On 11/18/10 2:28 AM, si...@pitwood.org wrote: > It might have something to do with the version? > > CAT2924Switch#sh run > Building configuration... > > Current configuration: > ! > version 12.0 > no service pad > service timestamps debug uptime > service timestamps log uptime > no service password-encryption
password-encryption != password-recovery And password-encryption == password-encryption only for very small values of encryption. This really should be called password-obfuscation as it is trivial to reverse. The original poster didn't specify the specific problem he was trying to solve. If the bad guys have unmonitored physical access to the switch they could swap it out with their own device entirely even if the configuration is locked down. It's not like 2924XLs are expensive or hard to get. Mitigate with RANCID, etc. If the concern is that the same access password on the switch which could be recovered is used elsewhere in the OP's network and bad guys recovering that password could use it to attack other devices... Don't do that, then. Mitigate with unique passwords, TACACS+, etc. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/