cisco 恢复 enable 密码

cisco 4507 enable 密码恢复

公司项目上的一个问题,一台cisco 4507的交换机,被其它维护单位更改了enable密码,后面问到是否有更改密码,对方坚持说没有改过。着急配置,没办法只能着手恢复enable密码。操作记录备忘。

Tips:恢复enable密码的操作不会丢失配置信息。建议通过tftp备份配置后操作。

1、重启设备加电

重启后进入引导界面,5秒内按住Ctrl-C键,防止自动引导,进入ROM监视提示模式。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
!--- Here, you power cycle the switch.

********************************************************** 
 *                                                        * 
 * Welcome to ROM Monitor for WS-X4014 System.            * 
 * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
 * All rights reserved.                                   * 
 *                                                        * 
 **********************************************************
 
 ROM Monitor Program Version 12.1(10r)EY(1.21) 

 Board type 1, Board revision 7
 Swamp FPGA revision 16, Dagobah FPGA revision 43 
 
 Timer interrupt test passed.

 MAC Address  : 00-02-b9-83-af-fe 
 IP Address   : 172.16.84.122 
 Netmask      : 255.255.255.0 
 Gateway      : 172.16.84.1 
 TftpServer   : Not set. 
 Main Memory  : 256 MBytes


 ***** The system will autoboot in 5 seconds *****


 Type control-C to prevent autobooting. 

!--- At this point, press Ctrl-C.

Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]  

!--- The module ended in the ROMmon.

rommon 1 > [interrupt]

2、在common模式下使用confreg配置

使重新启动从新的寄存器中加载配置。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
rommon 1 > set
rommon 1 > confreg

 Configuration Summary : 
 => load ROM after netboot fails
 => console baud: 9600
 => autoboot from: commands specified in 'BOOT' environment variable

 do you wish to change the configuration? y/n  [n]:  **y**
 enable  "diagnostic mode"? y/n  [n]:  **n**
 enable  "use net in IP bcast address"? y/n  [n]:  **n**
 disable "load ROM after netboot fails"? y/n  [n]:  **n**
 enable  "use all zero broadcast"? y/n  [n]:  **n**
 enable  "break/abort has effect"? y/n  [n]:  **n**
 enable  "ignore system config info"? y/n  [n]:  **y**

 change console baud rate? y/n  [n]:  **n**

 change the boot characteristics? y/n  [n]:  **n**

 Configuration Summary : 
 => load ROM after netboot fails
 => ignore system config info
 => console baud: 9600
 => autoboot from: commands specified in 'BOOT' environment variable

 do you wish to save this configuration? y/n  [n]:  y
 You must reset or power cycle for new configuration to take effect
Note: You can also use the confreg 0x2142 command at the ROMmon prompt in order to set the configuration register value to bypass the startup configuration stored in NVRAM.

rommon 1 >confreg 0x2142  #记住这里寄存器的位置
You must reset or power cycle for the new configuration to take effect.

3、重启设备

使用reset命令重新引导模块,因为第二步中配置忽略系统配置信息,这里将不会引导已保存的配置信息。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

rommon 2 > reset

Resetting .......

rommon 3 >

 ********************************************************** 
 *                                                        * 
 * Welcome to ROM Monitor for WS-X4014 System.            * 
 * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
 * All rights reserved.                                   * 
 *                                                        * 
 **********************************************************

!--- Output suppressed.

Press RETURN to get started! 

!--- Press Return.

00:00:21: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch 
   is undergoing a cold start
Switch>

4、加载

此值使设备从Flash启动,而无需加载已保存的配置。在Switch提示符下发出enable命令进入启用模式。然后,使用show version命令以检查配置寄存器值。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Switch> enable
Switch#show version
Cisco Internetwork Operating System Software 
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, data-base: 0x00AA2B8C

ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of non-volatile configuration memory.

Configuration register is 0x2142  #查看加载的寄存器地址

Switch#

5、将配置恢复到内存中

使用configure memory命令或copy startup-config running-config命令将NVRAM复制到内存中。
请勿使用configure terminal命令,该命令显示模块的默认配置。

1
2
3
4
5
6
Switch#configure memory

Uncompressed configuration from 1307 bytes to 3014 bytes
Switch#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#

6、检查接口状态

使用show ip interface brief命令以确保之前使用的接口显示“ up up ”状态。
如果在密码恢复之前使用的任何接口显示“ down ”,请在该接口上发出no shutdown命令以启动接口。

7、检查配置文件

使用write terminal命令和show running-config命令检查配置。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
c-4006-SUPIII#show running-config 
Building configuration...

Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent

!--- Output suppressed.

line con 0
 stopbits 1
line vty 0 4
 login
!
end

c-4006-SUPIII#

现在可以更改密码了。

更改密码

1
2
3
4
5
6
7
8
9
10
11
12
c-4006-SUPIII#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret  #删除旧密码

!--- This step is necessary if the switch had an enable !--- secret password.


c-4006-SUPIII(config)#enable secret < password >  设置新密码
[Choose a strong password with at least one capital letter,
 one number, and one special character.]

!--- This command sets the new password.

确保将配置寄存器的值改回0x2102

在config模式下更改寄存器的值,并查看下一次启动引导寄存器位置是否正确。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)# ^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write memory 

!--- This step saves the configuration.

Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version 

!--- This step verifies the value change.

Cisco Internetwork Operating System Software 
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C

ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reload
Running default software

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.

Configuration register is 0x2142 (will be 0x2102 at next reload)

c-4006-SUPIII#

到这一步,已经完成enable密码更改了。

参考链接链接

network
#cisco
cisco 恢复 enable 密码
https://ywmy.xyz/2021/02/01/cisco-恢复-enable-密码/
作者
ian
发布于
2021年2月1日
许可协议