Configuring front panel security

Syntax 

show front-panel-security

Displays the current front panel security settings:

clear password

Shows the status of the Clear button on the front panel of the switch. Enabled means that pressing the Clear button erases the local user names and passwords configured on the switch (and thus removes local password protection from the switch.) Disabled means that pressing the Clear button does not remove the local user names and passwords configured on the switch.

Default: Enabled

reset-on-clear shows the status of the option enabled or disabled. When reset-on-clear is disabled and the commandclear password is enabled, then pressing the Clear button erases the local user names and passwords from the switch. When reset-on-clear command is enabled, pressing the Clear button erases the local user names and passwords from the switch and reboots the switch. Enabling reset-on-clear automatically enables the clear-password command.

Default: Disabled.

NOTE:

If you have stored security credentials (including the local manager and operator user names and passwords) to the running config file by entering the include-credentials command, the reset-on-clear option is ignored. If you press the Clear button on the front panel, the manager and operator user names and passwords are deleted from the startup configuration file, but the switch does not reboot.

factory reset

Shows the status of the system Reset button on the front panel of the switch. Enabled means that pressing the system Reset button reboots the switch and also enables the system Reset button to be used with the Clear button. See Restoring the factory default configuration to reset the switch to its factory-default configuration.

Default: Enabled.

password recovery

Shows whether the switch is configured with the ability to recover a lost password. See Recovering passwords. Default: Enabled.

CAUTION:

Disabling this option removes the ability to recover a password on the switch. Disabling this option is an extreme measure and is not recommended unless you have the most urgent need for high security. If you disable password-recovery and then lose the password, you must use the Reset and Clear buttons, see Restoring the factory default configuration to reset the switch to factory default configuration and create a new password.

Using this command from the global configuration context in the CLI you can:

  • Disable or re-enable the password clearing function of the Clear button. Disabling the Clear button means that pressing it does not remove local password protection from the switch. This action affects the Clear button when used alone, but does not affect the operation of the Reset+Clear combination described under Restoring the factory default configuration.

  • Configure the Clear button to reboot the switch after clearing any local user names and passwords. This provides an immediate, visual means (plus an Event Log message) for verifying that any user names and passwords in the switch have been cleared.

  • Modify the operation of the Reset+Clear combination, see Restoring the factory default configuration so that the switch still reboots, but does not restore the switch factory default configuration settings. (Use of the Reset button alone, to simply reboot the switch, is not affected.)

  • Disable or re-enable password recovery.

Example

executing show front-panel-security produces the following output when the switch is configured with the default front panel security settings.

The default front-panel security settings