Configuring secure mode

When using enhanced secure mode, several commands have differences from standard secure mode in their options or output. To transition from one security mode to the other, enter this command from a serial terminal connected to the switch.

Syntax


secure-mode <standard | enhanced>

Enables the selected secure mode. This command must be executed from a serial terminal.


standard

Use standard security. This is the default.


enhanced

Use enhanced security

switch(config)# secure-mode enhanced
Validating software and configurations, this may take a
minute...
The system will be rebooted and all management module files
except software images will be erased and zeroized. This
will take up to 60 minutes and the switch will not be usable
during that time. A power-cycle will then be required to
complete the transition. Continue (y/n)? y
(Switch reboots...)
.
Zeroizing the file system ... 100%
Verifying cleanness of the file system... 100%
Restoring firmware image and other system files...
Zeroization of file system completed
Continue initializing...
...
switch(config)# show secure-mode
Level: Enhanced

If the secure-mode transition fails, this message displays:

Secure-mode transition failed.