11-26-2007 05:34 PM - edited 03-05-2019 07:38 PM
What are some other security measures I could take on the line console 0 besides physical security and local login? Could I change the baud speed? Could I change or disable the break sequence? Could I disable password recovery? Thanks in advance.
Solved! Go to Solution.
11-28-2007 11:46 AM
I don't have a Catalyst 4500 to test on but I believe you can change the config-register in config mode.
I just tried in a 6500,
(config)#config-register ?
<0x0-0xFFFF> Config register number
11-26-2007 06:35 PM
Physical security and local login should cover it. If you can, implement ACS or RADIUS for external account management - authentication and accounting.
Don't bother with disabling password recovery, it's more hassle than it's worth.
11-28-2007 07:47 AM
So there's really no way to protect the console connection from the break sequence after a hard restart? Just in case someone does get access or a disgruntled tech employee. I was able to change the baud speed, so now you have to match the speed, but does that only take effect after the start config is loaded. Thanks.
11-28-2007 08:24 AM
Yes, with the config-register
Proceed with caution...
11-28-2007 10:43 AM
Just what I need! Thanks. One last question if you dont mind, I just want to confirm, in order to edit these configs I need to be in rommon mode, not while running in the ios? If so I need to reboot the switch and proceed with the break seq? Thanks again Edison.
11-28-2007 11:46 AM
I don't have a Catalyst 4500 to test on but I believe you can change the config-register in config mode.
I just tried in a 6500,
(config)#config-register ?
<0x0-0xFFFF> Config register number
11-28-2007 05:28 PM
well I think I have enough info to mess up something. thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: