Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1909
Views
0
Helpful
1
Comments

Enabling ROMmon security to prevent a person without physical access to the router from viewing the configuration file (no service password-recovery command)

TCC_2
Level 10
Level 10

‎06-18-2009 03:53 PM - edited ‎03-01-2019 03:41 PM

Core Issue

ROM Monitor (ROMmon) security is designed to prevent a person with physical access to the router from viewing the configuration file. ROMmon security disables access to the ROMmon so that a person cannot set the configuration register to ignore the startup configuration. ROMmon security is enabled when the router is configured with the no service password-recovery command.

Note: Because password recovery using ROMmon security involves destroying the configuration, it is recommended that you save the router configuration somewhere off the router, such as on a TFTP server.

If a router is configured with the no service password-recovery command, this disables all access to the ROMmon. If there is no valid Cisco IOS  Software image in the Flash memory of the router, the user will not be able to use the ROMmon XMODEM command to load a new Flash image. To fix the router, you must get a new Cisco IOS Software image on a Flash SIMM or on a Personal Computer Memory Card Industry Association (PCMCIA) card (for example, on the 3600 series routers).

In order to minimize this risk, a ROMmon security user should also use dual Flash bank memory and put a backup Cisco IOS Software image in a separate partition.

Resolution

For more information on the no service password-recovery command, refer to "No service password-recovery" command for Secure ROMMON Configuration Example.

Problem Type

Password recovery

0 Helpful
Comments
elettromeccanica
Community Member
‎10-02-2009 06:05 AM

no service password-recovery command has been configured on my router, so the break sequence will no longer work in order to get to ROM Monitor (ROMmon) mode to perform a password recovery. I have followed more Cisco documents that explain the procedure to restore the default factory configuration, but none of them works.

http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.html

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a00801d8113.shtml

The system doesn't react to the receipt of the command "break".

My router is 877 with IOS 12.4(9)T5, and bootstrap 12.3(8r)Y14.

How can I restore factory configuration?

Thanks in advance.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents