Disable Console port

Unanswered Question
May 9th, 2010

Hi

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

I need to completely disable consol port on all Cisco products for some security reason


can anyone tell me how can i done this ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 05/10/2010 - 07:25

The console/aux port is very important for the routers in order to do password recovery etc.

You can disable it by doing:

Router(config)# line aux 0
Router(config-line)# no exec

You can also set a password for it if you don't want to disable i:

Router(config)# line aux 0
Router(config-line)# password xxx
Router(config-line)# login
Router(config-line)# end

I hope it helps.

PK

Ganesh Hariharan Thu, 05/13/2010 - 02:52

Hi

I need to completely disable consol port on all Cisco products for some security reason


can anyone tell me how can i done this ?

As suggested the no exec command disables all EXEC sessions to the router via that port.If you issue this command on the console port of the router because it will disallow all exec sessions to the router's console port.

Hope to Help !!

Ganesh.H

Richard Burts Sun, 06/06/2010 - 15:12

Mahdi

Your original post said that you need to do this for ALL Cisco equipment. Since you do not indicate what Cisco equipment that you have this is a very broad set of equipment. I doubt that there is any answer that will work for ALL Cisco equipment. For IOS based equipment there is a single solution that works. If your requirement is to disable the console port then no exec is the way to disable it.

I would join with PK in asking you to think carefully before you do this. Access to the console port is an important part of the troubleshooting process for some problems. I have a customer who has a pair of routers that recently went through a power failure. When power was restored the routers did not come back on line. The switches to which they were connected indicated that the switch ports were not connected, so there was some issue on the router side. The only access that we had to the routers was through the console port. If we had not had console access I am not sure how we would have resolved this problem. So I suggest that you weigh carefully whatever requirement leads you to disable all console access againt the loss of a potentially valuable troubleshooting tool.

HTH

Rick

Actions

This Discussion