From: Bill Hill (bhill@xxxxxxxxxx)
Date: Fri Nov 30 2001 - 12:47:03 GMT-3
Actually, it is my understanding that you can do this. (Except from
Scott Morris e-mail) Thanks Scott.
"Actually, it IS a good idea to do, you just need to be aware how to fix
it!
It DOES disable the typical password recovery, however you can still get
in....
There's a caveat though....
First, to get in. When the router is booting, and you get all those
###'s
for loading the image. As soon as that part is done, you have FIVE
seconds
to issue a break signal.
When you do, you're into recovery mode, however recovery WILL kill the
config. So you can get control of the router again, but you CANNOT look
at
how it was configured, and must start from scratch!
It's a great thing for companies to do, but on the other hand, before
doing
it, I would STRONGLY recommend they have good documentation and backup
configs someplace in case they do ever have to recover their routers
from
hackers or disgruntled ex-employees.
Scott"
I haven't tried this first hand though.
-Bill
-----Original Message-----
From: Harris, Joe F [mailto:Joe_Harris@AIMFUNDS.COM]
Sent: Friday, November 30, 2001 10:27 AM
To: ccielab@groupstudy.com
Subject: OT:UPDATE- No Service Password-Recovery
All:
There was a thread floating around a month or so ago regarding the "no
service password-recovery" command. Most people say that the command
cannot
be "undone" once is has been issued and therefore should be avoided at
all
costs. TAC will even inform you that you must return the router to Cisco
in
order to reverse the effect of the command, however there is a simple
fix
that will allow you to circumvent the effects of the command. The only
down
side to reversing the command is that you need a small amount of extra
equipment in order to reverse, like new BootROM. Here is an example:
USED WITH "NO SERVICE PASSWORD-RECOVERY", WROTE THE CONFIG TO MEM &
RELOADED
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 49152 Kbytes of main memory <-Issued Break
PC = 0x8000830c, Vector = 0x500, SP = 0x82fffeb0
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program load complete, entry point: 0x80008000, size: 0x928024
Self decompressing the image : ####################################
CHANGED BOOTROM:
System Bootstrap, Version 11.3(2)XA3, PLATFORM SPECIFIC RELEASE SOFTWARE
(fc1)
Copyright (c) 1998 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 49152 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x928024
Self decompressing the image : ##############################
!
!Reloaded Router and Attempted to enter rommon>
!
System Bootstrap, Version 11.3(2)XA3, PLATFORM SPECIFIC RELEASE SOFTWARE
(fc1)
Copyright (c) 1998 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 49152 Kbytes of main memory
PC = 0xfff0a53c, Vector = 0x500, SP = 0x8000488c
monitor: command "boot" aborted due to user interrupt
rommon 1 >
-Joe
This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:27 GMT-3