Re: How to only use USB and RAM on a Cisco device

P8834 · ‎06-16-2021

Hi

I have a fairly unusual question. I have a C1111X-8P router that I need to run directly from an USBdevice. So I can disable the internal flash.
So when I power off the unit and remove the USBdevice no traces of the configuration, IOS, VLAN, logs etc. is left in the router. Is this even possible?

I want to disable all permanent storage internally in the device.

balaji.bandi · ‎06-16-2021

Not that i am ware, instead you can Lock the device, if the stolen or hacked.

suggest to do hardening :

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leo Laohoo · ‎06-16-2021

@P8834 wrote:

I want to disable all permanent storage internally in the device.

What is the use case for this unusual requirement?

When a router is installed properly, it is very difficult to remove. If the config, for instance, resides in a USB stick it can easily get swiped without anyone knowing.

P8834 · ‎06-16-2021

It is for a system that is mobile, and when you bring it with you on a plane I want to be able to have the USB with me in person and not with the luggage going through different scans and people on the airport. If it's not possible I have to bring the whole router with the carrie-on luggage.

So it would be really nice if it's possible to do what I described above.

pieterh · ‎06-16-2021

investigate if it is possible (and workable) to configure the router to

- load IOS from tftp-server (boot variable)
- after |IOS is loaded, copy config from tftp to running-config

on your laptop run tftp a server for this, do not save config to flash do not install IOS to flash

Leo Laohoo · ‎07-04-2021

Very unusual case but it can be done.
Post the complete output to the command "sh boot".