11-26-2007 05:34 PM - edited 03-05-2019 07:38 PM
What are some other security measures I could take on the line console 0 besides physical security and local login? Could I change the baud speed? Could I change or disable the break sequence? Could I disable password recovery? Thanks in advance.
Solved! Go to Solution.
11-28-2007 11:46 AM
I don't have a Catalyst 4500 to test on but I believe you can change the config-register in config mode.
I just tried in a 6500,
(config)#config-register ?
<0x0-0xFFFF> Config register number
11-26-2007 06:35 PM
Physical security and local login should cover it. If you can, implement ACS or RADIUS for external account management - authentication and accounting.
Don't bother with disabling password recovery, it's more hassle than it's worth.
11-28-2007 07:47 AM
So there's really no way to protect the console connection from the break sequence after a hard restart? Just in case someone does get access or a disgruntled tech employee. I was able to change the baud speed, so now you have to match the speed, but does that only take effect after the start config is loaded. Thanks.
11-28-2007 08:24 AM
Yes, with the config-register
Proceed with caution...
11-28-2007 10:43 AM
Just what I need! Thanks. One last question if you dont mind, I just want to confirm, in order to edit these configs I need to be in rommon mode, not while running in the ios? If so I need to reboot the switch and proceed with the break seq? Thanks again Edison.
11-28-2007 11:46 AM
I don't have a Catalyst 4500 to test on but I believe you can change the config-register in config mode.
I just tried in a 6500,
(config)#config-register ?
<0x0-0xFFFF> Config register number
11-28-2007 05:28 PM
well I think I have enough info to mess up something. thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide