

5520-48T-PWR(config)#cli password serial ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.
tacacs  Use TACACS+ AAA services

5520-48T-PWR(config)#cli password telnet ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.
tacacs  Use TACACS+ AAA services

We’ll use the commands below to set the serial and telnet interface to use the local passwords we’ve just configured above. You could also use RADIUS and TACACS authentication if you set it up.

5520-48T-PWR(config)#cli password serial local
5520-48T-PWR(config)#cli password telnet local

And let’s not forget to save the configuration file (even though the switch should auto-save it).

5520-48T-PWR(config)#copy config nvram
5520-48T-PWR(config)#exit
5520-48T-PWR#disable
5520-48T-PWR>

Nortel Ethernet Routing Switch 4500 Series (v5.0)

The Nortel Ethernet Routing Switch 4500 Series (v5.0 software) is piratically identical to the 5500 series except that it does not yet support TACACS authentication.

4548GT-PWR(config)#cli password ?
read-only   Modify read-only password
read-write  Modify read-write password
serial      Enable/disable serial port password.
telnet      Enable/disable telnet and web password.

4548GT-PWR(config)#cli password serial ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

4548GT-PWR(config)#cli password telnet ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

Nortel Ethernet Switch 460/470 (v3.7.2)

The Nortel Ethernet Switch 460/470 (v3.7.2 software) is identical to the ERS 4500 series.

470-48T>enable
470-48T#config term
Enter configuration commands, one per line.  End with CNTL/Z.

470-48T(config)#cli password ?
read-only   Modify read-only password
read-write  Modify read-write password
serial      Enable/disable serial port password.
telnet      Enable/disable telnet and web password.

470-48T(config)#cli password serial ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

470-48T(config)#cli password telnet ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

Hopefully this should help a few folks out.

Cheers!