[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

cisco how to disable password recovery?

Posted on 2004-08-17
10
Medium Priority
?
929 Views
Last Modified: 2008-03-03
I have the following router
IOS (tm) C831 Software (C831-K9O3Y6-M), Version 12.3(2)XC, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
How do I disable password-recovery service?

I tried
#no service password-recovery
                                               ^
% Invalid input detected at '^' marker.

but it doesnt work. Any help would be appreciated.

Tom
0
Comment
Question by:T0masz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11825379
Hi T0masz,
Do you mean as in the password recovery procedure?

To disable it don't have a cable plugged into the console port and have the router located in a secure location so normal users can't gain physical access to it.
0
 

Author Comment

by:T0masz
ID: 11825453
Well nobody has access to it but still, I want to enable this feature and for some reason I cant, is it just not there in the  831s ios?

Tom
0
 

Author Comment

by:T0masz
ID: 11825486
ah and yes I ment the password recovery procedure.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 36

Expert Comment

by:grblades
ID: 11825511
It is not an IOS feature. It is a feature of the boot ROM that starts the IOS operating system and is the equivilent of the BIOS in a normal conputer.
It is always enabled and cannot be disabled.
0
 

Author Comment

by:T0masz
ID: 11825715
Yes it can, I have it disabled on all my routers 2500/3600.... just not the 831 I guess this one doesnt have this feature... can anyone confirm this? Any other way of locking it to prevent console access? I have people comming to do maintenance and etc and they have access to the rack... I have to have it disabled.

Tom
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 11825972
No service password recovery is only available on

*Cisco 2691, 3631, 3725, and 3745 Routers—no minimum ROMMON or Cisco IOS® software requirements
*Cisco 3600 Series Routers—Minimum ROMMON version 11.1(17)AA (orderable as BOOT-3600=) Minimum Cisco IOS Software Release 11.2(12)P or 11.3(3)T
*Cisco 2600 Series Routers—all ROMMON and Cisco IOS software versions
*Cisco 1700 Series Routers—requires minimum ROMMON 12.1(5r)T1. This is not orderable as a spare, so you cannot upgrade an existing 1720 or 1750. All 1710 and 1751 routers should have this ROMMON.

Looks like it's not available on 800 series.

-Don
0
 

Author Comment

by:T0masz
ID: 11826323
I was afraid of that.... but oh well... Ill superglue the console port hehe ;>

Thanks.
Tom
0
 

Expert Comment

by:parshal
ID: 11846467
You can give it an absurd console password or set the timeout value to something like 1 second.  This will effectively disable the port until the maintenance people leave.
0
 

Author Comment

by:T0masz
ID: 11846675
well if you boot it up to password recovery you can change that.... PS how do i set the timeout only for the console?

Tom
0
 

Expert Comment

by:parshal
ID: 11848153
True, someone could do a password recovery.  I would set an absurdly long password on the console port and change the timeout.  

To set the timeout:

line con 0
 exec-timeout 0 1

I've never set it to one second before but I've accidentally set it to 20 seconds instead of 20 minutes so I know it will take a very short time.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question