cisco 857 password recovery|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||||||||||||||
|
Posted by Doug McIntyre on June 30, 2009, 5:06 pm
Please log in for more thread options
>there are 3 empty 'slots' - one DIMM like, and two slots of the types
>that i have installed vpn modules in - dont know if that makes sense ? The 857 doesn't have removable Flash like most other Cisco routers (including the 877 which does). Since the flash is soldered onto the board, you can't do the trick around it that he was trying to explain. >Although we have been remiss in removing the flash contents with the
>'service password recovery disabled' i can't believe that there is not >some hardware reset, presumably if we could get back to the default >config-register that does not have the bit set that disables 'break' ? The point of the 'no service password recovery' was to lock the box out of all physical attacks for service providers that wanted to make sure their subscribers couldn't get back in and do their own configs. Its even half-way tame now-a-days compared to what it was when it was a fully undocumented command, where you didn't have any config-erase type option that loading the IOS gives you now. But, sorry to say, the only way out of this would be to in-circuit reprogram the flash chip where the NVRAM/config is stored if that is even possible. Or put Smartnet on it, and have it advanced replaced by Cisco TAC. Probably won't be the first time they've had to. | ||||||||||||||||||||||||||||||||||
|
Posted by Graham Turner on July 1, 2009, 2:57 am
Please log in for more thread options > >Thanks further note back. not sure if i am being daft, but does not
> >appear to be any removable mem modules on the 857 we have. > >there are 3 empty 'slots' - one DIMM like, and two slots of the types > >that i have installed vpn modules in - dont know if that makes sense ? >
> The 857 doesn't have removable Flash like most other Cisco routers > (including the 877 which does). > > Since the flash is soldered onto the board, you can't do the trick > around it that he was trying to explain. > > >Although we have been remiss in removing the flash contents with the
> >'service password recovery disabled' i can't believe that there is not > >some hardware reset, presumably if we could get back to the default > >config-register that does not have the bit set that disables 'break' ? >
> The point of the 'no service password recovery' was to lock the box > out of all physical attacks for service providers that wanted to make > sure their subscribers couldn't get back in and do their own configs. > > Its even half-way tame now-a-days compared to what it was when it was > a fully undocumented command, where you didn't have any config-erase > type option that loading the IOS gives you now. > > But, sorry to say, the only way out of this would be to in-circuit > reprogram the flash chip where the NVRAM/config is stored if that is > even possible. > > Or put Smartnet on it, and have it advanced replaced by Cisco TAC. > Probably won't be the first time they've had to. Doug, thanks for note back. do i have it right then that the 'no service password-recovery' disables the capability of the hardware reset button ? we are not interested in anything on the router, | ||||||||||||||||||||||||||||||||||
|
Posted by bod43 on July 1, 2009, 3:10 am
Please log in for more thread options > >Thanks further note back. not sure if i am being daft, but does not
> >appear to be any removable mem modules on the 857 we have. > >there are 3 empty 'slots' - one DIMM like, and two slots of the types > >that i have installed vpn modules in - dont know if that makes sense ? >
> The 857 doesn't have removable Flash like most other Cisco routers > (including the 877 which does). Sorry. I had the idea that the 877 was removable but I did not know about the 850. We mostly used 870's. It's not like cisco to have something which cannot be recovered. Very, very unusual. I am not sure what the slots are for but I would guess extra RAM and Flash. http://www.cisco.com/en/US/docs/routers/access/800/hardware/notes/800upgrd.html Cisco 851 and 857 routers Flash Memory Card Options 4 MB, 16 MB, or 32 MB Default Flash Memory 20 MB (onboard flash memory only) Maximum Flash Memory 20 MB This seems ODD. Default + Option = Max (which is Default) There are no flash memory part numbers listed for the 85x. Thing is that it is important to remember the purpose of no service-pass. It is to *ensure* that cryptographic keys cannot be recovered from the router. It is going to be tough to work round. As suggested, get it on smartnet and let cisco deal with it. Or get another one on ebay? | ||||||||||||||||||||||||||||||||||
|
Posted by Graham Turner on July 1, 2009, 3:21 am
Please log in for more thread options >
> > >Thanks further note back. not sure if i am being daft, but does not
> > >appear to be any removable mem modules on the 857 we have. > > >there are 3 empty 'slots' - one DIMM like, and two slots of the types > > >that i have installed vpn modules in - dont know if that makes sense ? >
> > The 857 doesn't have removable Flash like most other Cisco routers
> > (including the 877 which does). >
> Sorry. I had the idea that the 877 was removable but I > did not know about the 850. We mostly used 870's. > > It's not like cisco to have something which cannot be recovered. > Very, very unusual. > > I am not sure what the slots are for but I would guess > extra RAM and Flash. > > http://www.cisco.com/en/US/docs/routers/access/800/hardware/notes/800... > > Cisco 851 and 857 routers > Flash Memory Card Options 4 MB, 16 MB, or 32 MB > Default Flash Memory 20 MB (onboard flash memory only) > Maximum Flash Memory 20 MB > > This seems ODD. > Default + Option =3D Max (which is Default) > > There are no flash memory part numbers listed for the 85x. > > Thing is that it is important to remember the purpose > of no service-pass. It is to *ensure* that cryptographic > keys cannot be recovered from the router. It is going > to be tough to work round. > > As suggested, get it on smartnet and let cisco deal with it. > Or get another one on ebay? i am totally happy with the purpose of the 'service-pass' to prevent recovery of passwords, but this is not what we want to do do i have it right though that this disables the hardware reset button, which seems to be ignored by the router ? | ||||||||||||||||||||||||||||||||||
|
Posted by bod43 on July 1, 2009, 4:28 am
Please log in for more thread options >
> > > > > > >Thanks further note back. not sure if i am being daft, but does not
s
> > > >appear to be any removable mem modules on the 857 we have. > > > >there are 3 empty 'slots' - one DIMM like, and two slots of the type= > > > >that i have installed vpn modules in - dont know if that makes sense=
?
