Ripristino delle password sugli switch Catalyst 4500/4900 con Supervisor Engine

Introduzione

In questo documento viene descritto come recuperare una password persa su uno switch Catalyst 4500/4900 con Supervisor Engine e software Cisco IOS®.

Prerequisiti

Requisiti

Nessun requisito specifico previsto per questo documento.

Componenti usati 

Il documento può essere consultato per tutte le versioni software o hardware.

Le informazioni discusse in questo documento fanno riferimento a dispositivi usati in uno specifico ambiente di emulazione. Su tutti i dispositivi menzionati nel documento la configurazione è stata ripristinata ai valori predefiniti. Se la rete è operativa, valutare attentamente eventuali conseguenze derivanti dall'uso dei comandi.

Convenzioni

Per ulteriori informazioni sulle convenzioni usate, consultare il documento Cisco sulle convenzioni nei suggerimenti tecnici.

Premesse

Nota: negli switch Catalyst serie 4500/4000, i Supervisor Engine II+, II+10GE, II+TS, III, IV, V e V-10GE supportano solo il software Cisco IOS.

Questo documento descrive come recuperare una password persa o sconosciuta su uno switch Catalyst 4500/4000 con Supervisor Engine II-Plus (WS-X4013+), Supervisor Engine II-Plus-TS (WS-X4013+TS), Supervisor Engine II-Plus-10GE (WS-X4013+10GE), Supervisor Engine III (WS-X4014), Supervisor Engine IV (WS-X4515), Supervisor Engine WS-X4516), Supervisor Engine V-10GE (WS-X4516-10GE), Cisco Catalyst 4948, Cisco Catalyst 4948-10GE e switch Cisco Catalyst 4900M.

Processo di configurazione

Per recuperare la password sullo switch Catalyst 4500/4900:

Nota: accertarsi di disporre di accesso fisico allo switch e di utilizzare l'accesso da console al modulo Supervisor Engine durante l'esecuzione di queste operazioni. Per ulteriori informazioni sul collegamento della console dello switch, consultare il documento sulla connessione di un modem alla porta console sugli switch Catalyst.

Suggerimento: la configurazione dello switch non viene persa se si segue la procedura descritta. Come buona norma, Cisco consiglia di avere una copia di backup della configurazione di tutti i dispositivi Cisco sul server TFTP o su un server di gestione della rete.

1. Spegnere e riaccendere il dispositivo.

   Per spegnere e riaccendere il dispositivo, spegnerlo e riaccenderlo.

   Premere Ctrl-C entro 5 secondi per impedire l'avvio automatico. Questa azione attiva la modalità del prompt ROM monitor (ROMmon).

    !--- Here, you power cycle the switch. 
   ********************************************************** 
   *                                                        * 
   * Welcome to ROM Monitor for WS-X4014 System.            * 
   * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
   * All rights reserved.                                   * 
   *                                                        * 
   **********************************************************
    
    ROM Monitor Program Version 12.1(10r)EY(1.21) 
   
    Board type 1, Board revision 7
    Swamp FPGA revision 16, Dagobah FPGA revision 43 
    
    Timer interrupt test passed.
   
    MAC Address  : 00-02-b9-83-af-fe 
    IP Address   : 172.16.84.122 
    Netmask      : 255.255.255.0 
    Gateway      : 172.16.84.1 
    TftpServer   : Not set. 
    Main Memory  : 256 MBytes
   
   
    ***** The system will autoboot in 5 seconds *****  Type control-C to prevent autobooting. 
   
   !--- At this point, press Ctrl-C.  
   
   Autoboot cancelled......... please wait!!! 
   Autoboot cancelled......... please wait!!! 
   rommon 1 > [interrupt] 
   
   !--- The module ended in the ROMmon.  
   
   rommon 1 > [interrupt]

2. Utilizzare il comando confreg comando nella rommon .

   Selezionare le opzioni da visualizzare in grassetto per il recupero della password:

   rommon 1 > set
   

   rommon 1 > confreg
   
    Configuration Summary : 
    => load ROM after netboot fails
    => console baud: 9600
    => autoboot from: commands specified in 'BOOT' environment variable
   
    do you wish to change the configuration? y/n  [n]:  y
    enable  "diagnostic mode"? y/n  [n]:  n
    enable  "use net in IP bcast address"? y/n  [n]:  n
    disable "load ROM after netboot fails"? y/n  [n]:  n
    enable  "use all zero broadcast"? y/n  [n]:  n
    enable  "break/abort has effect"? y/n  [n]:  n
    enable  "ignore system config info"? y/n  [n]:  y
   
    change console baud rate? y/n  [n]:  n
   
    change the boot characteristics? y/n  [n]:  n
   
    Configuration Summary : 
    => load ROM after netboot fails
    => ignore system config info
    => console baud: 9600
    => autoboot from: commands specified in 'BOOT' environment variable
   
    do you wish to save this configuration? y/n  [n]:   y 
    You must reset or power cycle for new configuration to take effect
   

   Nota: è anche possibile utilizzare il  confreg 0x2142   al prompt ROMmon per impostare il valore del registro di configurazione in modo da ignorare la configurazione di avvio archiviata nella NVRAM.

   rommon 1 > confreg 0x2142
   You must reset or power cycle for the new configuration to take effect.

3. Utilizzare il comando reset in modo che il modulo venga riavviato.

   In seguito alle modifiche apportate al passaggio 2, il modulo viene riavviato ma la configurazione salvata viene ignorata.

   rommon 2 > reset
   
   Resetting ....... 
   
   rommon 3 > 
   
   ********************************************************** 
   *                                                        * 
   * Welcome to ROM Monitor for WS-X4014 System.            * 
   * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
   * All rights reserved.                                   * 
   *                                                        * 
   **********************************************************
   
   !--- Output suppressed.  
   
   Press RETURN to get started! 
   
   !--- Press Return.  
   
   00:00:21: %SYS-5-RESTART: System restarted --
   Cisco Internetwork Operating System Software 
   IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
      Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
   TAC Support: http://www.cisco.com/tac
   Copyright (c) 1986-2002 by cisco Systems, Inc.
   Compiled Thu 24-Jan-02 17:34 by ccai
   00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch 
      is undergoing a cold start
   Switch>

4. Verificare che il valore del registro di configurazione sia 0x2142.

   Questo valore consente l'avvio del modulo da Flash senza caricare la configurazione salvata. Eseguire il comando enable al prompt dello switch per passare alla modalità di abilitazione. Quindi, eseguire il comando show version per controllare il valore del registro di configurazione.

   Switch>enable
   Switch#show version
   Cisco Internetwork Operating System Software 
   Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
      Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
   TAC Support: https://www.cisco.com/tac
   Copyright (c) 1986-2002 by cisco Systems, Inc.
   Compiled Thu 24-Jan-02 17:34 by ccai
   Image text-base: 0x00000000, data-base: 0x00AA2B8C
   
   ROM: 12.1(10r)EY(1.21)
   Switch uptime is 5 minutes
   System returned to ROM by reload
   Running default software 
   
   cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
   Processor board ID FOX04183666 
   Last reset from Reload 
   32 Gigabit Ethernet/IEEE 802.3 interface(s) 
   467K bytes of non-volatile configuration memory. 
   
   Configuration register is 0x2142 
   
   Switch#

5. Utilizzare il comando configure memory o copy startup-config running-config per copiare la NVRAM nella memoria.

   Non emettere il configure terminal , che mostra la configurazione predefinita sul modulo.

   Switch#configure memory
   
   Uncompressed configuration from 1307 bytes to 3014 bytes
   Switch#
   00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
   c-4006-SUPIII#

6. Utilizzare il comando show ip interface brief   per verificare che le interfacce in uso in precedenza mostrino lo stato up/up.

   Se una delle interfacce in uso prima del recupero della password non è disponibile, usare il comando no shutdown su quell'interfaccia per riattivare l'interfaccia.

7. Eseguire il comando write terminal o il comando show running-config per visualizzare la configurazione salvata sul modulo.

   c-4006-SUPIII# show running-config   
   Building configuration... 
   
   Current configuration : 3014 bytes 
   ! 
   version 12.1 
   no service pad 
   service timestamps debug uptime 
   service timestamps log uptime 
   no service password-encryption 
   service compress-config 
   ! 
   hostname c-4006-SUPIII 
   ! 
   boot system flash bootflash: 
   ! 
   vtp mode transparent 
   
   !--- Output suppressed.  
   
   line con 0
    stopbits 1
   line vty 0 4
    login
   ! 
   end 
   
   c-4006-SUPIII#

   A questo punto è possibile modificare la password del modulo.

8. Utilizzare i seguenti comandi per modificare la password:

   c-4006-SUPIII#configure terminal 
   Enter configuration commands, one per line.  End with CNTL/Z.
   c-4006-SUPIII(config)#no enable secret
   
   !--- This step is necessary if the switch had an enable secret password.
   
   c-4006-SUPIII(config)#enable secret < password > 
   [Choose a strong password with at least one capital letter,
    one number, and one special character.]
   
   !--- This command sets the new password.
   

