各系列CATALYST交换机密码恢复大全
说起密码恢复,那个气啊,不会又不行,会了也不起作用,因为这东西,就像恢复或升级IOS一样,很烦人.我这人不怕困难就怕麻烦!^^ 好了废话不多说,let's do it! 本文出自 51CTO.COM技术博客作者:红头发(aka CCIE#15101/JNCIP Candidate) 出处:http://www.91lab.com 一.基于CatOS的CATALYST 1200,1400,2901,2902,2926T/F,2926GS/L,2948G,2980G,4000,5000,5500,6000与6500密码恢复: 标题可真够长的-__-b,第一步都会,见下图,伟大的超级终端,你绝对不是一个人!-__-b 
关掉交换机电源,等待片刻再打开(这一动作让我想起小时候在家里偷偷玩任天堂游戏机的经典动作:关机拔卡扯电源-__-3).当出现密码提示符后,接下来要做的事情,就是在30秒内完成一些步骤(KAO!拍大片啊). 1.回车(相当于输入空密码). 2.进入enable mode(enable命令别说你不会). 3.回车,继续玩空密码. 4.修改密码(set password和set enablepass命令). 5.回车,相当于输入旧密码(如果在这时候收到提示信息说"sorry password incorrect",抱歉,你动作太慢了,超过30秒了,把上述步骤重新做1次,动作快点). 6.设置更为安全的密码(set password和set enablepass命令).完工. 示例: System Bootstrap, Version 5.3(1) Copyright (c) 1994-1999 by Cisco Systems, Inc. c6k_sup1 processor with 65536 Kbytes of main memory Autoboot executing command: "boot bootflash:cat6000-sup.6-3-3.bin" Uncompressing file: ########################################################### ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ############################## System Power On Diagnostics DRAM Size ....................64 MB Testing DRAM..................Passed NVRAM Size ...................512 KB Level2 Cache .................Present System Power On Diagnostics Complete Boot image: bootflash:cat6000-sup.6-3-3.bin Running System Diagnostics from this Supervisor (Module 1) This may take up to 2 minutes....please wait Cisco Systems Console 2002 Apr 08 16:08:13 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for Module 1 Enter password: /------你只有30秒------/ (回车) 2007 Mar 08 11:08:15 %SYS-1-SYS_ENABLEPS: Power supply 1 enabled 2007 Mar 08 11:08:15 %SYS-1-SYS_ENABLEPS: Power supply 2 enabled 2007 Mar 08 11:08:18 %SYS-5-MOD_PWRON:Module 3 powered up 2007 Mar 08 11:08:18 %SYS-5-MOD_PWRON:Module 4 powered up 2007 Mar 08 11:08:25 %MLS-5-NDEDISABLED:Netflow Data Export disabled 2007 Mar 08 11:08:26 %MLS-5-MCAST_STATUS:IP Multicast Multilayer Switching is enabled 2007 Mar 08 11:08:26 %SYS-5-MOD_OK:Module 1 is online Console> enable Enter password: 2007 Mar 08 11:08:37 %SYS-5-MOD_OK:Module 3 is online 2007 Mar 08 11:08:37 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for Module 3 Console> (enable) set password Enter old password: (回车) Enter new password: (回车) Retype new password: (回车) Password changed. Console> (enable) set enablepass Enter old password: (回车) Enter new password: (回车) Retype new password: (回车) Password changed. 其他些老古董比如CATALYST 1200和这个有点不太一样,不写了,实在需要的话查documentation吧. 二.基于CISCO IOS软件版本12.2(17)SX之前的,搭载Supervisor Engine 720的CATALYST 6500密码恢复: 标题同样很长-__-3.本section只适用于基于CISCO IOS软件版本12.2(17)SX或其之前版本的.(关于这1部分的恢复过程,也可以参见CISCO Bug ID CSCec36997这1部分的讲解). 通常当交换机加电后,交换机处理器(SP)启动,大约25-60秒后,控制权转交给路由处理器(RP,MSFC),RP继续加载软件镜象.接下来要做的,老规矩,CTRL+BREAK,但是别太快,该过程是应该在RP启动的时候做而不是在SP启动的时候做,否则就进到SP ROMMON模式去了.因此,出现以下信息后,就可以CTRL+BREAK了: 00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor 注意由于之前提到的bug,这次更猛,你只有10秒的时间去CTRL+BREAK(看来是前作大片的续集啊-__-#).接下来修改寄存器值为0x2142让交换机忽略启动配置文件.然后就会重启: rommon 1 > confreg 0x2142 00:00:41: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co. 00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:41: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor *** System received a Software forced crash *** signal= 0x17, code= 0x24, context= 0x4269f6f4 PC = 0x401370d8, Cause = 0x3020, Status Reg = 0x34008002 之后不要进setup模式,进入命令行后,enable命令进到特权模式.然后configure memory或copy startup-config running-config命令伺候,把NVRAM中的东西拷贝到RAM中. 继续,进到全局配置模式后,用enable secret命令修改密码.然后把寄存器值改回0x2102.如果你VTY线路下设置的有密码,这时候可以顺便一起改了: Router(config)#line vty 0 4 Router(config-line)#password NUAIKO Router(config-line)#^Z Router# 最后保存配置:wr吧.收工! 示例: System Bootstrap, Version 7.7(1) Copyright (c) 1994-2003 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 524288 Kbytes of main memory Autoboot executing command: "boot disk0:s72033-ps-mz.122-14.SX1.bin" Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:48 by ccai Image text-base: 0x40020C10, data-base: 0x40B98000 00:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor 00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor /------你只有10秒CTRL+BREAK------/ System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2003 by cisco Systems, Inc. Cat6k-Sup720/RP platform with 524288 Kbytes of main memory Download Start *** Mistral Interrupt on line 4 *** System memory 1 bit ECC correctable error interrupt .. PC = 0x8000841c, SP = 0x80007f00, RA = 0x80008488 Cause Reg = 0x00004400, Status Reg = 0x3041c003 rommon 1 > rommon 1 > confreg 0x2142 You must reset or power cycle for new config to take effect. rommon 2 > /------自动重启了,别怕------/ 00:00:31: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co. 