Solved

cisco how to disable password recovery?

Posted on 2004-08-17
10
913 Views
Last Modified: 2008-03-03
I have the following router
IOS (tm) C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
How do I disable password-recovery service?

I tried
#no service password-recovery
                                               ^
% Invalid input detected at '^' marker.

but it doesnt work. Any help would be appreciated.

Tom
0
Comment
Question by:T0masz
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11825379
Hi T0masz,
Do you mean as in the password recovery procedure?

To disable it don't have a cable plugged into the console port and have the router located in a secure location so normal users can't gain physical access to it.
0
 

Author Comment

by:T0masz
ID: 11825453
Well nobody has access to it but still, I want to enable this feature and for some reason I cant, is it just not there in the  831s ios?

Tom
0
 

Author Comment

by:T0masz
ID: 11825486
ah and yes I ment the password recovery procedure.
0
 
LVL 36

Expert Comment

by:grblades
ID: 11825511
It is not an IOS feature. It is a feature of the boot ROM that starts the IOS operating system and is the equivilent of the BIOS in a normal conputer.
It is always enabled and cannot be disabled.
0
 

Author Comment

by:T0masz
ID: 11825715
Yes it can, I have it disabled on all my routers 2500/3600.... just not the 831 I guess this one doesnt have this feature... can anyone confirm this? Any other way of locking it to prevent console access? I have people comming to do maintenance and etc and they have access to the rack... I have to have it disabled.

Tom
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 11825972
No service password recovery is only available on

*Cisco 2691, 3631, 3725, and 3745 Routers—no minimum ROMMON or Cisco IOS® software requirements
*Cisco 3600 Series Routers—Minimum ROMMON version 11.1(17)AA (orderable as BOOT-3600=) Minimum Cisco IOS Software Release 11.2(12)P or 11.3(3)T
*Cisco 2600 Series Routers—all ROMMON and Cisco IOS software versions
*Cisco 1700 Series Routers—requires minimum ROMMON 12.1(5r)T1. This is not orderable as a spare, so you cannot upgrade an existing 1720 or 1750. All 1710 and 1751 routers should have this ROMMON.

Looks like it's not available on 800 series.

-Don
0
 

Author Comment

by:T0masz
ID: 11826323
I was afraid of that.... but oh well... Ill superglue the console port hehe ;>

Thanks.
Tom
0
 

Expert Comment

by:parshal
ID: 11846467
You can give it an absurd console password or set the timeout value to something like 1 second.  This will effectively disable the port until the maintenance people leave.
0
 

Author Comment

by:T0masz
ID: 11846675
well if you boot it up to password recovery you can change that.... PS how do i set the timeout only for the console?

Tom
0
 

Expert Comment

by:parshal
ID: 11848153
True, someone could do a password recovery.  I would set an absurdly long password on the console port and change the timeout.  

To set the timeout:

line con 0
 exec-timeout 0 1

I've never set it to one second before but I've accidentally set it to 20 seconds instead of 20 minutes so I know it will take a very short time.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now