Dit document beschrijft hoe u een wachtwoord op een Catalyst 6500 Series switch kunt herstellen met een supervisor 720 die Cisco IOS® System-software met een versie vóór 12.2(17)SX draait.
De reden dat de procedure anders is voor Cisco IOS-softwarereleases vóór 12.2(17)SX is Cisco bug ID CSCec36997 (alleen geregistreerde klanten) (Wachtwoordherstel op SUP720-native leidt tot een crash op de switchprocessor (SP)). Wanneer uw schakelaar aan dit bug is onderworpen, hebt u ongeveer 10 seconden na het breken in RP ROMMON om het configuratieregister in 0x2142 te veranderen. Na deze 10 seconden, herlaadt de schakelaar met een Software Gedwongen herlading. Als u echter het configuratieregister vóór de crash in deze waarde wijzigt, wordt het na de herlading van kracht en kunt u met de rest van de procedure doorgaan.
Er zijn geen specifieke vereisten van toepassing op dit document.
Dit document is van toepassing op de op Supervisor 720 gebaseerde systemen die Cisco IOS-softwarereleases vóór 12.2(17)SX uitvoeren. Als uw supervisor 720 Cisco IOS-softwarerelease 12.2(17)SX of hoger uitvoert, raadpleegt u de Wachtwoordherstelprocedure voor Catalyst 6000/6500 Series-switches die Cisco IOS-systeemsoftwaredocument uitvoeren.
De laarsvolgorde is verschillend op Catalyst 6500/6000 die Cisco IOS in werking stelt dan op Cisco 7200 Series router omdat de hardware verschillend is. Nadat u het netsnoer op het bedieningspaneel hebt aangesloten, start de SP-start op. Na ongeveer 25-60 seconden, draagt het console eigendom over aan de routeprocessor (RP (MSFC). De RP blijft het gebundelde softwarebeeld laden. Het is van cruciaal belang dat u Ctrl-Break drukt net nadat SP de controle van de console aan de RP geeft. Als je de breuksequentie te vroeg stuurt, eindig je in de ROMMON van de SP, wat niet is waar je zou moeten zijn. Verzend de break sequentie nadat u dit bericht op de console ziet:
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor
Na dit punt, is de wachtwoordterugwinning hetzelfde als een normale router.
Opmerking: Vanaf dit punt naar voren wordt Catalyst 6500 Series switch die Cisco IOS-software draait, als router aangeduid.
Raadpleeg Cisco Technical Tips Conventions (Conventies voor technische tips van Cisco) voor meer informatie over documentconventies.
De switch is ingesteld op een router omdat het Cisco IOS-besturingssysteem op de switch draait. De procedure voor het herstellen van het wachtwoord volgt de zelfde stappen als Cisco 7200 Series router. De uitzondering is dat je ongeveer 25-60 seconden langer moet wachten voordat je de break sequentie start.
Sluit een terminal of PC met eindemulatie aan op de console poort van de router. Gebruik deze terminalinstellingen:
9600 baud rate No parity 8 data bits 1 stop bit No flow control
De vereiste specificaties voor de console-kabel worden beschreven in het document Cable Specifications. Instructies voor het aansluiten op de poort van de console staan in de installatiegids. De informatie die nuttig is voor het aansluiten op de sectie van de Console Port-Supervisor Engine.
Als u nog steeds toegang tot de router hebt, geeft u de opdracht Versie uit en neemt u de instelling van het configuratieregister op. Deze is meestal 0x2102 of 0x102. Klik hier om de voorbeelduitvoer te zien van een opdracht voor de show versie.
Als u geen toegang tot de router hebt (vanwege een verloren inlogwachtwoord of een TACACS-wachtwoord), is het veilig om aan te nemen dat uw configuratieregister op 0x2102 is ingesteld.
Schakel de machine uit en start de router met behulp van de Aan/Uit-schakelaar.
Druk op Break op het eindtoetsenbord onmiddellijk na de RP bevoordeelcontrole van de troostpoort. Op Catalyst 6500 dat Cisco IOS in werking stelt, begint de SP-start. Dan wordt de controle overgeheveld naar de RP. Nadat de RP controle krijgt, open de break sequentie. De RP heeft controle over de console poort gekregen wanneer u dit bericht ziet. (Start de break sequentie niet totdat u dit bericht ziet):
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor
Wegens Cisco bug-ID CSCec36997 (alleen geregistreerde klanten) (Wachtwoordherstel op sup720-native leidt tot crash op SP) hebt u ongeveer 10 seconden om Stap 6 te voltooien voordat de switch crasht.
Indien de break sequentie niet werkt, raadpleeg dan de Standard Break Key Sequence Combinaties Tijdens Wachtwoordherstel voor andere belangrijke combinaties.
Type confreg 0x2142 op de punt Rommon 1>om vanaf Flash te starten zonder de configuratie te laden.
De switch crasht met een softwaregedwongen crashen:
rommon 1 > 00:00:41: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co. 00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:41: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor *** System received a Software forced crash *** signal= 0x17, code= 0x24, context= 0x4269f6f4 PC = 0x401370d8, Cause = 0x3020, Status Reg = 0x34008002
De router herstart. Hoe dan ook, deze negeert de opgeslagen configuratie vanwege het feit dat het configuratieregister is ingesteld op 0x2142. Als u ziet dat de routerconfiguratie nog steeds aanwezig is (nog steeds vorige hostname), geeft dit aan dat het configuratieregister niet op tijd vóór de crash was gewijzigd in 0x2142. Als dit zich voordoet, start het programma opnieuw (Stap 4). Als het configuratieregister correct is gewijzigd in 0x2142, krijgt u de aanvankelijke configuratievragen na het opnieuw laden.
Typ na elke setup-vraag het nummer of druk op Ctrl-C om de eerste installatieprocedure te overslaan.
Type schakelt u in de prompt in. U activeert de activeringsmodus. De Router# prompt wordt weergegeven.
Het is belangrijk om het aanpasgeheugen uit te geven of kopieer start bevelen uit te voeren om het niet-vluchtige RAM (NVRAM) in het geheugen te kopiëren. Geef de configuratie terminal geen opdracht uit.
Geef de schrijfterminal uit of toon de opdracht. Deze opdrachten tonen de configuratie van de router. In deze configuratie zie je de shutdown opdracht onder alle interfaces. Dit betekent dat alle interfaces momenteel zijn afgesloten. U ziet de wachtwoorden in een versleutelde of niet-gecodeerde indeling.
Geef de opdracht aanpasterminal uit om de mondiale configuratie modus in te voeren en de wijzigingen aan te brengen. De prompt is nu hostname (configuratie)#.
Geef het volgendewachtwoord op in de mondiale configuratiemodus om het mogelijk wachtwoord te wijzigen.
Geef de configuratie-register 0x2102 opdracht uit, of de waarde die u in Stap 2 hebt geregistreerd in de mondiale configuratie modus (Router (configuratie)#) om de configuratiewaarde weer in te stellen op de oorspronkelijke waarde.
Wijzig eventuele virtuele terminalwachtwoorden indien aanwezig:
Router(config)#line vty 0 4 Router(config-line)#password cisco Router(config-line)#^Z Router#
Geef de opdracht no shutdown uit op elke interface die normaal in gebruik is. Geef een tonen ip interface korte opdracht uit om een lijst van interfaces en hun huidige status te zien. U moet in de modus (Router#) zijn om de opdracht van de korte interface tonen uit te voeren. Hier is een voorbeeld voor één interface:
Router#show ip interface brief Interface IP-Address OK? Method Status Prol Vlan1 172.17.10.10 YES TFTP administratively down dow Vlan10 10.1.1.1 YES TFTP administratively down dow GigabitEthernet1/1 unassigned YES unset administratively down dow GigabitEthernet1/2 unassigned YES TFTP administratively down dow GigabitEthernet2/1 unassigned YES TFTP administratively down dow GigabitEthernet2/2 unassigned YES TFTP administratively down dow FastEthernet3/1 172.16.84.110 YES TFTP administratively down dow <snip>... Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 3/1 Router(config-if)#no shutdown Router(config-if)#exit Router(config)# <do other interfaces as necessary...>
Druk op Ctrl-Z om de configuratiemodus te verlaten. De prompt is nu hostname#.
Geef de schrijfgeheugen of kopie met de opdrachten die het opstartbeeld uitvoeren uit om de wijzigingen aan te geven.
Het voorbeeld hier toont een eigenlijke wachtwoordherstelprocedure. Dit voorbeeld wordt gemaakt met behulp van een Catalyst 6500 Series switch. Begin met de show versie en laat de module opdrachten zien om de componenten te zien die in dit voorbeeld gebruikt worden.
Press RETURN to get started. sup720>enable Password: sup720# sup720#show version Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai Image text-base: 0x40008C10, data-base: 0x41ACE000 ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) BOOTLDR: s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) sup720 uptime is 18 minutes Time since sup720 switched to active is 17 minutes System returned to ROM by power-on (SP by reload) System image file is "disk0:s72033-ps-mz.122-14.SX1.bin" cisco Catalyst 6000 (R7000) processor with 458752K/65536K bytes of memory. Processor board ID SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from power-on X.25 software, Version 3.0.0. Bridging software. 3 Virtual Ethernet/IEEE 802.3 interface(s) 96 FastEthernet/IEEE 802.3 interface(s) 58 Gigabit Ethernet/IEEE 802.3 interface(s) 1917K bytes of non-volatile configuration memory. 8192K bytes of packet buffer memory. 65536K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2102 sup720# sup720#show module Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 16 16 port GE RJ45 WS-X6316-GE-TX SAD04100A9R 2 48 48 port 10/100 mb RJ-45 ethernet WS-X6248-RJ-45 SAD041402P9 4 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0705CD7X 5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD070600MU 7 24 aCEF720 24 port 1000mb SFP WS-X6724-SFP SAD0725035Y 9 48 48-port 10/100 mb RJ45 WS-X6148-RJ45V SAL06282HGE Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 1 00d0.9738.702a to 00d0.9738.7039 0.202 5.3(1) 7.7(0.74)APP Ok 2 0001.9709.5c90 to 0001.9709.5cbf 1.2 5.1(1)CSX 7.7(0.74)APP Ok 4 0009.11f6.aa28 to 0009.11f6.aa37 1.0 7.2(1) 7.7(0.74)APP Ok 5 000c.3042.844c to 000c.3042.844f 1.0 7.7(1) 12.2(14)SX1 Ok 7 0030.f272.2666 to 0030.f272.267d 1.0 12.2(14r)S5 12.2(14)SX1 PwrDown 9 0009.127c.8d40 to 0009.127c.8d6f 1.0 5.4(2) 7.7(0.74)APP Ok Mod Sub-Module Model Serial Hw Status --- --------------------------- ------------------ ------------ ------- ------- 5 Policy Feature Card 3 WS-F6K-PFC3A SAD070601DR 1.0 Ok 5 MSFC3 Daughterboard WS-SUP720 SAD070500YF 1.0 Ok 7 unknown FRU type (major = 0 WS-F6700-CFC SAD073201KC 1.0 PwrDown 9 Inline Power Module WS-F6K-PWR 1.0 Ok Mod Online Diag Status --- ------------------- 1 Pass 2 Pass 4 Pass 5 Pass 7 Unknown 9 Pass sup720# sup720# sup720#reload Proceed with reload? [confirm] !--- Here you turn off the power and then turn it back on. !--- Here it is done with a reload instead of a hard power-cycle. *Sep 29 04:21:13: %SYS-5-RELOAD: Reload requested by console. *Sep 29 04:21:16: %OIR-SP-6-CONSOLE: Changing console ownership to switch procer *Sep 29 04:21:18: %SYS-SP-5-RELOAD: Reload requested *Sep 29 04:21:18: %OIR-SP-6-CONSOLE: Changing console ownership to switch procer *** *** --- SHUTDOWN NOW --- *** !--- First, the switch processor comes up. System Bootstrap, Version 7.7(1) Copyright (c) 1994-2003 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 524288 Kbytes of main memory Autoboot executing command: "boot disk0:s72033-ps-mz.122-14.SX1.bin" Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:48 by ccai Image text-base: 0x40020C10, data-base: 0x40B98000 00:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor 00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor !--- The RP now has control of the console. !--- This is when you send the break sequence. System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2003 by cisco Systems, Inc. Cat6k-Sup720/RP platform with 524288 Kbytes of main memory Download Start *** Mistral Interrupt on line 4 *** System memory 1 bit ECC correctable error interrupt .. PC = 0x8000841c, SP = 0x80007f00, RA = 0x80008488 Cause Reg = 0x00004400, Status Reg = 0x3041c003 rommon 1 > !--- You are now in ROMMON mode on the RP. Continue the password !--- recovery procedure just as on any router. Changing the configuration !