00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:31: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor *** System received a Software forced crash *** signal= 0x17, code= 0x24, context= 0x4269f6f4 PC = 0x401370d8, Cause = 0x3020, Status Reg = 0x34008002 System Bootstrap, Version 7.7(1) Copyright (c) 1994-2003 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 524288 Kbytes of main memory Autoboot executing command: "boot disk0:s72033-ps-mz.122-14.SX1.bin" Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:48 by ccai Image text-base: 0x40020C10, data-base: 0x40B98000 00:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor 00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2003 by cisco Systems, Inc. Cat6k-Sup720/RP platform with 524288 Kbytes of main memory Download Start !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Download Completed! Booting the image. Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai Image text-base: 0x40008C10, data-base: 0x41ACE000 cisco Catalyst 6000 (R7000) processor with 458752K/65536K bytes of memory. Processor board ID SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from power-on X.25 software, Version 3.0.0. Bridging software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 96 FastEthernet/IEEE 802.3 interface(s) 58 Gigabit Ethernet/IEEE 802.3 interface(s) 1917K bytes of non-volatile configuration memory. 8192K bytes of packet buffer memory. 65536K bytes of Flash internal SIMM (Sector size 512K). --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! 00:00:03: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure conso. 00:00:46: curr is 0x10000 00:00:46: RP: Currently running ROMMON from F1 region 00:01:00: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai 00:01:00: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold stat 00:01:00: %SYS-6 Router>-BOOTTIME: Time taken to reboot after reload = 1807 seconds Firmware compiled 19-May-03 10:54 by integ Build [100] 00:00:54: %SPANTREE-SP-5-EXTENDED_SYSID: Extended SysId enabled for type vlan 00:00:54: SP: SP: Currently running ROMMON from F1 region 00:01:00: %SYS-SP-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:48 by ccai 00:01:01: %OIR-SP-6-INSPS: Power supply inserted in slot 1 00:01:01: %C6KPWR-SP-4-PSOK: power supply 1 turned on. 00:01:01: %OIR-SP-6-INSPS: Power supply inserted in slot 2 00:01:01: %C6KPWR-SP-4-PSOK: power supply 2 turned on. 00:01:01: %C6KPWR-SP-4-PSREDUNDANTBOTHSUPPLY: in power-redundancy mode, system . 00:01:05: %FABRIC-SP-5-FABRIC_MODULE_ACTIVE: the switching fabric module in sloe 00:01:06: %DIAG-SP-6-RUN_MINIMUM: Module 5: Running Minimum Diagnostics... Router> Router> 00:01:18: %DIAG-SP-6-DIAG_OK: Module 5: Passed Online Diagnostics 00:01:18: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online 00:01:21: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Diagnostics... Router> Router> Router> 00:01:36: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimum Diagnostics... Router> Router> 00:01:42: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimum Diagnostics... 00:01:44: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics 00:01:45: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online 00:01:54: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics 00:01:54: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online 00:01:57: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics 00:01:57: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online 00:02:06: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics... 00:02:15: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics 00:02:15: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online Router> Router>enable Router#copy startup-config running-config Destination filename [running-config]? (回车) 4864 bytes copied in 2.48 secs (2432 bytes/sec) sup720# sup720#configure terminal Enter configuration commands, one per line. End with CNTL/Z. sup720(config)#enable secret NUAIKO sup720(config)#config-register 0x2102 sup720(config)#line vty 0 4 sup720(config-line)#password 91Lab sup720(config-line)#^Z sup720#copy running-config startup-config Destination filename [startup-config]? (回车) Building configuration... [OK] sup720#reload Proceed with reload? [confirm] (回车) 三.基于CISCO IOS的CATALYST 6000/6500密码恢复: 本section只适用于基于Supervisor Engine 1/2/720的系统,并且对于Supervisor Engine 720,本section针对的是CISCO IOS软件版本12.2(17)SX或其后续版本的,之前版本的恢复参考,请参见上一section. 其密码恢复过程,除了CTRL+BREAK无10秒的限制,以及在修改了寄存器值为0x2142后,要手动重启之外: rommon 1 > confreg 0x2142 You must reset or power cycle for new config to take effect rommon 2 > reset 其他过程和上一section完全一样,就不赘述了.我也收工洗澡睡觉. 作者:红头发(aka CCIE#15101/JNCIP Candidate) 出处:http://www.91lab.com |
xiong2127
博客统计信息
热门文章
最新评论
友情链接