Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

password recovery

Status
Not open for further replies.

directlyconnected

Technical User
Feb 11, 2006
86
US
Is there a way to prevent unwanted users that have direct access to a Cisco router (or switch) from establishing a console session, say from a laptop, and doing a password recovery? Ponder this whilst I taketh my beauty nap. Thankseth

Tim
 
In short.. no.

If someone has direct console access to some Cisco gear then they can always do a password recovery by powering off the equipment and using the console port for direct access. That is one of the main reasons for keeping high standards of physical security around networking gear. You can have a million dollar redundant network, but if someone can walk in and turn it off then what good is it?

 
You can try the configuration command "no service password-recovery" but I wouldn't recommend it unless you absolutely had to use it. It can make life rather difficult for you in certain situations. Look it up on CCO and make sure you're willing to live with the consequences if you try it.
 
can you not setup a password on the console port, sure I've read this somewhere !"

yes you can and you definately should do this. However this will not prevent someone from doing a pw recovery. First you need to do for pw recovery is switch off the device and boot it up again

CCNA, CCNP..partly ;)
 
That's where PHYSICAL SECURITY comes in. You've got to physically lock up all of your stuff: racks, cabinets, datacenter, building, etc, etc....
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top