Front panel security

The front panel security features provide the ability to independently enable or disable some of the functions of the two buttons located on the front of the switch for clearing the password (Clearbutton) or restoring the switch to its factory default configuration (Reset+Clear buttons together). The ability to disable password recovery is also provided for situations which require a higher level of switch security.

The front-panel security features are designed to prevent malicious users from:

Resetting the passwords by pressing the Clear button
Restoring the factory default configuration by using the Reset+Clear button combination.
Gaining management access to the switch by having physical access to the switch itself

When security is important

Some customers require a high level of security for information. For example, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires that systems handling and transmitting confidential medical records must be secure.

It used to be assumed that only system and network administrators would be able to get access to a network switch because switches were typically placed in secure locations under lock and key. For some customers this is no longer true. Others simply want the added assurance that even if someone did manage to get to the switch that data would still remain secure.

If you do not invoke front panel security on the switch, user defined passwords can be deleted by pushing the Clear button on the front panel. This function exists so that if customers forget the defined passwords they can still get back into the switch and reset the passwords. This does, however, leave the switch vulnerable when it is located in an area where non-authorized people have access to it. Passwords could easily be cleared by pressing the Clear button. Someone who has physical access to the switch can be able to erase the passwords (and possibly configure new passwords) and take control of the switch.

As a result of increased security concerns, customers now have the ability to stop someone from removing passwords by disabling the Clear and/or Reset buttons on the front of the switch.

Front-panel button functions

The System Support Module (SSM) of the switch includes the system Reset button and the Clear button. When using redundant management, the system Reset button reboots the entire chassis. (See "Resetting the Management Module" in the Management and Configuration Guide for more information on resetting the management modules in a redundant management switch.)

Front panel button locations on an HP 8212zl switch

Clear button

Pressing the clear button alone for one second resets the passwords configured on the switch.

Press the Clear button for one second to reset passwords

Reset button

Pressing the Reset button alone for one second causes the switch to reboot.

Press and hold the Reset button for one second to reboot the switch

Configuring front panel security

Syntax

show front-panel-security

Displays the current front panel security settings:

clear password

Shows the status of the Clear button on the front panel of the switch. Enabled means that pressing the Clear button erases the local user names and passwords configured on the switch (and thus removes local password protection from the switch.) Disabled means that pressing the Clear button does not remove the local user names and passwords configured on the switch.

Default: Enabled

reset-on-clear shows the status of the option enabled or disabled. When reset-on-clear is disabled and the commandclear password is enabled, then pressing the Clear button erases the local user names and passwords from the switch. When reset-on-clear command is enabled, pressing the Clear button erases the local user names and passwords from the switch and reboots the switch. Enabling reset-on-clear automatically enables the clear-password command.

Default: Disabled.

NOTE: If you have stored security credentials (including the local manager and operator user names and passwords) to the running config file by entering the include-credentials command, the reset-on-clear option is ignored. If you press the Clear button on the front panel, the manager and operator user names and passwords are deleted from the startup configuration file, but the switch does not reboot.

factory reset

Shows the status of the system Reset button on the front panel of the switch. Enabled means that pressing the system Reset button reboots the switch and also enables the system Reset button to be used with the Clear button. See Restoring the factory default configuration to reset the switch to its factory-default configuration.

Default: Enabled.

password recovery

Shows whether the switch is configured with the ability to recover a lost password. See Recovering passwords. Default: Enabled.

CAUTION: Disabling this option removes the ability to recover a password on the switch. Disabling this option is an extreme measure and is not recommended unless you have the most urgent need for high security. If you disable password-recovery and then lose the password, you must use the Reset and Clear buttons, see Restoring the factory default configuration to reset the switch to factory default configuration and create a new password.

