On 11/17/10 2:10 PM, Skeeve Stevens wrote: > Hey all, > > I've been googling and ciscocom searching and have found nothing so far. > > I was to 'no service password-recovery' on a old Catalyst 2924. Does anyone > know of a way? > > It is in a delicate environment and it doesn't support 'secret', so if its > password recovered people would be able to crack the 'password' level > passwords.
If the bad guys have access to its power cord and console port, it's pretty much game over anyway, but you can mitigate with... * AAA to a remote tacacs+ server. * Sync with NTP and use RANCID to track config changes and/or last save. * Unique passwords for that device. * It should support enable secret even if not password secret. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
