Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎02-14-2017
Accepted Solution

Disabling "reset to factory default"

Sirs

for security reasons, I'd like to disable the possibility to perform both the "password recovery" and the "reset to factory default" (hardware and sfoftware) procedures.

 

More specifically, I'd like to configure my switch/router in order to completely "brick" it if you don't know any of the "legal" passwords.

In this manner, I'd like to

1) prevent the theft of the equipment (making it useless)

2) prevent attacks to my network performed using a "legal" hardware equipment but re-configured in a malicious way (by means of a factory reset and a subsequent  "bad" configuration)

 

Is there any parameter's configuration allowing my desired behaviour?

 

Thanks in advance

Have a nice day

Daniele

 

Brocade Moderator
Posts: 11
Registered: ‎01-04-2015

Re: Disabling "reset to factory default"

Hello sir,

 

As I know there have no command which will match your requirement. Could you please give us the product type you mentioned? I will help you check this problem again.

 

Thanks.

New Contributor
Posts: 2
Registered: ‎02-14-2017

Re: Disabling "reset to factory default"

Tx for your prompt answer.

I'm referring to some

 

Brocade Switch 5100 B

 

Have a nice day

Daniele

External Moderator
Posts: 4,809
Registered: ‎02-23-2004

Re: Disabling "reset to factory default"

dperucchini@fub.it

 

Daniele, I moved you Thread from Ethernet Switches & Router Forum into a correct Fiber Channel Forum since this is related to Brocade 5100 SAN switch, and not Ethernet Switch.

 

this is a common question, please use search option here in the community how to delete config, the same is descripted in FOS Admin Guide.

 

Due to wrong Post in the Forum the answer from @Nancy Tang was related to Ethernet Switches.

 

 

TechHelp24
Brocade Moderator
Posts: 185
Registered: ‎03-29-2011

Re: Disabling "reset to factory default"

Hi,

 

out of the box - not really. You should

 

1. Enable the boot prom password - if password recovery via boot, then contacting Brocade is necessary

 

To further lock down, disable root account and factory.

Use passwordCfg to set password policy enable locking of password (without auto lockout).

Further, using SCC to lock down the switches in the fabric, disabling unnecesary E-ports.

Disable inband access to the management server (ms*). 

 

And check out the FIPS mode - fipsCfg - from where the is no return.


Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.