Physical hardware can be secured simply by limiting access to the hardware and recording serial numbers.
Restrict access
Install the switch in a locked, restricted access area.
If equipment is installed in a rack with a locking door, keep the door secured at all times.
Restrict access to switch fabric and network connections. Besides the switch, this also protects the peer nodes.
Restrict access to serial consoles at the switch itself and not beyond a secure perimeter. Do not use terminal servers or port concentrators. Serial consoles permit greater privileges to user management, and error and debug messaging. These messages inadvertently provide clues that enable malicious intrusion and compromise security. Serial consoles are not encrypted and in that aspect are less secure than SSH connections.
Restrict access to power supplies, fan modules, and transceivers in particular because they can be easily removed.
Store spare replaceable components in a locked cabinet. Allow access to the locked cabinet by authorized personnel only.
Record serial numbers
Security-mark all significant items including replaceable components. Use special ultraviolet pens or embossed labels.
Keep a serial number record of all your hardware.
Keep copies of invoices, purchasing records, and licenses in a secure location that is easily accessible to the system manager during system emergencies. These printed documents might be the only proof of ownership.