Router Assistance Requested [Archive] - Glock Talk


View Full Version : Router Assistance Requested

10-28-2010, 13:41
I have networking students that troubleshoot equipment that already have existing configuations on them.

The students... May God help them all.... unknowingly insert faults into the routers/ switches/ firewalls an effort to correct faults inserted by their instructors.

Is there a way to configure the Startup-configuration to be read only?

The students must be able use all commands to T/S the equipment.

Any ideas?

10-28-2010, 16:15
what follows assumes you're using ios (and not catos or another manufacturer like juniper):

is the problem that they are they modifying the running config and saving it?

if so, i don't think there's a real way around that since i'm 99% sure there's not a way to mark files as read-only in the nvram. i dug around on my 1721 here at home and found a pdf about cisco file systems just to double check and didn't find anything related to setting permissions.

do you not want them to be able to modify the config at all, but just be able to view it?

if that's the case, you could run a tacacs+ server and have their logins set to be able to view the config but not modify it.

also, you could have the routers to download their initial configuration via bootp, so a power reset would cause them to go back to a default configuration... this could be pretty easily changed/set from the rmon menus if you do the old ctrl-break during the boot process.

i've got an old 1600 laying around somewhere i can look at if you need more details...

some more specifics regarding the hardware you're working with and setup would probably be helpful, make/model, etc..