Lab環境:Cisco 2960實機
模擬Switch已有設定資料時,忘記登入帳密應如何重設
註:此方法需要將設備重新開機,請自行斟酌現場設備是否可以重開
[模擬環境建置]
接線進入2960增加設定,當作原有設定資料:
Switch>
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#vlan 100
Switch(config-vlan)#
Switch(config-vlan)#no shutdown
%VLAN 100 is not shutdown.
Switch#
*Mar 1 01:37:20.484: %SYS-5-CONFIG_I: Configured from console by consolehow
設定完畢,以啟用Vlan 100當作舊有設定,設完檢視一下是否設定成功:
Switch(config-vlan)#exit
Switch(config)#
Switch#do show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
100 VLAN0100 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Switch#
接著,設定舊有密碼:
此時先檢視一下設定檔是否存在:
switch: dir flash:
Directory of flash:/
3 -rwx 616 <date> vlan.dat
4 -rwx 1912 <date> private-config.text
5 -rwx 3096 <date> multiple-fs
620 -rwx 9824980 <date> c2960-lanbasek9-mz.122-55.SE10.bin
6 -rwx 1690 <date> config.text
22679040 bytes available (9835008 bytes used)
switch:
設定檔為config.text,修改此項目,使設定暫時不被讀取:
switch:rename flash:config.text flash:config.old
輸入完,再次檢視設定檔,確認修改成功:
switch: dir flash:
Directory of flash:/
3 -rwx 616 <date> vlan.dat
4 -rwx 1912 <date> private-config.text
5 -rwx 3096 <date> multiple-fs
620 -rwx 9824980 <date> c2960-lanbasek9-mz.122-55.SE10.bin
6 -rwx 1690 <date> config.old
22679040 bytes available (9835008 bytes used)
switch:
輸入boot啟動:
switch: boot
Loading "flash:/c2960-lanbasek9-mz.122-55.SE10.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
(中間資訊省略)
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 11-Feb-15 11:46 by prod_rel_team
Press RETURN to get started!
按下Enter後,會出現警告訊息以及自動設定精靈的詢問,輸入NO:
--- System Configuration Dialog ---
Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
此時登入已不需要密碼:
Switch>
Switch>enable
Switch#
將設定檔改回原名,使其可以被辨識:
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]?
Switch#
確認名稱已經改回去:
Switch#
Switch#show flash:
Directory of flash:/
2 -rwx 1048 Mar 1 1993 00:00:59 +00:00 multiple-fs
3 -rwx 616 Mar 1 1993 01:36:12 +00:00 vlan.dat
620 -rwx 9824980 Mar 1 1993 00:03:22 +00:00 c2960-lanbasek9-mz.122-55.SE10.bin
6 -rwx 1690 Mar 1 1993 00:02:05 +00:00 config.text
32514048 bytes total (22683136 bytes free)
Switch#
讀取原有設定檔:
Switch#
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
% Generating 1024 bit RSA keys, keys will be non-exportable...
*Mar 1 00:28:46.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
*Mar 1 00:28:46.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up[OK]
*Mar 1 00:28:48.439: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Mar 1 00:28:49.470: %SSH-5-ENABLED: SSH 1.99 has been enabled
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
1690 bytes copied in 12.071 secs (140 bytes/sec)
Switch#
*Mar 1 00:28:57.180: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate
Switch#
此時便能夠修改密碼:
Switch#
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#enable secret 12345
存檔:
Switch(config)#do copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
0 bytes copied in 0.864 secs (0 bytes/sec)
Switch#
存檔後,再次拔插電源,測試密碼是否已經修改成功。
至此,LAB目標達成。
附上Cisco的密碼還原手冊連結(包含所有cisco設備的密碼還原方法):
http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/6130-index.html
註:此方法需要將設備重新開機,請自行斟酌現場設備是否可以重開
[模擬環境建置]
接線進入2960增加設定,當作原有設定資料:
Switch>
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#vlan 100
Switch(config-vlan)#
Switch(config-vlan)#no shutdown
%VLAN 100 is not shutdown.
Switch#
*Mar 1 01:37:20.484: %SYS-5-CONFIG_I: Configured from console by consolehow
設定完畢,以啟用Vlan 100當作舊有設定,設完檢視一下是否設定成功:
Switch(config-vlan)#exit
Switch(config)#
Switch#do show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
100 VLAN0100 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Switch#
接著,設定舊有密碼:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#enable secret abcde
存檔
Switch(config)#
Switch(config)#do copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#
Switch(config)#
Switch(config)#do copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Switch#
至此,LAB環境準備完畢
[密碼重置操作]
[密碼重置操作]
LAB目標:在確保原有設定的情況下,更改密碼
LAB環境至此建置完畢
此處需要將機器重開機,所以,拔掉電源線,按住面板按鈕後,插回電源線
順利的話,會見到如下畫面:
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: 00:1b:0c:6d:78:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
boot
switch:
輸入flash_init:
switch:
switch: flash_init
Initializing Flash...
flashfs[0]: 5 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 9835008
flashfs[0]: Bytes available: 22679040
flashfs[0]: flashfs fsck took 9 seconds.
...done Initializing Flash.
switch:
此處需要將機器重開機,所以,拔掉電源線,按住面板按鈕後,插回電源線
順利的話,會見到如下畫面:
Boot Sector Filesystem (bs) installed, fsid: 2
Base ethernet MAC Address: 00:1b:0c:6d:78:80
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
boot
switch:
switch:
switch: flash_init
Initializing Flash...
flashfs[0]: 5 files, 1 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 9835008
flashfs[0]: Bytes available: 22679040
flashfs[0]: flashfs fsck took 9 seconds.
...done Initializing Flash.
switch:
此時先檢視一下設定檔是否存在:
switch: dir flash:
Directory of flash:/
3 -rwx 616 <date> vlan.dat
4 -rwx 1912 <date> private-config.text
5 -rwx 3096 <date> multiple-fs
620 -rwx 9824980 <date> c2960-lanbasek9-mz.122-55.SE10.bin
6 -rwx 1690 <date> config.text
22679040 bytes available (9835008 bytes used)
switch:
設定檔為config.text,修改此項目,使設定暫時不被讀取:
switch:rename flash:config.text flash:config.old
輸入完,再次檢視設定檔,確認修改成功:
switch: dir flash:
Directory of flash:/
3 -rwx 616 <date> vlan.dat
4 -rwx 1912 <date> private-config.text
5 -rwx 3096 <date> multiple-fs
620 -rwx 9824980 <date> c2960-lanbasek9-mz.122-55.SE10.bin
6 -rwx 1690 <date> config.old
22679040 bytes available (9835008 bytes used)
switch:
輸入boot啟動:
switch: boot
Loading "flash:/c2960-lanbasek9-mz.122-55.SE10.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
(中間資訊省略)
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 11-Feb-15 11:46 by prod_rel_team
Press RETURN to get started!
按下Enter後,會出現警告訊息以及自動設定精靈的詢問,輸入NO:
--- System Configuration Dialog ---
Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
此時登入已不需要密碼:
Switch>
Switch>enable
Switch#
將設定檔改回原名,使其可以被辨識:
Switch#rename flash:config.old flash:config.text
Destination filename [config.text]?
Switch#
確認名稱已經改回去:
Switch#
Switch#show flash:
Directory of flash:/
2 -rwx 1048 Mar 1 1993 00:00:59 +00:00 multiple-fs
3 -rwx 616 Mar 1 1993 01:36:12 +00:00 vlan.dat
620 -rwx 9824980 Mar 1 1993 00:03:22 +00:00 c2960-lanbasek9-mz.122-55.SE10.bin
6 -rwx 1690 Mar 1 1993 00:02:05 +00:00 config.text
32514048 bytes total (22683136 bytes free)
Switch#
讀取原有設定檔:
Switch#
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
% Generating 1024 bit RSA keys, keys will be non-exportable...
*Mar 1 00:28:46.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
*Mar 1 00:28:46.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up[OK]
*Mar 1 00:28:48.439: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Mar 1 00:28:49.470: %SSH-5-ENABLED: SSH 1.99 has been enabled
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
1690 bytes copied in 12.071 secs (140 bytes/sec)
Switch#
*Mar 1 00:28:57.180: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate
Switch#
此時便能夠修改密碼:
Switch#
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#enable secret 12345
存檔:
Switch(config)#do copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
0 bytes copied in 0.864 secs (0 bytes/sec)
Switch#
存檔後,再次拔插電源,測試密碼是否已經修改成功。
至此,LAB目標達成。
附上Cisco的密碼還原手冊連結(包含所有cisco設備的密碼還原方法):
http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/6130-index.html
沒有留言:
張貼留言