Disable Password Recovery

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

There are times when you may want to disable password recovery (for example if someone is working in high secure environment).

Use the following command to disable password recovery

Router(config)#no service password-recovery
   WARNING:
   Executing this command will disable password recovery mechanism.
   Do not execute this command without another plan for
   password recovery.

Are you sure you want to continue? [yes/no]: yes
Router(config)#

The above command will disable all access to the ROMMON. Be careful when using the above command, as there is no way to recover password.

The following message is displayed during boot up when “no service password-recovery” command is configured.

    PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

    System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
...

Cisco, IOS, Password, Router

About the author

Multi skilled Cisco network engineer, web programmer and system administrator, lost in different career path :-)

This entry was posted by Arsalan A. Suzuki on August 26, 2010 at 8:08 pm, and is filed under Cisco, IOS, Security, Tips. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.

Related Posts
Trackbacks (1)
Comments (2)

#1 written by Mike
about 1 year ago

Reply Quote

So, if no password-recovery has been enabled on a router, is there anyway to still get into the router and reset to factory defaults? I have a 1900 that's been sitting in the corner of our server room that was initially used for testing. I would now like to use it, but I don't have the password and the no password-recovery has been set. Any suggestions?
#2 written by Arsalan Suzuki
about 1 year ago

Reply Quote

Check this article for password recovery http://blog.arsalan.biz/cisco/cisco-router-passwo…

Even when password-recovery is disabled you can reset the startup config by pressing break command during boot up process.
Details can be found at http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12…

Cisco Router Password Recovery | Arsalan A. Suzuki's Blog

Basic Frame Relay Configuration

about 1 year ago - 4461 commentBasic+Frame+Relay+Configuration2011-08-09+16%3A18%3A32Arsalan+A.+Suzuki

This article shows how to configure basic frame relay without using inverse ARP. We’ll be using the above topology for the configuration. The IP addresses of the routers are 192.168.1.X, where X is the router number. Configuration Steps Assign IP address to the serial interface Configure frame relay encapsulation Set frame map for each router…

Ping Multiple Addresses Using TCL Script Part 2

about 1 year ago - 431No comments2011-06-18+06%3A08%3A44Arsalan+A.+Suzuki

Part 1 of this tutorial showed how to ping multiple IP addresses using TCL script. This tutorial will further refine the script which was in Part 1. Instead of foreach loop, we will be using for loop to make the script shorter. TCL Script Here is the sample script for { set i 1 }…

Ping Multiple Addresses Using TCL Script Part 1

about 1 year ago - 4063 comments2011-06-14+00%3A45%3A45Arsalan+A.+Suzuki

There might be situation where you might need to ping multiple IP addresses to check the full connectivity between devices. This tutorial shows you exactly how to do that using TCL script. I’ll be explaining how it works in details so you don’t need to have any programming or scripting experience. TCL Script Below is…

Enable Telnet Access on Cisco Router

about 2 years ago - 3731 commentEnable+Telnet+Access+on+Cisco+Router2011-05-16+19%3A10%3A37Arsalan+A.+Suzuki

This short tutorial shows how to enable telnet access on the router. Configuration Use the following commands to enable telnet access to the router. First check how many virtual terminal router supports. (Depending on the router model, the output might be different) Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line vty…

Cisco ūmi Home Telepresence on Your TV Set

about 2 years ago - 321No comments2010-10-07+08%3A26%3A22Arsalan+A.+Suzuki

Cisco announced Umi, a video conferencing appliance for typical consumers. Umi consists of camera mounted to the top of the screen which can capture Full HD 1080p video at 30 frames per second. The camera is connected to a device which act as a internet gateway for the TV. Umi which is scheduled to be…

Configuring Port Aggregation with EtherChannel

about 2 years ago - 3081 comment2010-10-04+16%3A28%3A50Arsalan+A.+Suzuki

What is EtherChannel? EtherChannel is a link aggregation technology used primarily on Cisco switches. It can bundle two to eight physical port of the same Ethernet media type and speed. All bundled ports must have similar configuration. EtherChannel can be used to increase bandwidth, provide redundancy and load balance traffic EtherChannel Negotiation Protocols Cisco supports…

Configuring VLAN Access Control Lists (VACL)

about 2 years ago - 30211 comments2010-09-27+14%3A10%3A27Arsalan+A.+Suzuki

What is VLAN Access Control Lists (VACL) used for? VLAN Access Control Lists (VACL) can be used to filter traffic within the same vlan Scenario Suppose a host is connected to VLAN 2 and we are required to drop all telnet traffic within VLAN 2. Configuration Make an access list to match telnet traffic Router(config)#access-list…

Configuring DHCP Snooping

about 2 years ago - 297No commentsConfiguring+DHCP+Snooping2010-09-09+13%3A34%3A34Arsalan+A.+Suzuki

What is DHCP Snooping DHCP snooping is a security feature inteneded to prevent rogue DHCP server from sending malicious DHCP replies. When DHCP snooping is enabled, the switch intercept all the DHCP requests, and discards DHCP replies coming from “untrusted” ports. The offending switch ports are automatically shut down and put in errdisable state. DHCP…

Cisco IOS Tips: Reload Command Explained

about 2 years ago - 247No comments2010-08-31+10%3A07%3A55Arsalan+A.+Suzuki

I guess the reload command is self explanatory. It reboots the router. Reload command can take two different kind of timer Execute at specific time or date (e.g at 11:00) Execute after certain number of minutes (e.g after 30mins) Note : The router clock must be set before the reload command can work properly. CLI…

Cisco IOS Tips: Display Interface The Smart Way

about 2 years ago - 238No comments2010-08-29+11%3A11%3A29Arsalan+A.+Suzuki

Use the following command to dsplay brief summary of interfaces Router#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.2 YES manual up up FastEthernet0/1 192.168.10.2 YES manual up up FastEthernet1/0 unassigned YES unset up down FastEthernet1/1 unassigned YES unset up down FastEthernet1/2 unassigned YES unset up down FastEthernet1/3 unassigned YES unset up…