Breaking 3750/3560 remotely (only serial and power access)
I'm trying to set up a remote lab and I'm stuck on a very stupid problem:
I need to ensure I'll still have an access to the devices in the lab even after studends possibly set/change passwords / play with aaa, etc.
So, I need to be able to drop into rommon with just a remote power switch and a serial line. No physical access at all.
This is ok for Routers, A break tunneled through the terminal server to the serial port of the router during the bootup will do it.
It is ok too for some switches(i.e. 2960): I found the command "boot enable-break" that (surprinsingly) allows to drop into rommon from serial during bootup using a break. fine.
It seems to be ok for yet some other switches (i.e. 6500 hybrid...): removing 0x0100 from the config-register removes the "ignore-break" flag.
It is not ok with the switches I mainly deal with: 3560 and 3750:
- using "(config)# boot enable-break" will correctly set the variable ENABLE_BREAK, but the device will not be breakable (break is just ignored: furthermore, the boot enable-break which is in all documentation for these devices is also in the Unsupported commands list...).
- using "rommon> confreg 0x..." won't work as there is no such keyword available in rommon.
- using "(config)# set boot config-register 0x..." won't work, the command is not recognized by IOS.
- using "rommon> set CONFIG_REGISTER 0x... doesn't seem to have any effect. and the config-register in show ver is still 0xF
Is there a savior out there that would know an alternative ? the only solution I'm left with would be a robot moving along the rack pushing "mode" buttons while rebooting devices... I'm kind of depressed ;-)
Did you ever find a solution to this problem? I'm in a similar boat. We have 3560 switches all around our plant, many of which are only accessible via a scissor lift. True out of band management shouldn't necessitate that one resort to desperate hacks like using solenoid actuators to push buttons.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.