Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

console access

can I restrict console access, one of the possible way is that it should be password protected but i don't think it is a reliable way to protect the access throug console as any one can access the router in the rom monitor mode and break the pssword. Is there any way to stop the access through rom monitor mode.

6 REPLIES
New Member

Re: console access

Hi, maybe you should consider using AAA to limit the access to the router from the console.

New Member

Re: console access

but AAA will work only if we will run the router in the normal mode and what is the security if someone can attempt to break the paasword in the rom monitor mode.

Silver

Re: console access

Unfortunately there is no security from someone cycling the router and breaking in in rommon, you have a few options

1. physically secure it under lock & key with restrivted access to the room.

2. thers is an undocumneted command no service password-recovery , this will prevent someone from gaining access via a pw recvovery , the down side it it also resticts you .

New Member

Re: console access

2nd option solves the problem very well but when I apply this command no body can access the rom monitor mode of the router even I. What will happen if someone accidently changes the password and forget it, So as long as I think the router will become useless or is there any way to recover it, I mean by replacing the hardware or any other trick.

Gold

Re: console access

"no service password-recovery" doesn't turn the router into a brick if you forget the password. What it does is prevent access to the router's startup-config. If you forget the password, you are required to wipe the configuration and start over. This is good if the router is in an untrusted location, because it prevents unauthorized users from "peeking" at your configuration even via the password-recovery procedure and possibly learning things like your private passwords, SNMP communities, AAA secrets, etc.

New Member

Re: console access

If someone forget the console or vty line access password how can he wipe the configuration as he will not get access to the router and if there is some way kindly let me know.

109
Views
10
Helpful
6
Replies
CreatePlease to create content