04-11-2008 12:31 AM - edited 03-09-2019 08:29 PM
Hi there, I'm new here.
I'm a trainee in Germany and currently in a project that involves Ciscos 870 Router series.
We (our project-group) have a security issue, which we can't solve.
As mentioned above, we configured "no service password-recovery" as it is our intention to isolate the config inside the router in case it gets intruded.
The problem with that is, that the router isn't reacting to any break-sequence, like it is mentioned in the "no service password-recovery" manual (http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gtnsvpwd.html).
We even connected the router via an async interface to have a telnet-connection instead of a direct console-port connection via COM1, but that changed anything.
With "no service password-recovery" configured, we can't get into the ROMMON.
It works well, if we try that with the default settings.
Is this feature (to its full extend) simply not suported on 876 Routers?
The ROMMON version is 12.3.
04-14-2008 05:24 AM
The porpuse of this command is that. You can not get access to ROMMON if you use the no service password-recovery.
04-14-2008 09:52 PM
No, that's not right.
It IS possible to enter the ROMMON with
"service password-recovery" disabled.
Read the link I mentioned above, there it says:
"To recover a device once the No Service Password-Recovery feature has been enabled, press the Break key within 5 seconds after the image decompresses during the boot. You are prompted to confirm the Break key action. When you confirm the action, the startup configuration is erased, the password-recovery procedure is enabled, and the router boots with the factory default configuration.
If you do not confirm the Break key action, the router boots normally with the No Service Password-Recovery feature enabled."
And that's basically all I want to do, unfortunately that doesn't work.
04-15-2008 03:31 AM
If it would be true the "no service password-recovery" command has no action. This command is right for this porpuse, not allowing people to recover password even with fisical access to the device. If you could do it this command would be useless.
But you are right the link you posted had this words saying "to recover a device...." but the same document says if you issue the "no service password-recovery" there is no way to get in ROMMON. So it's difficul to say which one is right
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide