Introduction

For various security reasons it might be useful at times to completely inactivate auxiliary ports on devices, and by auxiliary ports we mean USB and SD.

While it is possible to temporarily disable auxiliary ports in software, these may be easily re-enabled later on.

What is meant to be achieved instead is complete inactivation of such ports with ability to bring them back to life when needed. Such procedures will require device to be restarted.

Auxiliary Port Management

example:/#> boot
example:/boot/#> show aux-port

[no] aux-port [PORT]

Activate or inactivate auxiliary port

For various security reasons it might be useful at times to completely inactivate auxiliary ports.

Depending on the system, following auxiliary ports may be present:

[USB] - a USB port [SD] - an SD-card port/slot

NOTE: Device must be restarted whenever configuration changes are introduced.

show aux-port command lists all available auxiliary ports together with their status.

• ACTUAL STATUS mirrors current status of auxiliary port;

• CONFIGURED STATUS represents latest user-configured status;

If ACTUAL STATUS is at variance with CONFIGURED STATUS - system must be restarted for desired effect to take place.

no aux-port usb command will disable usb port after restart of the OS. The same command without parameter will disable all available auxiliary ports on the system.

example:/boot/#> show aux-port


EXPANSION PORT     ACTUAL STATE     CONFIGURED STATE
usb                ENABLED          ENABLED

example:/boot/#> no aux-port usb


EXPANSION PORT     ACTUAL STATE     CONFIGURED STATE
usb                ENABLED          DISABLED (reboot required)

Running show aux-port after reboot presents user with updated status.

example:/boot/#> show aux-port


EXPANSION PORT     ACTUAL STATE     CONFIGURED STATE
usb                DISABLED         DISABLED