====== Recovery password ====== **Resetting Admin Password** This section describes how to reset the password for the default administrator user account (admin) on the managed device. Use this procedure if the administrator user account password is lost or forgotten. - Connect a local console to the serial port on the managed device. - From the console, login into the managed device as a password recovery user. For information, read Password Recovery user. - Enter configuration mode by typing in configure terminal. - To reset the administrator user account password, use the mgmt-user admin root command. - Enter a new password for this account and retype the same to confirm. - Exit from the configuration mode and the user mode. If you have defined a management user password policy, make sure that the new password conforms to this policy. For details, see Implementing Specific Management Password Policy. The following is an example of how to reset the admin password as a default password recovery user. If you have configured an alternate password recovery user, use its credentials to login to the controller. The commands in bold type are what you enter: **User: password** **Password: forgetme!** (host) #**configure terminal** Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #**mgmt-user admin root** Password:******** Re-Type password:******** (host) (config) #**exit** (host) #**exit** **Password Recovery user** A password recovery user is a management user with root rights that is used to reset the admin password in the event of a lost or forgotten password. Starting with ArubaOS 8.4.0.0, a configurable alternate password recovery user can be created in addition to the default password recovery feature. Note: Password recovery access using either the default password recovery user or the alternate password recovery user is allowed only through the serial console of a controller. Note: Password recovery users can be configured only through SSH sessions and serial console sessions with a controller and not through WebUI. Note: Aruba recommends to enable the default password recovery user before generating and sharing the tech-support logs or configuration files with customer support. Note: It is recommended that either the default password recovery user is disabled or the alternate password recovery user is configured when setting up the network to ensure. This is to ensure that there are no vulnerabilities. **Default password recovery user** In the event of a lost/forgotten password, the administrator can login to the controller and reset the admin password as the default password recovery user using the username password and the password forgetme!. The default password recovery user is defined and is enabled by default . Disabling the Default password recovery user is recommended if the network uses a TACACS server to authenticate its management users. To disable the default password recovery user, execute the following command in the configuration mode: (host) (config) #**password-recovery-disable** To enable the default password recovery user, execute the following command in the configuration mode: (host) (config) #**no password-recovery-disable** **Alternate password recovery user** Starting with ArubaOS 8.4.0.0, an alternate password recovery user with a username and password can be created to reset the admin password. The alternate user’s username can be 16 characters long and the password can be 32 characters long. Configuring the alternate password recovery user automatically disables the default password recovery user. Configuring the alternate password recovery user is highly recommended if the network is managed locally. Note: The alternate password recovery user will not be shown in the management user section of the WebUI. This user role cannot be configured through the WebUI. To configure the alternate password recovery user, execute the following command in the configuration mode: (host) (config) #**password-recovery-user ** Password:****** Re-Type password:****** To disable the alternate password recovery user, execute the following command in the configuration mode: (host) (config) #**no password-recovery-user** The following is an example to configure the alternate password recovery user: (host) #configure terminal Enter Configuration commands, one per line. End with CNTL/Z (host) (config) #**password-recovery-user recadmin** Password:****** Re-Type password:****** (host) (config) #**exit** Use the show mgmt-user command to view the configured management users and the status of the default password recovery user. The following is an example of the show mgmt-user command with the default password recovery user enabled. (host) #**show mgmt-user** Default password recovery user: Enabled Management User Table --------------------- USER PASSWD ROLE STATUS ---- ------ ---- ------ admin ***** root ACTIVE The following is an example of the show mgmt-user command when the alternate password recovery user is configured. (host) #**show mgmt-user** Default password recovery user: Disabled Management User Table --------------------- USER PASSWD ROLE STATUS ---- ------ ---- ------ admin ***** root ACTIVE recadmin ***** passR ACTIVE ---- ---- ====== Using Clear/Reset ====== **Procedure** - Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch. - Continue to press the Clear button while releasing the Reset button. - When the Self Test LED begins to flash, release the Clear button. The switch then completes its self test and begins operating with the configuration restored to the factory default settings. **Restoring the Factory Default Configuration** You can also use the Reset button together with the Clear button (Reset+Clear) to restore the factory default configuration for the switch. To do this: 1. Press and hold the Reset button. {{ :aruba_networks:switch:2930f:figure_2-13_272x144.png?200 |}} 2. While holding the Reset button, press and hold the Clear button. {{ :aruba_networks:switch:2930f:figure_2-14_272x142.png?200 |}} 3. Release the Reset button. {{ :aruba_networks:switch:2930f:figure_2-15_363x142.png?200 |}} 4. When the Test LED to the right of the Clear button begins flashing, release the Clear button. {{ :aruba_networks:switch:2930f:figure_2-13_272x144.png?200 |}} 5. It takes approximately 20-25 seconds for the switch to reboot. This process restores the switch configuration to the factory default settings. ---- ---- ====== Aruba 3810M Switch Series - LED Indicators ====== Switch and port LEDs on front of the switches Front of Switch Status and Mode LED Behavior describes the switch chassis and Flex Port status LEDs and also the Switch Mode LEDs. Below table describes the switch Port LEDs and their different mode behaviors. {{ :aruba_networks:switch:2930f:3810m.jpg?600 |}} ^ Label ^ Description ^ | 1 | Switch Port LEDs | | 2 | LED Mode button | | 3 | Speed LED | | 4 | PoE LED | | 5 | Usr LED | | 6 | Reset button | | 7 | Clear button | | 8 | Back Module status LED | | 9 | Aux Port status LED | | 10 | Unit Identification LED | | 11 | Global status LED | ===== Switch and port LEDs for JL075A ===== {{ :aruba_networks:switch:2930f:3810m-2.jpg?600 |}} Switch and Port LEDs Label and Description for **JL075A** ^ Label ^ Description ^ | 1 | Switch Port LEDs | | 2 | LED Mode button | | 3 | Speed LED | | 4 | Usr LED | | 5 | Reset button | | 6 | Clear button | | 7 | Back Module status LED | | 8 | Aux Port status LED | | 9 | Unit Identification LED | | 10 | Global status LED | **[[https://support.hpe.com/hpesc/public/docDisplay?docId=sf000094063en_us&docLocale=en_US|Aruba 3810M Switch Series - LED Indicators]]** ---- ---- ===== ROM information: ===== Enter h or ? for help. =>**h** =>**erase-all** The system will boot to the last-booted software image and all management module files except software images will be erased. Continue (y/n)? **y** **Booting Primary Software Image...** Aruba-Stack-3810M# ---- ---- ====== Access Security guide ====== password all aaa authentication local-user "admin" group "Level-15" aaa authentication local-user "admin" group "Level-15" password plaintext New password for admin: ********** Please retype new password for admin: ********** no aaa authentication local-user localuser no password operator password manager {{ :aruba_networks:switch:2930f:configuration:access_security_guide_2930f.pdf |Access Security Guide 2930F}} {{pdfjs 46em >:aruba_networks:switch:2930f:configuration:access_security_guide_2930f.pdf }}