Enabling and disabling password recovery

Disabling the password recovery process means that the only method for recovering from a lost manager user name and password is to reset the switch to its factory-default configuration, removing any non-default configuration settings.

CAUTION:

Disabling password-recovery requires that factory-reset be enabled, and locks out the ability to recover a lost manager user name and password on the switch. In this event, there is no way to recover from a lost manager user name/password situation without resetting the switch to its factory default configuration. This can disrupt network operation and make it necessary to temporarily disconnect the switch from the network to prevent unauthorized access and other problems while it is being reconfigured. Also, with factory-reset enabled, unauthorized users can use the Reset +Clear button combination to reset the switch to factory default configuration and gain management access to the switch.

Syntax

no front-panel-security password-recovery

Enables or disables the ability to recover a lost password.

When enabled the switch allows management access through the password recovery process described below. This provides a method for recovering from lost manager user names and passwords.

When disabled the password recovery process is disabled and the only way to regain management access to the switch is to use the Reset+Clear button combination. See Restoring the factory default configuration to restore the switch to its factory default configuration.

Default: Enabled.

NOTE:

To disable password-recovery:

  • You must have physical access to the front panel of the switch.

  • The factory-reset replaceable must be enabled (the default).

For redundant management systems, this command only affects the active management module.

To disable password-recovery:

Procedure
  1. Set the CLI to the global interface context.
  2. Use show front-panel-security to determine whether the factory-reset replaceable is enabled. If it is disabled, use the front-panel-security factory-reset command to enable it.
  3. Press and release the Clear button on the front panel of the switch.
  4. Within 60 seconds of pressing the Clear button, enter the following command: no front-panel-security password-recovery
  5. Do one of the following after the CAUTION message appears:
    1. If you want to complete the command, press [Y] (for "Yes").
    2. If you want to abort the command, press [N] (for "No").

Example

Figure 21: Example of the steps for disabling password-recovery