9. Accertarsi di modificare nuovamente il valore del registro di configurazione a 0x2102.

   Completare la procedura seguente al prompt di configurazione per modificare e verificare il valore del registro di configurazione.

   c-4006-SUPIII(config)#config-register 0x2102
   c-4006-SUPIII(config)# ^Z
   c-4006-SUPIII#
   00:19:01: %SYS-5-CONFIG_I: Configured from console by console
   c-4006-SUPIII#write memory 
   
   !--- This step saves the configuration.
   
    Building  configuration... 
   Compressed configuration from 3061 bytes to 1365 bytes[OK] 
   c-4006-SUPIII#show version 
   
   !--- This step verifies the value change.  
   
   Cisco Internetwork Operating System Software 
   Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
      Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
   TAC Support: https://www.cisco.com/tac 
   Copyright (c) 1986-2002 by cisco Systems, Inc. 
   Compiled Thu 24-Jan-02 17:34 by ccai 
   Image text-base: 0x00000000, database: 0x00AA2B8C 
   
   ROM: 12.1(10r)EY(1.21) 
   c-4006-SUPIII uptime is 20 minutes 
   System returned to ROM by reload 
   Running default software 
   
   cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
   Processor board ID FOX04183666 
   Last reset from Reload 
   32 Gigabit Ethernet/IEEE 802.3 interface(s) 
   467K bytes of nonvolatile configuration memory. 
   
   Configuration register is 0x2142 (will be 0x2102 at next reload) 
   
   c-4006-SUPIII#

   A questo punto, la password è stata modificata.

Esempio di configurazione e output

Questo output di esempio è il risultato della procedura di recupero della password su un Catalyst 4000 Supervisor Engine III.

c-4006-SUPIII> enable
Password: 
Password: 
Password: 
% Bad secrets 

!--- Here, you power cycle the switch. 
********************************************************** 
*                                                        * 
* Welcome to ROM Monitor for WS-X4014 System.            * 
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
* All rights reserved.                                   * 
*                                                        * 
**********************************************************
 
 ROM Monitor Program Version 12.1(10r)EY(1.21) 

 Board type 1, Board revision 7
 Swamp FPGA revision 16, Dagobah FPGA revision 43 
 
 Timer interrupt test passed.

 MAC Address  : 00-02-b9-83-af-fe 
 IP Address   : 172.16.84.122 
 Netmask      : 255.255.255.0 
 Gateway      : 172.16.84.1 
 TftpServer   : Not set. 
 Main Memory  : 256 Mbytes


 ***** The system  will  autoboot in 5 seconds ***** 

Type control-C to prevent autobooting. 

!--- At this point, press Ctrl-C.  

Autoboot cancelled......... please wait!!! 
Autoboot cancelled......... please wait!!! 
rommon 1 > [interrupt] 

rommon 1 > [interrupt] 

rommon 1 > confreg 

Configuration Summary : 
=> load ROM after netboot fails 
=> console baud: 9600 
=> autoboot from: commands specified in 'BOOT' environment variable 

do you wish to change the configuration? y/n [n]: y 
enable "diagnostic mode"? y/n [n]: n 
enable "use net in IP bcast address"? y/n [n]: n 
disable "load ROM after netboot fails"? y/n [n]: n 
enable "use all zero broadcast"? y/n [n]: n 
enable "break/abort has effect"? y/n [n]: n 
enable "ignore system config info"? y/n [n]: y 

change console baud rate? y/n [n]: n 

change the boot characteristics? y/n [n]: n 

Configuration Summary : 
=> load ROM after netboot fails 
=> ignore system config info 
=> console baud: 9600 
=> autoboot from: commands specified in 'BOOT' environment variable 

do you wish to save this configuration? y/n [n]: y 
You must reset or power cycle for new configuration to take effect 

rommon 2 > reset 

Resetting ....... 

rommon 3 > 

********************************************************** 
*                                                        * 
* Welcome to ROM Monitor for WS-X4014 System.            * 
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
* All rights reserved.                                   * 
*                                                        * 
**********************************************************

ROM Monitor Program Version 12.1(10r)EY(1.21) 
Board type 1, Board revision 7 
Swamp FPGA revision 16, 
Dagobah FPGA revision 43 

Timer interrupt test passed. 

MAC Address : 00-02-b9-83-af-fe 
IP Address : 172.16.84.122 
Netmask : 255.255.255.0 
Gateway : 172.16.84.1 
TftpServer : Not set.
Main Memory : 256 Mbytes 

***** The system will autoboot in 5 seconds ***** 

Type control-C to prevent autobooting. 
. . . . . 

******** The system will autoboot now ******** 


config-register = 0x2142  
Autobooting using BOOT variable specified file..... 

