340 CHAPTER 20: P ASSWORD CONTROL CONFIGURATION OPERATIONSHistory passwordrecordingThe password configured and onceused by a user is called a history (old)password. The switch is able torecord the user history passwords.User cannot successfully updatetheir passwords if they use a historypassword.The history passwords are saved in areadable file in the flash memory sothey will not be lost when the switchreboots.The system hot-backs up the historypasswords such that they keepsynchronized between the primaryand secondary SRP cards (that is, themain control cards) of the switch.Telnet, SSH, super, and FTPpasswords.Password protectionand encryptionThe switch takes protection measureon the password displaying. Nomatter where a password isdisplayed (in the configuration file oron the command line), it is alwaysdisplayed as a string containing onlythe asterisk (*) characters.The switch encrypts the configuredpasswords and save the passwordsin ciphertext mode in theconfiguration file.Telnet, SSH, super, and FTPpasswords.Login attemptslimitation and failureprocessionYou can use this function to enablethe switch to limit the times of loginattempts allowed for each user.If the login attempt times of a userexceeds the configured maximumtimes, the user fails the login. In thiscase, the switch operates in one ofthe following procession mode:1 Inhibit the user from re-loginwithin a certain time period.After that period of time, theuser is allowed to log in theswitch again.2 Inhibit the user from re-loginforever. The user is allowed tolog in the switch again only afterthe administrator manuallyremoves the user from the userblacklist.3 Allows the user to log in again.By default, the switch adopts thefirst mode. In actual, you canconfigure the procession mode.Telnet, SSH, and FTPpasswords: the limitation andall the three modes ofprocession are applicable.Super passwords: thelimitation and the first modeof procession are applicable.Table 368 Functions Provided by Password ControlFunction Description Application
