Hello guys! Who now, how I can to rise (do some advance) security on console port. Command "no service password-recovery" don't work. IOS on my switch : /c2500-i-l.121-18.bin and I must not to update IOS. Maybe exist some methods to make advanced security, because some people crashed config from switch through console and I want to block this with maximum security, but not to block the port. For example I have done : "exec-timeout 0 1" maybe I can do some think else?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
console security
- Thread starter MaxDm
- Start date
How have you tested "no service password-recovery"? It will not show up in the config...
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
- Thread starter
- #3
Yes, I now that this command I can't to see it in my config. Hear what I have :
slon(config)#no service password-recovery
^
% Invalid input detected at '^' marker.
slon(config)#
slon(config)#no service password-?
password-encryption
slon(config)#exit
slon#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(18), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 02-Dec-02 23:45 by kellythw
Image text-base: 0x03041E94, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
slon uptime is 4 days, 23 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:/c2500-i-l.121-18.bin"
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 22648056, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
slon#
but on another router I haven't this problem:
slon(config)#no service password-recovery
^
% Invalid input detected at '^' marker.
slon(config)#
this command was applied and I didn't saw some errors, but not visible in running config, this I now.
slon(config)#no service password-recovery
^
% Invalid input detected at '^' marker.
slon(config)#
slon(config)#no service password-?
password-encryption
slon(config)#exit
slon#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(18), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 02-Dec-02 23:45 by kellythw
Image text-base: 0x03041E94, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c)XB2, PLATFORM SPECIFIC RELEASE SOFTWARE (fc1)
slon uptime is 4 days, 23 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:/c2500-i-l.121-18.bin"
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 22648056, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
slon#
but on another router I haven't this problem:
slon(config)#no service password-recovery
^
% Invalid input detected at '^' marker.
slon(config)#
this command was applied and I didn't saw some errors, but not visible in running config, this I now.
That image will not support the command. You can try
slon(config)#login block-for xxx
but I doubt that will work. You can lock the door to the wiring closet
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
slon(config)#login block-for xxx
but I doubt that will work. You can lock the door to the wiring closet
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
- Thread starter
- #5
Yes, It's it's good idea for locking door to the wiring closet))) But this router stay no in our wiring closet, and some very clever man had a good idea to practice something whis my router... I have done "exec-timeout 0 1" and "login" without some password... I think It's will be ok, but maybe you have also some ideas for blocking.
slon(config)#login block-for xxx - it's not bad, but I now it is only for vty lines?
slon(config)#login block-for xxx - it's not bad, but I now it is only for vty lines?
- Status
Similar threads
- Locked
- Question