Configuring Username and Password Security

Front-Panel Security

Shows password-clear disabled.

Enables password-clear, with reset-on- clear disabled by the “no” statement at the beginning of the command.

Shows password-clear enabled, with reset-on-clear disabled.

Figure 2-12. Example of Re-Enabling the Clear Button’s Default Operation

Changing the Operation of the Reset+Clear Combination

In their default configuration, using the Reset+Clear buttons in the combination described under “Restoring the Factory Default Configuration” on page 2-25replaces the switch’s current startup-config file with the factory-default startup-config file, then reboots the switch, and removes local password protection. This means that anyone who has physical access to the switch could use this button combination to replace the switch’s current configuration with the factory-default configuration, and render the switch accessible without the need to input a username or password. You can use the factory-resetcommand to prevent the Reset+Clear combination from being used for this purpose.

Syntax: [no] front-panel-security factory-reset

Disables or re-enables the following functions associated with using the Reset+Clear buttons in the combination described under “Restoring the Factory Default Configuration” on page

2-25:

Replacing the current startup-config file with the factory- default startup-config file

Clearing any local usernames and passwords configured on the switch

(Default: Both functions enabled.)

Notes: The Reset+Clear button combination always reboots the switch, regardless of whether the “no” form of the command has been used to disable the above two functions. Also, if you disable factory-reset, you cannot disable the password-recoveryoption, and the reverse.

2-31