--- register from 0x2102 to 0x2142 causes the router to ignore the existing !--- configuration. It needs to be ignored because it has passwords that are not !--- known. Due to Cisco bug ID CSCec36997 : Password recovery on sup720-native leads to crash !--- on SP. You have about 10 seconds to change the configuration register to 0x2142. !--- After these 10 seconds, the SP crashes. If the config register is not changed !--- in time, start again. rommon 1 > confreg 0x2142 You must reset or power cycle for new config to take effect. rommon 2 > !--- Without any intervention, the switch crashes in about 10 seconds !--- after you break into RP ROMMON. 00:00:31: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co. 00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7 -Process= "SCP Download Process", ipl= 7, pid= 57 -Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C 00:00:31: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor *** System received a Software forced crash *** signal= 0x17, code= 0x24, context= 0x4269f6f4 PC = 0x401370d8, Cause = 0x3020, Status Reg = 0x34008002 System Bootstrap, Version 7.7(1) Copyright (c) 1994-2003 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 524288 Kbytes of main memory Autoboot executing command: "boot disk0:s72033-ps-mz.122-14.SX1.bin" Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:48 by ccai Image text-base: 0x40020C10, data-base: 0x40B98000 00:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor 00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 2003 by cisco Systems, Inc. Cat6k-Sup720/RP platform with 524288 Kbytes of main memory Download Start !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Download Completed! Booting the image. Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai Image text-base: 0x40008C10, data-base: 0x41ACE000 cisco Catalyst 6000 (R7000) processor with 458752K/65536K bytes of memory. Processor board ID SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from power-on X.25 software, Version 3.0.0. Bridging software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 96 FastEthernet/IEEE 802.3 interface(s) 58 Gigabit Ethernet/IEEE 802.3 interface(s) 1917K bytes of non-volatile configuration memory. 8192K bytes of packet buffer memory. 65536K bytes of Flash internal SIMM (Sector size 512K). --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n !--- The router ignores the saved configuration and enters !--- the initial configuration mode. Press RETURN to get started! 00:00:03: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure conso. 00:00:46: curr is 0x10000 00:00:46: RP: Currently running ROMMON from F1 region 00:01:00: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai 00:01:00: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold stat 00:01:00: %SYS-6 Router>-BOOTTIME: Time taken to reboot after reload = 1807 seconds Firmware compiled 19-May-03 10:54 by integ Build [100] 00:00:54: %SPANTREE-SP-5-EXTENDED_SYSID: Extended SysId enabled for type vlan 00:00:54: SP: SP: Currently running ROMMON from F1 region 00:01:00: %SYS-SP-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:48 by ccai 00:01:01: %OIR-SP-6-INSPS: Power supply inserted in slot 1 00:01:01: %C6KPWR-SP-4-PSOK: power supply 1 turned on. 00:01:01: %OIR-SP-6-INSPS: Power supply inserted in slot 2 00:01:01: %C6KPWR-SP-4-PSOK: power supply 2 turned on. 00:01:01: %C6KPWR-SP-4-PSREDUNDANTBOTHSUPPLY: in power-redundancy mode, system . 00:01:05: %FABRIC-SP-5-FABRIC_MODULE_ACTIVE: the switching fabric module in sloe 00:01:06: %DIAG-SP-6-RUN_MINIMUM: Module 5: Running Minimum Diagnostics... Router> Router> 00:01:18: %DIAG-SP-6-DIAG_OK: Module 5: Passed Online Diagnostics 00:01:18: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online 00:01:21: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Diagnostics... Router> Router> Router> 00:01:36: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimum Diagnostics... Router> Router> 00:01:42: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimum Diagnostics... 