Current BOOT file is --- bootflash: 

Rommon reg: 0x2B004180 
Decompressing the image : ########################### 
##################################################### 
####################################### [OK] 

k2diags version 1.6 

prod: WS-X4014 part: 73-6854-07 serial: JAB0546060Z 

Power-on-self-test for Module 1: WS-X4014 
Status: (. = Pass, F = Fail) 

Traffic using serdes loopback (L2; one port at a time)... 
switch port 0: . switch port 1: . switch port 2: . 
switch port 3: . switch port 4: . switch port 5: . 
switch port 6: . switch port 7: . switch port 8: . 

!--- Output suppressed.  

Module 1 Passed 


Exiting to ios... 

Rommon reg: 0x2B000180 
Decompressing the image : ########################## 

!--- Output suppressed.  

######################################################### [OK] 

              Restricted Rights Legend  

Use, duplication, or disclosure by the Government is 
subject to restrictions as set forth in subparagraph 
(c) of the Commercial Computer Software - Restricted 
Rights clause at FAR sec. 52.227-19 and subparagraph 
(c) (1) (ii) of the Rights in Technical Data and Computer 
Software clause at DFARS sec. 252.227-7013. 

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco Internetwork Operating System Software 
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C


cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
Processor board ID FOX04183666 
Last reset from Reload 
32 Gigabit Ethernet/IEEE 802.3 interface(s) 
467K bytes of nonvolatile configuration memory. 


Press RETURN to get started! 

00:00:21: %SYS-5-RESTART: System restarted -- 
Cisco Internetwork Operating System Software
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 
Compiled Thu 24-Jan-02 17:34 by ccai 
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start 

Switch>enable 
Switch#show version 
Cisco Internetwork Operating System Software 
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) 
TAC Support: https://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 
Compiled Thu 24-Jan-02 17:34 by ccai 
Image text-base: 0x00000000, database: 0x00AA2B8C 

ROM: 12.1(10r)EY(1.21) 
Switch uptime is 5 minutes 
System returned to ROM by reload 
Running default software 

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
Processor board ID FOX04183666 
Last reset from Reload 
32 Gigabit Ethernet/IEEE 802.3 interface(s) 
467K bytes of nonvolatile configuration memory. 

Configuration register is 0x2142 

Switch# 

Switch#configure memory 

Uncompressed configuration from 1307 bytes to 3014 bytes 
c-4006-SUPIII# 
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console 
c-4006-SUPIII#show running-config  
Building configuration... 

Current configuration : 3014 bytes 
! 
version 12.1 
no service pad 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
service compress-config 
! 
hostname c-4006-SUPIII 
! 
boot system flash bootflash: 
! 
vtp mode transparent 
!
vlan 20
  private-vlan primary
!
vlan 100
!
vlan 202
  private-vlan association 440
!         
vlan 440
  private-vlan isolated
!
vlan 500
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
!
!
interface GigabitEthernet1/1
 no switchport
 ip address 10.1.1.1 255.255.255.0
 ip pim dense-mode
!
interface GigabitEthernet1/2
 no switchport
 ip address 10.2.2.2 255.255.255.0
! 

!--- Output suppressed.  

! 
interface Vlan1
 ip address 172.16.84.140 255.255.255.0
 ip pim dense-mode
!
interface Vlan2
 no ip address
 shutdown
!
interface Vlan20
 no ip address
 shutdown
! 

!--- Output suppressed.  

! 
line con 0
 stopbits 1
line vty 0 4
 login
! 
end 

c-4006-SUPIII#configure terminal  
Enter configuration commands, one per line. End with CNTL/Z. 
c-4006-SUPIII(config)#no enable secret

!--- This step is necessary if the switch had an enable secret password. 

c-4006-SUPIII(config)#enable secret < password >
[Choose a strong password with at least one capital letter, 
one number, and one special character.] 
c-4006-SUPIII(config)#config-register 0x2102 
c-4006-SUPIII(config)#^Z 
c-4006-SUPIII#write memory 
Building configuration... 
Compressed configuration from 3061 bytes to 1365 bytes[OK] 
c-4006-SUPIII#show version 
Cisco Internetwork Operating System Software 
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 
Compiled Thu 24-Jan-02 17:34 by ccai 
Image text-base: 0x00000000, database: 0x00AA2B8C 

ROM: 12.1(10r)EY(1.21) 
c-4006-SUPIII uptime is 20 minutes 
System returned to ROM by reload 
Running default software 

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
Processor board ID FOX04183666 
Last reset from Reload 
32 Gigabit Ethernet/IEEE 802.3 interface(s) 
467K bytes of nonvolatile configuration memory. 

Configuration register is 0x2142 (will be 0x2102 at next reload) 

c-4006-SUPIII#

Informazioni correlate

• Combinazione di sequenze di Break Key standard durante il recupero della password
• Switch LAN - Supporto dei prodotti
• Supporto tecnico Cisco e download