Carefully read that Cisco doc: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2000/c2000 qs/22812.htm
"A Break can be sent in the first 60 seconds while the system reboots, regardless of the configuration settings." By default, Ciscos ignore console Break keys, except in the first 60 seconds of rebooting. I don't think there is anyway to stop them from doing this if they have console access and can reboot the switch or router. It's designed to be idiot-proof, so people don't ship their router back because they made them so secure they couldn't use them... I've seen vendors who had that policy for password recovery (i.e. ship it back to us & we'll do it) and it was never a good thing. - John ----- Original Message ----- From: "DocValde" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, April 04, 2002 11:09 AM Subject: Re[2]: Cisco Password Recovery > > >> -----Original Message----- > >> From: Shafagh Zandi [mailto:[EMAIL PROTECTED]] > >> Sent: Saturday, March 30, 2002 8:10 AM > >> To: [EMAIL PROTECTED] > >> Subject: Cisco Password Recovery > >> > >> Hi, Everybody > >> > >> How can I disable password recovery? > >> > >> Shafagh Zandi. > > Hi there, > > i was not able to follow everey postings in this thread, so excuse > me, if it was already mentioned... > > jon schatz <[EMAIL PROTECTED]> wrote: > > but anyone with pyhsical > > (serial cable) access to a cisco product can force the device to reboot > > and ignore the saved configuration. You can then do a "conf t" and > > create a new config, save it, and reboot. > > Rob Hughes <[EMAIL PROTECTED]> wrote: > > If you have physical access the the routers, you can't prevent password > > recovery as Cisco built it into the ROM. > > This is true, of course, for default cisco routers, but you can disable > the break-possibility during system boot, as you can see here: > > http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2000/c2000 qs/22812.htm > > But remember all the things said in this thread before! If you do > this, and an error occurs during your configuration or you get lost > of the passwords, you are definitely locked out! > > Rob Hughes <[EMAIL PROTECTED]> wrote: > > Also, anyone who can view the > > encrypted password can use a utility that will recover the encrypted > > password from the config or from sho run, etc. > > That is true for almost every password in your cisco router config, > but as i was told today at work by our CCIE, this is not valid for > the "enable secret", which cannot be cracked with the common tools. > But i didn't test this, so me and him may be wrong... Any comments? > > Regards, > > Doc. > > -- > DocValde > > web: http://www.DocValde.net > eMail: [EMAIL PROTECTED]