>
> > > The 857 doesn't have removable Flash like most other Cisco routers
> > > (including the 877 which does). >
> > Sorry. I had the idea that the 877 was removable but I
> > did not know about the 850. We mostly used 870's. >
> > It's not like cisco to have something which cannot be recovered.
> > Very, very unusual. >
> > I am not sure what the slots are for but I would guess
> > extra RAM and Flash. >
> >http://www.cisco.com/en/US/docs/routers/access/800/hardware/notes/800...
>
> > Cisco 851 and 857 routers
> > Flash Memory Card Options 4 MB, 16 MB, or 32 MB > > Default Flash Memory 20 MB (onboard flash memory only) > > Maximum Flash Memory 20 MB >
> > This seems ODD.
> > Default + Option =3D Max (which is Default) >
> > There are no flash memory part numbers listed for the 85x.
>
> > Thing is that it is important to remember the purpose
> > of no service-pass. It is to *ensure* that cryptographic > > keys cannot be recovered from the router. It is going > > to be tough to work round. >
> > As suggested, get it on smartnet and let cisco deal with it.
> > Or get another one on ebay? >
> i am totally happy with the purpose of the 'service-pass' to prevent > recovery of passwords, but this is not what we want to do > > do i have it right though that this disables the hardware reset > button, which seems to be ignored by the router ? I think the button only does a cold boot reset - like on a PC. I know that some other network kit does a factory reset but cisco does not as far as I am aware. I have never used it. Have you tried sending a break in the first 5 seconds after power on? Firstly make SURE you are sending a break - ideally test on another router. I suggest then (if using hyperterminal and not using a USB serial port adapter that does not send break) press the <CTRL> key
power on the router
immediately begin pressing the break key every two seconds do not hammer away at it do this for at least ten seconds Power off and try again every second. Some USB serial port adapters do not send break signal Some versions of hyperterminal do not send a break signal. Various different terminal emulators use different keys Macintoshes apparently do not send breaks (but there is a workaround - set very slow baud rate and press some certain key or other) Why not try for longer too? | ||||||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| Password Recovery for CISCO 836 | September 5, 2006, 9:16 am |
| cisco 857 password recovery | June 30, 2009, 1:45 pm |
| Cisco 1900 Password Recovery | October 6, 2006, 12:01 pm |
| Avoid Password Recovery on Cisco 5300 | October 6, 2005, 5:15 pm |
| strange cisco 7604 password recovery problem | April 3, 2009, 5:05 pm |
| Password recovery disabled on Cisco 1711 Router - cannot login or reset | May 17, 2006, 8:50 am |
| Password Recovery | November 20, 2005, 12:00 pm |
| Password recovery problem | July 20, 2005, 1:48 pm |
| Password recovery - 2900XL | July 28, 2006, 11:09 pm |
| NO SERVICE PASSWORD RECOVERY | March 6, 2008, 1:35 pm |
| HELP ON 2525 ROUTER PASSWORD RECOVERY | February 12, 2005, 12:56 pm |
| Need password recovery util for LocalDirector 430 | March 22, 2006, 1:53 am |
| PIX 520 with 5.1(4) OS enable password recovery problem | October 7, 2006, 5:27 pm |
| Password recovery without serial port | January 5, 2009, 7:45 am |
| aironet ap350 PASSWORD RECOVERY OR RESET ENTIRE CONFIG | September 13, 2006, 7:24 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>appear to be any removable mem modules on the 857 we have.