Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuration Guidelines for Securing Console Port Access

We recommend that you (the network administrator) disable the console port to prevent unauthorized access to the device.

Secure the Console Port

You can use the console port on a device to connect to the device through an RJ-45 serial cable. From the console port, you can use the CLI to configure the device. By default, the console port is enabled. To secure the console port, you can configure the device to take the following actions:

  • Log out of the console session when you unplug the serial cable connected to the console port.

  • Disable root login connections to the console. This action prevents a non-root user from performing password recovery operation using the console.

  • Disable the console port. We recommend that you disable the console port to prevent unauthorized access to the device. Preventing unauthorized access is especially important when the device is used as customer premises equipment (CPE) and is forwarding sensitive traffic.

    Note:

    It is not always possible to disable the console port, because console access is important during operations such as software upgrades.

To secure the console port:

  1. Do one of the following:

    • Disable the console port.

    • Disable root login connections to the console.

      Note:

      After you configure the console port as insecure, if a user tries to perform the password recovery operation by booting in single-user mode, the device will prompt for the root password. This way, only a user who knows the root password will be able to log in to single-user mode for password recovery.

    • Log out of the console session when the serial cable connected to the console port is unplugged. Enter

  2. After you configure the device, enter commit in configuration mode.