Configuring front panel security

Using the front-panel-security command from the global configuration context in the CLI you can:

  • Disable or re-enable the password-clearing function of the Clear button. Disabling the Clear button means that pressing it does not remove local password protection from the switch. (This action affects the Clear button when used alone, but does not affect the operation of the Reset+Clear combination described under Restoring the factory default configuration.)

  • Configure the Clear button to reboot the switch after clearing any local usernames and passwords. This provides an immediate, visual means (plus an Event Log message) for verifying that any usernames and passwords in the switch have been cleared.

  • Modify the operation of the Reset+Clear combination so that the switch still reboots, but does not restore the switch’s factory default configuration settings. (Use of the Reset button alone, to simply reboot the switch, is not affected.)

  • Disable or re-enable Password Recovery.

Syntax: 


show front-panel-security

Displays the current front panel security settings:

clear password:

Shows the status of the Clear button on the front panel of the switch. Enabled means that pressing the Clear button erases the local usernames and passwords configured on the switch (and thus removes local password protection from the switch.) Disabled means that pressing the Clear button does not remove the local usernames and passwords configured on the switch.

Default: Enabled

reset-on-clear:

Shows the status of the option enabled or disabled. When reset-on-clear is disabled and the commandclear password is enabled, then pressing the Clear button erases the local usernames and passwords from the switch. When reset-on-clear command is enabled, pressing the Clear button erases the local usernames and passwords from the switch and reboots the switch. Enabling reset-on-clear automatically enables the clear-password command.

Default: Disabled.

NOTE:

If you have stored security credentials (including the local manager and operator usernames and passwords) to the running config file by entering the include-credentials command, the reset-on-clear option is ignored. If you press the Clear button on the front panel, the manager and operator usernames and passwords are deleted from the startup configuration file, but the switch does not reboot.

factory reset:

Shows the status of the system Reset button on the front panel of the switch. Enabled means that pressing the system Reset button reboots the switch and also enables the system Reset button to be used with the Clear button. See Restoring the factory default configuration to reset the switch to its factory-default configuration.

Default: Enabled.

password recovery:

Shows whether the switch is configured with the ability to recover a lost password. See Password recovery. Default: Enabled.

CAUTION:

Disabling this option removes the ability to recover a password on the switch. Disabling this option is an extreme measure and is not recommended unless you have the most urgent need for high security. If you disable password-recovery and then lose the password, you will have to use the Reset and Clear buttons, see Restoring the factory default configuration to reset the switch to factory default configuration and create a new password.

Executing the show front-panel-security command produces the following output when the switch is configured with the default front panel security settings:

The default front-panel security settings

switch(config)# show front-panel-security
Clear Password       - Enabled
 Reset-on-clear      - Disabled
Factory Reset        - Enabled