Introduction

Securing a network device is important in any environment.
Below are some common security practice to keep a device from unauthorized access.

Securing User accounts

Create new user for administrating the device

Users can be created by running username command under global config mode.
Username and password are case sensitive and cannot be omitted.

Example:

awplus(config)# username zein privilege 15 password xyzxyzxyz ↓

Set up an enable secret

By using enable secret, it sets a password to enter privileged mode as well as encrypt the password in a hashed form.
Example:

awplus(config)# enable secret XXXXXXXX ↓

Remove the default account

To remove user, use command no username 

**Do not remove default account before another account is created to manage the device with privilege 15*
Example:

awplus(config)# no username manager ↓

Encrypt user password in config file

To encrypt user password, use command service password-encryption
Example:

awplus(config)# service password-encryption ↓

Securing CLI

To secure CLI, disable telnet and use SSH instead.
Example:

awplus(config)# no service telnet ↓
awplus(config)# service ssh ↓

Add user to allowed SSH users list
Example:

awplus(config)# ssh server allow-users zein ↓

Securing GUI

GUI of Allied Telesis's switch use HTTPS by default. all traffic is encrypted.

Securing SNMP

Turn off SNMP with command below if SNMP is not used.
Example:

awplus(config)# no snmp-server ↓

We recommend use snmpv3 for its superior security.