?
Solved

cisco how to disable password recovery?

Posted on 2004-08-17
10
Medium Priority
?
923 Views
Last Modified: 2008-03-03
I have the following router
IOS (tm) C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
How do I disable password-recovery service?

I tried
#no service password-recovery
                                               ^
% Invalid input detected at '^' marker.

but it doesnt work. Any help would be appreciated.

Tom
0
Comment
Question by:T0masz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11825379
Hi T0masz,
Do you mean as in the password recovery procedure?

To disable it don't have a cable plugged into the console port and have the router located in a secure location so normal users can't gain physical access to it.
0
 

Author Comment

by:T0masz
ID: 11825453
Well nobody has access to it but still, I want to enable this feature and for some reason I cant, is it just not there in the  831s ios?

Tom
0
 

Author Comment

by:T0masz
ID: 11825486
ah and yes I ment the password recovery procedure.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 36

Expert Comment

by:grblades
ID: 11825511
It is not an IOS feature. It is a feature of the boot ROM that starts the IOS operating system and is the equivilent of the BIOS in a normal conputer.
It is always enabled and cannot be disabled.
0
 

Author Comment

by:T0masz
ID: 11825715
Yes it can, I have it disabled on all my routers 2500/3600.... just not the 831 I guess this one doesnt have this feature... can anyone confirm this? Any other way of locking it to prevent console access? I have people comming to do maintenance and etc and they have access to the rack... I have to have it disabled.

Tom
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 11825972
No service password recovery is only available on

*Cisco 2691, 3631, 3725, and 3745 Routers—no minimum ROMMON or Cisco IOS® software requirements
*Cisco 3600 Series Routers—Minimum ROMMON version 11.1(17)AA (orderable as BOOT-3600=) Minimum Cisco IOS Software Release 11.2(12)P or 11.3(3)T
*Cisco 2600 Series Routers—all ROMMON and Cisco IOS software versions
*Cisco 1700 Series Routers—requires minimum ROMMON 12.1(5r)T1. This is not orderable as a spare, so you cannot upgrade an existing 1720 or 1750. All 1710 and 1751 routers should have this ROMMON.

Looks like it's not available on 800 series.

-Don
0
 

Author Comment

by:T0masz
ID: 11826323
I was afraid of that.... but oh well... Ill superglue the console port hehe ;>

Thanks.
Tom
0
 

Expert Comment

by:parshal
ID: 11846467
You can give it an absurd console password or set the timeout value to something like 1 second.  This will effectively disable the port until the maintenance people leave.
0
 

Author Comment

by:T0masz
ID: 11846675
well if you boot it up to password recovery you can change that.... PS how do i set the timeout only for the console?

Tom
0
 

Expert Comment

by:parshal
ID: 11848153
True, someone could do a password recovery.  I would set an absurdly long password on the console port and change the timeout.  

To set the timeout:

line con 0
 exec-timeout 0 1

I've never set it to one second before but I've accidentally set it to 20 seconds instead of 20 minutes so I know it will take a very short time.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question