Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

How to disable recovery procedure on a router for security reason

I want to disable the password recovery procedure on a Cisco router (i.e.: if i leave a router "alone" the users can't do the recovery procedure with the break caracter at the startup), is there a rommon configuration or a Jumper ?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: How to disable recovery procedure on a router for security r

There is an undocumneted command ' no service password-recovery'

5 REPLIES
Silver

Re: How to disable recovery procedure on a router for security r

There is an undocumneted command ' no service password-recovery'

New Member

Re: How to disable recovery procedure on a router for security r

Since IOS 12.3 the 'no service password-recovery' command is no longer undocumented. It´s official now.

Does someone know, in which IOS the undocumented 'no service password-recovery' command was integrated first?

Thanks,

Kai

New Member

Re: How to disable recovery procedure on a router for security r

I do not believe that there is any way to do this. The best that you can try is to change the console baud rate in rom-monitor, but this is just obfuscation. The only way that I can see to accomplish this is to fill the console port with epoxy or unsolder the console and aux ports from the board. NB: I strongly recommend against any of the above procedures. If people have physical access to the router, you will always be at risk. If soneone has physical access, they can sniff traffic off the ethernet, install a v.35 / fddi / whatever splitter nad sniff wan traffic, or they could just walk off with the while device. Your time and effort would be better served securing access to the space where the device is.

Green

Re: How to disable recovery procedure on a router for security r

Warran has nailed it.

Without physical security, anything else is just part of the delay loop.

(IMHO)

Scott

New Member

Re: How to disable recovery procedure on a router for security r

I totally agree,

We have started locking all of our gear in secure cabinets. Until recently only about half of our gear was secure, so any kid/person who knew enough to read a few pdf's could have access to our entire network. lock them down...

202
Views
0
Helpful
5
Replies
CreatePlease to create content