Ciscoe 881W and a wierd event

[dfdavis]

I guess another point I was hoping to make, let's forget about people doing things they should not do. I have totally abandoned all hope here for reasons that are not appropriate for me to put on here. This will never be anything I can do anything about (tampering).
So here is the other point....if a power outage, power failure, something natural etc. happens to occur and... the IT person or whoever else has left the cable to the switch or even worse, happen to have a 1041N plugged into port"0", this could allow someone to see or alter your activation page. Granted...all this can be reset thru a procedure that includes a call to the networking people for assistance. There are many times when a call for help is just not fast enough to make a difference in the outcome.
My personal preference and recommendation here is, stick an non-wired Rj45 plug in port "0".... block it off from use. Again....this cannot happen unless you have Port "0" in use. This way you can be assured that something you will be told cannot happen....just cannot happen...make sense?

[jdlessley]

There is a bit of missunderstanding about what access is available through port 0 (FEO in Cisco's documentation terminology). Port 0 on the Cisco 881W is the port specified to access the device's interface from a computer. Once the username and password are entered through the interface or through the Church's activation the device interface can only be accessed by entering the username and password. Once a username and password is set there is no capability to change any of the 881 settings without the username and password. There is no security problem associated with having any computer or wireless access point connected through port 0.

Soft reboots initiated by power cycling (unplugging and reconnecting the device to a power supply) or power outages, failures, brownouts, fluctuations, or other electrical anomalies should not misteriously allow someone to access the interface. Soft reboots are used to re-establish the settings saved in the device's firmware. The most likely cause for interface access would be a hard reboot, or reset, of the device to the factory defaults. Without the username and password this can only be done by pressing the reset button on the back of the device.

If a soft reboot does reset the settings to the factory presets then the device is defective and should be replaced.

[russellhltn]

I suppose it's possible for reasons unknown for a device to decide to do a hard reboot. Not supposed to happen, but that's not the same as "never". I've been around electronics too long to say "never". If port 0 is not connected, then no one can fool with the device before competent help is able to get involved.

As well as closing the door to any "brute force" hacking of the user name/password.

[dfdavis]

I suppose it's possible for reasons unknown for a device to decide to do a hard reboot. Not supposed to happen, but that's not the same as "never". I've been around electronics too long to say "never". If port 0 is not connected, then no one can fool with the device before competent help is able to get involved.

As well as closing the door to any "brute force" hacking of the user name/password.

Exactly.... Like I said.... what I was told absolutely cannot happen by the networking staff at Salt Lake... for some actually reason did. It caused me a 70 mile round trip to fix it and yet to be determined as suggested, perhaps a defective 881W. So how many of you all out there also installed a defective one and just haven't found out yet... I am sure this one registered and activated just fine as the serial number had to be removed from the church's database.

[jdlessley]

I am not against cautioning others of a potential failure mode. I would also agree that if port 0 is not needed then don't. But if it is needed why block it? While there may be a remote chance that the device did fail I would be more inclined to think someone pushed the reset button.

[harddrive]

It almost sounds like the database at SLC wasn't updated correctly.

[dfdavis]

I am not against cautioning others of a potential failure mode. I would also agree that if port 0 is not needed then don't. But if it is needed why block it? While there may be a remote chance that the device did fail I would be more inclined to think someone pushed the reset button.

Have you ever read the church's instructions for installing an 881W? If you would do so, that might make some of this make more sense to you. Also..FYI... just pushing the reset button on the back of the 881W... does not do a reset, only a restart. There is a sequence of things that must happen in order for you to get back to the activation screen (reset). I will leave that info... not published here ... but also requires a call to the networking people due to your equipments registered serial number.
All my intent here is... to make people aware of what can happen if you use that configuration port .... If I can help one person that makes me happy! Take this info however you like....

[russellhltn]

My take on this episode is don't let your FM group activate the firewall. Follow the instructions, and run all the suggested tests.

When I activated our firewall, for some reason, the filtering didn't “take” and I had to call support.

[dfdavis]

It almost sounds like the database at SLC wasn't updated correctly.

It actually was... because they had to remove the SN# of that unit from their database as I activated another(2nd) one I had for a spare.

[jdlessley]

FYI... just pushing the reset button on the back of the 881W... does not do a reset, only a restart.

The reset button has more than a press to restart. The other function is dependent on when the button is pressed in relation to power being applied.