重庆思庄Oracle、Redhat认证学习论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 1596|回复: 4

1.1 CISCO交换机和路由器密码恢复和修改

[复制链接]
发表于 2015-8-3 10:38:48 | 显示全部楼层 |阅读模式
引言:Cisco的交换机目前为止,有两个大的型号,也就是Catalyst(通用级)和Nexus(数据中心专用级);以下的交换机和路由器的密码恢复和修改也只是针对在下个人经历过的设备而言,您可以在使用本手册时,先按照通用的方法去恢复复,若不可行,则使用最近的型号的方法去恢复;若还是不行,则可以QQ问在下,在下来帮您找方法:QQ 279575705;本文是在下自己的工作经验总结,若有不足的地方,还请跟在下联系并改正,一起学习交流,谢谢!其他型号的设备的方法,未完待续~

一、通用交换机和路由器的密码恢复和修改方法:
1.启用超级终端并出现连接界面
2.拔掉交换机的电源.
3.按下交换机上的Mode按钮,与此同时,重新插上交换机的电源线.
4.当交换机左边的sys灯会慢慢的闪动,(细心的话会发现部分灯红色的闪过),按住mode按钮直到sys灯不闪动(常

亮状态).否则提前松开的按钮的话会直接进入正常的启动,必须跳回步骤2重来. 
5.可以松开Mode按钮
之后系统将显示一些指示信息:
The system has been interrupted prior to initializing the flash file system. The following
commands will initialize the flash file system, and finish loading the operating system
software:
flash_init   /---初始化flash文件系统---/
load_helper  /---加载帮助文件---/
boot         /---启动设备进入正常的模式---/ 
步骤:
switch:
Switch:flash_init   
Switch:dir flash:     /---查看Flash的文件名字可以用来确认文件名为config.text---/             
Switch:rename flash:config.text flash:oldconfig.text/---把配置文件重命名,当然你可以不改为

oldconfig.text,只要文件名和原来的不相同就可以---/
Switch:boot          /---手动启动交换机---/
由于配置文件改过了,所以交换机找不到默认的config.text而出现配置的对话向导,选择n然后回车然后我们就会

绕过原来的password而进入到:
Switch>
Switch>en  /--可以进入特权模式--/
Switch#rename flash:oldconfig.text flash:config.text    /---恢复交换机配置文件---/ 
Switch#copy flash:config.text system:running-config     /---保存配置到DRAM里---/ 
Switch#config t   这时就可以设置新的password为cisco
Switch(config)# enable password  cisco
Switch(config)# enable secret CISCO
Switch(config)#line con 0
Switch(config)#password cisco
Switch#copy run start 
或用下面方法暂时清空密码,待以后再做设置
Switch(config)#no enable password             /---干掉特权模式旧密码---/ 
Switch(config)#no enable secret               /---干掉加秘密码---/
Switch(config)#exit
Switch#copy run start        /---把当前配置的文件写回Flash---/
用这个方法修改密码不会把原来的配置文件内容清掉。特别是一个现成的大型网络里已经在运行的交换机,这样比

较保险点。
 
二、特殊型号的设备密码恢复和修改方法:
1、 在Cisco 3600上的密码修复
    CTRL+BREAK
       ROM>CONFREG 2142
          或 IGNORE SYSTEM CONFIG INFO   Y/N   Y
               RESET

2、在Cisco 2500上的密码修复
     CTRL+BREAK
       >O/R 0X2142
          >I
            SH STAR
              COPY STAR RUN
                NO ENA PASS
3、在Catalyst通用交换机上的密码修复
    30秒内没有密码
    CONSOLE>ENA 按两次回车
        ENTER PASSWORD:
           CONSOLE>(ENABLE) SET PASS 按四次回车
               ENTER OLD PASSWORD
                  ENTER NEW PASSWORD
                       RETYPE NEW PASSWORD
                           CONSOLE>(ENABLE) SET ENABLEPASS 按四次回车
                                 ENTER OLD PASSWORD
                                     ENTER NEW PASSWORD
                                        RETYPE NEW PASSWORD
                                           PASSWORD CHANGE
                                               CONSOLE>( ENABLE)

回复

使用道具 举报

 楼主| 发表于 2015-8-3 10:41:32 | 显示全部楼层
Catalyst4500交换机上的密码修复

Step-by-Step Procedure
Complete these steps to recover your password:
Note: Make sure that you have physical access to the switch and that you use console access to the Supervisor Engine module while you perform these steps. For details on the switch console connection, refer to Connecting a Modem to the Console Port on Catalyst Switches.
Tip: Configuration of the switch is not lost if the procedure is followed as mentioned. As a best practice, Cisco recommends that you have a backup copy of the configuration of all Cisco devices at the TFTP server or a Network Management server.
Power cycle the device.
In order to power cycle, turn the device off, then back on.
Press Ctrl-C within 5 seconds to prevent autoboot. This action puts you in ROM monitor (ROMmon) prompt mode.
!--- Here, you power cycle the switch.

********************************************************** 
 *                                                        * 
 * Welcome to ROM Monitor for WS-X4014 System.            * 
 * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
 * All rights reserved.                                   * 
 *                                                        * 
 **********************************************************
 
 ROM Monitor Program Version 12.1(10r)EY(1.21) 

 Board type 1, Board revision 7
 Swamp FPGA revision 16, Dagobah FPGA revision 43 
 
 Timer interrupt test passed.

 MAC Address  : 00-02-b9-83-af-fe 
 IP Address   : 172.16.84.122 
 Netmask      : 255.255.255.0 
 Gateway      : 172.16.84.1 
 TftpServer   : Not set. 
 Main Memory  : 256 MBytes


 ***** The system will autoboot in 5 seconds *****    ///系统会启动5秒,接下来是系统的启动过程


 Type control-C to prevent autobooting. 
!--- At this point, press Ctrl-C.

Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]  
!--- The module ended in the ROMmon.

rommon 1 > [interrupt]
Issue the confreg command at the rommon prompt.
Make the selections that appear here in boldface for password recovery:
rommon 1 > set

rommon 1 > confreg

 Configuration Summary : 
 => load ROM after netboot fails
 => console baud: 9600
 => autoboot from: commands specified in 'BOOT' environment variable

 do you wish to change the configuration? y/n  [n]:  y   ///选择y,表示要更改当前的配置
 enable  "diagnostic mode"? y/n  [n]:  n
 enable  "use net in IP bcast address"? y/n  [n]:  n
 disable "load ROM after netboot fails"? y/n  [n]:  n
 enable  "use all zero broadcast"? y/n  [n]:  n
 enable  "break/abort has effect"? y/n  [n]:  n
 enable  "ignore system config info"? y/n  [n]:  y

 change console baud rate? y/n  [n]:  n

 change the boot characteristics? y/n  [n]:  n

 Configuration Summary : 
 => load ROM after netboot fails
 => ignore system config info
 => console baud: 9600
 => autoboot from: commands specified in 'BOOT' environment variable

 do you wish to save this configuration? y/n  [n]:  y   ///选择y,保存修改
 You must reset or power cycle for new configuration to take effect

Note: You can also use the confreg 0x2142 command at the ROMmon prompt in order to set the configuration register value to bypass the startup configuration stored in NVRAM.
rommon 1 >confreg 0x2142           /// 0x2142 :从FLASH中启动,但不使用NVRAM中的配置文件(用于口令恢复),下一章在 “1.2 Cisco_Configuration_Register”中会详细介绍
You must reset or power cycle for the new configuration to take effect.
Issue the reset command so that the module reboots.
Due to the changes that you made in step 2, the module reboots but ignores the saved configuration.
rommon 2 > reset

Resetting .......

rommon 3 >                         ///以上的过程是开机后,忘了密码的强制启动并不是用以前的密码的流程。
回复 支持 反对

使用道具 举报

 楼主| 发表于 2015-8-3 10:41:45 | 显示全部楼层
********************************************************** 
 *                                                        * 
 * Welcome to ROM Monitor for WS-X4014 System.            * 
 * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
 * All rights reserved.                                   * 
 *                                                        * 
 **********************************************************
!--- Output suppressed.

Press RETURN to get started! 
!--- Press Return.

00:00:21: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch 
   is undergoing a cold start
Switch>
Make sure that the configuration register value is 0x2142.
This value makes the module boot from Flash without a load of the saved configuration. Issue the enable command at the Switch prompt to go to enable mode. Then, issue the show version command to check the configuration register value.
Switch> enable
Switch#show version
Cisco Internetwork Operating System Software 
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, data-base: 0x00AA2B8C

ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of non-volatile configuration memory.

Configuration register is 0x2142    ///0x2142 :从FLASH中启动,但不使用NVRAM中的配置文件;也就是带有原来开机密码的NVRAM文件

Switch#
Issue the configure memory command or the copy startup-config running-config command to copy the NVRAM into memory.
Do not issue the configure terminal command, which shows the default configuration on the module.
Switch#configure memory    将以前的配置重新加载

Uncompressed configuration from 1307 bytes to 3014 bytes
Switch#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#
Issue the show ip interface brief command to make sure that the interfaces that were in use earlier show an "up up" status.
If any of the interfaces that were in use before the password recovery show "down", issue the no shutdown command on that interface to bring the interface up.
Issue the write terminal command or the show running-config command to display the saved configuration on the module.
c-4006-SUPIII#show running-config 
Building configuration...

Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!--- Output suppressed.

line con 0
 stopbits 1
line vty 0 4
 login
!
end

c-4006-SUPIII#
Now you are ready to change the password on the module.
Issue these commands to change the password:
c-4006-SUPIII#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret       ///在这里关闭使能密码,使原来的配置里的密码彻底失效。 
!--- This step is necessary if the switch had an enable 
!--- secret password.


c-4006-SUPIII(config)#enable secret < password > 
[Choose a strong password with at least one capital letter,
 one number, and one special character.]
!--- This command sets the new password.


Make sure that you change the configuration register value back to 0x2102.
Complete these steps at the config prompt to change and verify the configuration register value.
c-4006-SUPIII(config)#config-register 0x2102    ///将交换机的启动模式,再改为默认状态,也就是启动需要从NVRAM里去读取之前最后一次保存的配置

c-4006-SUPIII(config)# ^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write memory 
!--- This step saves the configuration.

Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version 
!--- This step verifies the value change.

Cisco Internetwork Operating System Software 
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C

ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reload
Running default software

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.

Configuration register is 0x2142 (will be 0x2102 at next reload)

c-4006-SUPIII#
At this point, you have changed the password.
回复 支持 反对

使用道具 举报

 楼主| 发表于 2015-8-3 11:21:49 | 显示全部楼层
回复 支持 反对

使用道具 举报

 楼主| 发表于 2015-8-3 11:22:15 | 显示全部楼层

个人比较喜欢的一套分级权限的完整配置:

privilege exec level 7 clear counters

privilege exec level 7 reload

username xxx privilege 7 secret xxxx

username xxx privilege 15 secret xxx (管理员登录)

line console 0

login local

line vty 0 4

login local

对于,show run 来说,

如果Level 7 的用户被授权能够show run

回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛 ( 渝ICP备12004239号-4 )

GMT+8, 2021-3-5 09:41 , Processed in 0.118282 second(s), 21 queries .

重庆思庄学习中心论坛-重庆思庄科技有限公司论坛

© 2001-2020

快速回复 返回顶部 返回列表