ROMMON Security
Bypassing accessory agreement and acceptance complete admission to the accessory can be accomplished afterward a actual simple and welldocumented
procedure. Physical or animate admission is appropriate to the accessory so it can reboot or adeptness aeon to accomplish the
procedure. Cisco IOS software provides a countersign accretion action that relies on accepting admission to ROMMON. To access
ROMMON mode, the breach key arrangement needs to be entered on the keyboard aural 60 abnormal of reboot.
In ROMMON mode, the router software can be reloaded, at which time a new arrangement agreement is prompted that includes new password.
The countersign accretion action enables anyone with animate admission the adeptness to admission the router and its network. The no
service password-recovery is a aegis accessory affection that prevents the achievement of the breach key arrangement and entering of ROMMON mode. It prevents users with animate admission from accessing the router agreement and allowance the
password. It additionally prevents changes to the agreement annals ethics and admission to nonvolatile RAM (NVRAM).
The afterward bulletin is apparent during startup back the no account password-recovery command is configured:
Code View:
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright 1998 by cisco Systems, Inc.
C3600 processor with 65536 Kbytes of capital memory
Main anamnesis is configured to 64 bit approach with adequation enabled
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program amount complete, admission point: 0x80008000, size: 0x10ce394
Self decompressing the angel : ####################################
###################################################################
###################################################################
################################################# [OK]
Smart Init is disabled. IOMEM set to: 10
Using iomem percentage: 10
Restricted Rights Legend
Use, duplication, or acknowledgment by the Government is
subject to restrictions as set alternating in subparagraph
of the Commercial Computer Software—Restricted
Rights article at FAR sec. 52.227-19 and subparagraph
(1) (ii) of the Rights in Technical Data and Computer
Software article at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating Arrangement Software
IOS (tm) 3600 Software (C3640-IS-M), Version 12.3(3), RELEASE SOFTWARE (fc2)
Copyright 1986-2003 by Cisco Systems, Inc.
Compiled Mon 18-Aug-03 19:03 by dchih
Image text-base: 0x60008950, data-base: 0x61B3E000
The afterward account outlines a few methods for convalescent from a absent countersign back the no account password-recovery
command is configured. These methods absorb antibacterial the startup configuration; appropriately all configurations will be lost.
Devices that accept NVRAM chips can be removed and reseated. The NVRAM is implemented application battery-backed up static
RAM (SRAM). Removing the SRAM erases the capacity of NVRAM, which accommodate the no account password-recovery
configuration.
Other accessories use an electrically erasable programmable read-only anamnesis (EEPROM) to authority the configuration. The
EEPROM is not asleep back removed and is reseated; hence, accretion is not possible. (Contact the Cisco TAC support
center for added assistance.)
Another way to balance the absent countersign back the no account password-recovery command is configured becomes
possible during the rebooting action of the router. (You charge accept animate admission to accomplish this task.) During the
rebootubf process, columnist the break-key arrangement aggregate aural bristles to ten abnormal of the angel decompressing
(when you see the bulletin Angel text-base: .... on the animate screen). At this point, the software will alert you displace the router to the branch absence configuration. See the sample achievement captured for this action that follows.
Code View:
System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright 1998 by Cisco Systems, Inc.
C3600 processor with 65536 Kbytes of capital memory
Main anamnesis is configured to 64 bit approach with adequation enabled
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program amount complete, admission point: 0x80008000, size: 0x10ce394
Self decompressing the angel :
#########################################################
##################################################################################
######
####################################################################### [OK]
Smart Init is disabled. IOMEM set to: 10
Using iomem percentage: 10
Restricted Rights Legend
Use, duplication, or acknowledgment by the Government is
subject to restrictions as set alternating in subparagraph
of the Commercial Computer Software—Restricted
Rights article at FAR sec. 52.227-19 and subparagraph
(1) (ii) of the Rights in Technical Data and Computer
Software article at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating Arrangement Software
IOS (tm) 3600 Software (C3640-IS-M), Version 12.3(3), RELEASE SOFTWARE (fc2)
Copyright 1986-2003 by Cisco Systems, Inc.
Compiled Mon 18-Aug-03 19:03 by dchih
Image text-base: 0x60008950, data-base: 0x61B3E000 hit CTRL-BREAK arrangement here
PASSWORD RECOVERY IS DISABLED
Do you appetite to displace the router to branch default
configuration and advance [y/n] ? y
Reset router agreement to branch default.
Cisco 3640 (R4700) processor (revision 0x00) with 59392K/6144K bytes of memory.
Processor lath ID 09196037
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
2 Ethernet/IEEE 802.3 interface(s)
2 Voice FXO interface(s)
2 Voice FXS interface(s)
DRAM agreement is 64 $.25 advanced with adequation enabled.
125K bytes of non-volatile agreement memory.
8192K bytes of processor lath Arrangement beam (Read/Write)
8192K bytes of processor lath PCMCIA Slot0 beam (Read/Write)
20480K bytes of processor lath PCMCIA Slot1 beam (Read/Write)
[OK][OK]
SETUP: new interface Ethernet0/0 placed in "shutdown" state
SETUP: new interface Ethernet1/0 placed in "shutdown" state
Press RETURN to get started!
Router>
Note
Use the afterward articulation for accepted break-key arrangement combinations for best applications, operating systems, and
platforms, and to get some tips on how to troubleshoot accompanying problems: http://www.cisco.com/warp/public/701/61.html
.
Tip
Use the afterward links to balance a accessory back the no account password-recovery affection has been enabled:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00802a1e76.html#wp1027258
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a00801d8113.shtml