Front panel security

Aruba switches use Reset and Clear buttons, on the front panel, to allow users to reset the switch configuration to factory default or to reset the console password. This capability creates a security and denial-of-service risk if the switch is in a location where it is impossible to prevent physical access to the front panel. It is recommended that administrators disable these features to prevent malicious use by an attacker with physical access to the device.

It is critical to understand that disabling these features severely restricts administrator options if the manager password is lost or forgotten. Before making these changes, users are encouraged to review all considerations outlined in the section “Front panel security” in the chapter titled “Configuring Username and Password Security” in the ArubaOS-Switch Access Security Guide.

The following two commands will disable the front-panel buttons:

switch(config)# no front-panel-security password-clear 
switch(config)# no front-panel-security factory-reset