Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

blocking password recovery

Hi

I want to block password recovery procedure ,what confreg do i use ?

Best Regards

farshid

12 REPLIES
Hall of Fame Super Silver

Re: blocking password recovery

You can't. If a knowledgable person has physical access to your network device, they can recover the passwords and 'own' it. The best you can do is log accesses and events remotely so you will know if the system has been compromised.

Re: blocking password recovery

Hi

You mite want to check this link for disabling the same..

http://www.cisco.com/en/US/partner/products/hw/routers/ps274/products_configuration_example09186a00801d8113.shtml

you can do it with no service password-recovery command in the global config mode..

but i dont suggest to do something inline with that..

regds

New Member

Re: blocking password recovery

Hi

thank u for your recommendations ,

no knowlgable person is gonna hae access to router,

and i think they only know basic key combinations for entering rommon , the only thing i need to do is to disbla break and Ctrl+break key combination .

and by the way the link you offered requires a previledged cco account and unfortunatly i don't have one .

Best Wishes

Farshid

Re: blocking password recovery

New Member

Re: blocking password recovery

Hi

i have just been checking the link u offered

when i tried to test the command (no service password-encryption) i foun out that the router does not support it .

the router that i am testing the command on , is a 3620 router , but the router that i want to disable password recovery is a 3745 router with its default ios , i wanna know if the 3745 router supports the command or not .

Thank you

Re: blocking password recovery

Hi

Its well mentioned in the link sent by me...

Cisco 2691, 3631, 3725, and 3745 Routers—no minimum ROMMON or Cisco IOS® software requirements

Cisco 3600 Series Routers—minimum ROMMON version 11.1(17)AA (orderable as BOOT-3600=) Minimum Cisco IOS Software Release 11.2(12)P or 11.3(3)T

Cisco 2600 Series Routers—all ROMMON and Cisco IOS software versions

Cisco 1700 Series Routers—requires minimum ROMMON 12.1(5r)T1. This is not orderable as a spare, so you cannot upgrade an existing 1720 or 1750. All 1710, and 1751 routers have this ROMMON.

Again its no service password-recovery not password-encryption...

regd

New Member

Re: blocking password recovery

Thank u very much

i realy do appreciate your help

i have got one more question ,is it possible to disable the console port so it does not respond to any connection even during startup ?

Re: blocking password recovery

Hi

Console access is very much reqd to troubleshoot or diagnoise booting issues or issues during startup.

AFAIK i dont think its possible to disable during the startup and its not a wise decision to do so.

Better i would suggest to configure with non guessable passwds to secure the access..

regds

New Member

Re: blocking password recovery

Hi

the reason that makes me do such a thing is, not to let anybody have access to router rommon ,

if there is any other solution preventing users from accessing rommon and changing config register, i would prefer that way .

Thanks

Re: blocking password recovery

Hi

Do check this link for more info in securing your router..

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

regds

New Member

Re: blocking password recovery

Thank u for your time kumar i hope your greatful in your life.

BestWishes

farshid.sh

Re: blocking password recovery

Hi

Good to hear that my post helped ur process out...

regds

252
Views
0
Helpful
12
Replies
CreatePlease to create content