Disable Console port

Unanswered Question
May 9th, 2010
User Badges:

Hi




/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

I need to completely disable consol port on all Cisco products for some security reason


can anyone tell me how can i done this ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Mon, 05/10/2010 - 07:25
User Badges:
  • Cisco Employee,

The console/aux port is very important for the routers in order to do password recovery etc.


You can disable it by doing:

Router(config)# line aux 0
Router(config-line)# no exec


You can also set a password for it if you don't want to disable i:

Router(config)# line aux 0
Router(config-line)# password xxx
Router(config-line)# login
Router(config-line)# end


I hope it helps.


PK

Ganesh Hariharan Thu, 05/13/2010 - 02:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi




I need to completely disable consol port on all Cisco products for some security reason


can anyone tell me how can i done this ?

As suggested the no exec command disables all EXEC sessions to the router via that port.If you issue this command on the console port of the router because it will disallow all exec sessions to the router's console port.


Hope to Help !!


Ganesh.H

Richard Burts Sun, 06/06/2010 - 15:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mahdi


Your original post said that you need to do this for ALL Cisco equipment. Since you do not indicate what Cisco equipment that you have this is a very broad set of equipment. I doubt that there is any answer that will work for ALL Cisco equipment. For IOS based equipment there is a single solution that works. If your requirement is to disable the console port then no exec is the way to disable it.


I would join with PK in asking you to think carefully before you do this. Access to the console port is an important part of the troubleshooting process for some problems. I have a customer who has a pair of routers that recently went through a power failure. When power was restored the routers did not come back on line. The switches to which they were connected indicated that the switch ports were not connected, so there was some issue on the router side. The only access that we had to the routers was through the console port. If we had not had console access I am not sure how we would have resolved this problem. So I suggest that you weigh carefully whatever requirement leads you to disable all console access againt the loss of a potentially valuable troubleshooting tool.


HTH


Rick

Actions

This Discussion