Also from the Cisco Website under Troubleshooting: "Break (system interrupt) is always enabled for 60 seconds after rebooting the system, even if break is configured to be off by setting the configuration register. During the 60-second window, you can break to the bootstrap mode prompt."
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2000/c2000 qs/22820.htm Douglas Gullett, CCNA, CCDA, CCNP -----Original Message----- From: DocValde [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 2:10 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re[2]: Cisco Password Recovery >> -----Original Message----- >> From: Shafagh Zandi [mailto:[EMAIL PROTECTED]] >> Sent: Saturday, March 30, 2002 8:10 AM >> To: [EMAIL PROTECTED] >> Subject: Cisco Password Recovery >> >> Hi, Everybody >> >> How can I disable password recovery? >> >> Shafagh Zandi. Hi there, i was not able to follow everey postings in this thread, so excuse me, if it was already mentioned... jon schatz <[EMAIL PROTECTED]> wrote: > but anyone with pyhsical > (serial cable) access to a cisco product can force the device to reboot > and ignore the saved configuration. You can then do a "conf t" and > create a new config, save it, and reboot. Rob Hughes <[EMAIL PROTECTED]> wrote: > If you have physical access the the routers, you can't prevent password > recovery as Cisco built it into the ROM. This is true, of course, for default cisco routers, but you can disable the break-possibility during system boot, as you can see here: http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/cis2000/c2000 qs/22812.htm But remember all the things said in this thread before! If you do this, and an error occurs during your configuration or you get lost of the passwords, you are definitely locked out! Rob Hughes <[EMAIL PROTECTED]> wrote: > Also, anyone who can view the > encrypted password can use a utility that will recover the encrypted > password from the config or from sho run, etc. That is true for almost every password in your cisco router config, but as i was told today at work by our CCIE, this is not valid for the "enable secret", which cannot be cracked with the common tools. But i didn't test this, so me and him may be wrong... Any comments? Regards, Doc. -- DocValde web: http://www.DocValde.net eMail: [EMAIL PROTECTED]