Using this command from the global configuration context in the CLI you can:

Disable or re-enable the password clearing function of the Clear button. Disabling the Clear button means that pressing it does not remove local password protection from the switch. This action affects the Clear button when used alone, but does not affect the operation of the Reset+Clear combination described under Restoring the factory default configuration.
Configure the Clear button to reboot the switch after clearing any local user names and passwords. This provides an immediate, visual means (plus an Event Log message) for verifying that any user names and passwords in the switch have been cleared.
Modify the operation of the Reset+Clear combination, see Restoring the factory default configuration so that the switch still reboots, but does not restore the switch factory default configuration settings. (Use of the Reset button alone, to simply reboot the switch, is not affected.)
Disable or re-enable password recovery.

Example

executing show front-panel-security produces the following output when the switch is configured with the default front panel security settings.

The default front-panel security settings

Disabling the clear password function of the Clear button

Syntax

[no]front-panel-security password-clear

In the factory-default configuration, pressing the Clear button on the switch front panel erases any local user names and passwords configured on the switch. This command disables the password clear function of the Clear button, so that pressing it has no effect on any local user names and passwords.

For redundant management systems, this command only affects the active management module.

Default: enabled.


	NOTE: Although the Clear button does not erase passwords when disabled, you can still use it with the Reset button, Reset+Clear, to restore the switch to its factory default configuration, as described under Restoring the factory default configuration.

This command displays a Caution message in the CLI. If you want to proceed with disabling the Clear button, type [Y]; otherwise type [N]. For example:

Disabling the Clear button and displaying the new configuration

Setting the Clear button functionality

Syntax

[no]front-panel-security password-clear reset-on-clear

This command does both of the following:

Re-enables the password clearing function of the Clear button on the switch front panel.

Specifies whether the switch reboots if the Clear button is pressed.

To re-enable the password clear function, you must also specify whether to enable or disable the reset-on-clear option.

Defaults:

password-clear: Enabled.

reset-on-clear: Disabled.

To enable password-clear with reset-on-clear disabled

[no]front-panel-security password-clear reset-on-clear

To enable password-clear with reset-on-clear also enabled

front-panel-security password-clear reset-on-clear

Either form of the command enables password-clear.

For redundant management systems, this command only affects the active management module.


	NOTE: If you disable `password-clear` and also disable the `password-recovery` option, you can still recover from a lost password by using the Reset+Clear button combination at reboot. Although the Clear button does not erase passwords when disabled, you can still use it with the Reset button (Reset+Clear) to restore the switch to its factory default configuration. You can then get access to the switch to set a new password.

Example

Suppose password-clear is disabled and you want to restore it to its default configuration (enabled, with reset-on-clear disabled).

Re-enabling the Clear button's default operation

Changing what the Reset+Clear button combination does

In their default configuration, using the Reset+Clear buttons in the combination described under Restoring the factory default configuration replaces the switch current startup-config file with the factory default startup-config file, then reboots the switch and removes local password protection.


	WARNING! This means that anyone who has physical access to the switch could use this button combination to replace the switch current configuration with the factory-default configuration, and render the switch accessible without the need to input a user name or password.

You can use the factory-reset command to prevent the Reset+Clear combination from being used for this purpose.

Syntax

[no]front-panel-security factory-reset

Disables or re-enables the following functions associated with using the Reset+Clear buttons in the combination described under Restoring the factory default configuration:

Replacing the current startup-config file with the factory default startup-config file

Clearing any local user names and passwords configured on the switch

Default: Both functions enabled.

For redundant management systems, this command only affects the active management module.

NOTE: The Reset+Clear button combination always reboots the switch, regardless of whether the [no] form of the command has been used to disable the above two functions. Also, if you disable factory-reset, you cannot disable the password-recovery option, and the reverse.

Example of disabling the factory reset option

Restoring the factory default configuration

You can also use the Reset button together with the Clear button (Reset+Clear) to restore the factory default configuration for the switch. To do this:

Press and hold the Reset button.
While holding the Reset button, press and hold the Clear button.
Release the Reset button.
When the Test LED to the right of the Clear button begins flashing, release the Clear button.

It takes approximately 20-25 seconds for the switch to reboot. This process restores the switch configuration to the factory default settings.

Enabling and disabling password recovery

Disabling the password recovery process means that the only method for recovering from a lost manager user name and password is to reset the switch to its factory-default configuration, removing any non-default configuration settings.


