Cisco Cisco IPS 4255 Sensor

sensor(config-hos)#

To troubleshoot password recovery, pay attention to the following:

You cannot determine whether password recovery has been disabled in the sensor configuration 
from the ROMMON prompt, GRUB menu, switch CLI, or router CLI. If password recovery is 
attempted, it always appears to succeed. If it has been disabled, the password is not reset to cisco. 
The only option is to reimage the sensor.

You can disable password recovery in the host configuration. For the platforms that use external 
mechanisms, such as the AIM IPS and NME IPS bootloader, ROMMON, and the maintenance 
partition for the IDSM2, although you can run commands to clear the password, if password 
recovery is disabled in the IPS, the IPS detects that password recovery is not allowed and rejects the 
external request.

To check the state of password recovery, use the show settings | include password command. 

When performing password recovery on the IDSM2, you see the following message: 

Upgrading 

will wipe out the contents on the storage media

. You can ignore this message. Only the 

password is reset when you use the specified password recovery image.

For more information on reimaging sensors, refer to 

For the procedure for disabling password recovery, see 

.

For the procedure for verifying the state of password recovery, see 

This section lists the resolved caveats, relevant unresolved caveats, and contains the following topics:

The following known issues were recently found and resolved in the 7.0(7)E4 release:

CSCte74540—AIP-SSM deny-connection on GRE packet causes GRE tunnel to be denied

CSCtq95375—Radius module should handle multiple cisco-av-pair responses

CSCtr19702—CLI/IME connection to IPS going down due to CT issue for FlexLM license

CSCtr83959—Copy from file to current-config fails if auto-upgrade user is in file

CSCts08725—IDCONF does not escape double quotes in signature names

CSCts21378—Normalizer signature 1330.12 drops legit reset packet and keeps tracking