	CAUTION: Disabling `password-recovery` requires that `factory-reset` be enabled, and locks out the ability to recover a lost manager user name and password on the switch. In this event, there is no way to recover from a lost manager user name/password situation without resetting the switch to its factory default configuration. This can disrupt network operation and make it necessary to temporarily disconnect the switch from the network to prevent unauthorized access and other problems while it is being reconfigured. Also, with `factory-reset` enabled, unauthorized users can use the Reset +Clear button combination to reset the switch to factory default configuration and gain management access to the switch.

Syntax

[no]front-panel-security password-recovery

Enables or disables the ability to recover a lost password.

When enabled the switch allows management access through the password recovery process described below. This provides a method for recovering from lost manager user names and passwords.

When disabled the password recovery process is disabled and the only way to regain management access to the switch is to use the Reset+Clear button combination. See Restoring the factory default configuration to restore the switch to its factory default configuration.

Default: Enabled.


	NOTE: To disable `password-recovery`: You must have physical access to the front panel of the switch. The `factory-reset` replaceable must be enabled (the default).

For redundant management systems, this command only affects the active management module.

To disable password-recovery

Set the CLI to the global interface context.
Use show front-panel-security to determine whether the factory-reset replaceable is enabled. If it is disabled, use the front-panel-security factory-reset command to enable it.
Press and release the Clear button on the front panel of the switch.
Within 60-seconds of pressing the Clear button, enter the following command:

[no]front-panel-security password-recovery
Do one of the following after the CAUTION message appears:
- If you want to complete the command, press [Y] (for "Yes").
- If you want to abort the command, press [N] (for "No")

Example

Example of the steps for disabling password-recovery

Recovering passwords

If you lose the manager user name/password with password-recovery enabled, use the password recovery process to gain management access to the switch with an alternate password supplied by HP Networking Support.


	NOTE: Disabled `password-recovery` locks out the ability to recover a manager user name/password pair on the switch. The only way to recover from this is to use the Reset+Clear button combination described under Restoring the factory default configuration. This disrupts network operation and necessitates temporarily disconnecting the switch from the network to prevent unauthorized access and other problems while it is being reconfigured.

To recover a lost password:

Note the switch base MAC address. It is shown on the label located on the upper right front corner of the switch.
Contact HP Networking Support for further assistance.
Using the switch MAC address. HP Networking Support generates and provides a "one-time use" alternate password to gain management access to the switch. Once you gain access, configure a new, known password.


	NOTE: The alternate password provided by HP Networking Support is valid only for a single login attempt. You cannot use the same "one-time-use" password if you lose the password a second time. Because the password algorithm is randomized based upon your switch MAC address, the password changes as soon as you use the "one-time-use" password provided by HP Networking Support .

Password recovery

The password recovery feature is enabled by default and provides a method for regaining management access to the switch (without resetting the switch to its factory default configuration) in the event that the system administrator loses the local manager user name or password. Using the password recovery feature requires:

password-recovery enabled (the default) on the switch prior to an attempt to recover from a lost user name/password situation
Contacting HP Networking Support to acquire a one-time-use password.

prev	up	next
Setting an encrypted password	home	Saving user name and password security


	NOTE: If you have stored security credentials (including the local manager and operator user names and passwords) to the running config file by entering the `include-credentials` command, the `reset-on-clear` option is ignored. If you press the Clear button on the front panel, the manager and operator user names and passwords are deleted from the startup configuration file, but the switch does not reboot.


	CAUTION: Disabling this option removes the ability to recover a password on the switch. Disabling this option is an extreme measure and is not recommended unless you have the most urgent need for high security. If you disable `password-recovery` and then lose the password, you must use the Reset and Clear buttons, see Restoring the factory default configuration to reset the switch to factory default configuration and create a new password.


	NOTE: The Reset+Clear button combination always reboots the switch, regardless of whether the `[no]` form of the command has been used to disable the above two functions. Also, if you disable `factory-reset`, you cannot disable the `password-recovery` option, and the reverse.