00:01:44: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics 00:01:45: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online 00:01:54: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics 00:01:54: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online 00:01:57: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics 00:01:57: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online 00:02:06: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics... 00:02:15: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics 00:02:15: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online Router> Router>enable Router# !--- You go right into privilege mode without needing a password. !--- At this point, the configuration running-config is a default configuration !--- with all the ports administratively down (shutdown). Router#copy startup-config running-config Destination filename [running-config]? <press enter> !--- This pulls in your original configuration. Since you are already in privilege !--- mode, the passwords in this configuration (that are not known) do not affect you. 4864 bytes copied in 2.48 secs (2432 bytes/sec) sup720# sup720#configure terminal Enter configuration commands, one per line. End with CNTL/Z. sup720(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.] !--- Overwrite the password that you do not know. This is your new enable password. sup720#show ip interface brief Interface IP-Address OK? Method Status Prol Vlan1 10.48.72.142 YES TFTP administratively down dow Vlan500 10.1.1.1 YES TFTP administratively down dow Vlan501 10.2.2.1 YES TFTP administratively down dow GigabitEthernet1/1 unassigned YES TFTP administratively down dow GigabitEthernet1/2 unassigned YES TFTP administratively down dow GigabitEthernet1/3 unassigned YES TFTP administratively down dow GigabitEthernet1/4 unassigned YES TFTP administratively down dow GigabitEthernet1/5 unassigned YES TFTP administratively down dow GigabitEthernet1/6 unassigned YES TFTP administratively down dow GigabitEthernet1/7 unassigned YES TFTP administratively down dow <snip>... !--- Issue the no shut command on all interfaces that you want to bring up. sup720#configure terminal Enter configuration commands, one per line. End with CNTL/Z. sup720(config)#interface gig 1/1 sup720(config-if)#no shut sup720(config-if)#^Z sup720# !--- Overwrite the virtual terminal passwords. sup720#configure terminal sup720(config)#line vty 0 4 sup720(config-line)#password XXX sup720(config-line)#^Z sup720# !--- Restore the configuration register to its normal state !--- so that it no longer ignores the stored configuration file. sup720#show version Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai Image text-base: 0x40008C10, data-base: 0x41ACE000 ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) BOOTLDR: s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) sup720 uptime is 4 minutes Time since sup720 switched to active is 4 minutes System returned to ROM by power-on (SP by error - a Software forced crash, PC 0) System image file is "disk0:s72033-ps-mz.122-14.SX1.bin" cisco Catalyst 6000 (R7000) processor with 458752K/65536K bytes of memory. Processor board ID SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from power-on X.25 software, Version 3.0.0. Bridging software. 3 Virtual Ethernet/IEEE 802.3 interface(s) 96 FastEthernet/IEEE 802.3 interface(s) 58 Gigabit Ethernet/IEEE 802.3 interface(s) 1917K bytes of non-volatile configuration memory. 8192K bytes of packet buffer memory. 65536K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2142 sup720# sup720#configure terminal Enter configuration commands, one per line. End with CNTL/Z. sup720(config)#config-register 0x2102 sup720(config)# !--- Verify that the configuration register is changed for the next reload. sup720#show version Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 27-May-03 20:40 by ccai Image text-base: 0x40008C10, data-base: 0x41ACE000 ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1) BOOTLDR: s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY sup720 uptime is 4 minutes Time since sup720 switched to active is 4 minutes System returned to ROM by power-on (SP by error - a Software forced crash, PC 0) System image file is "disk0:s72033-ps-mz.122-14.SX1.bin" cisco Catalyst 6000 (R7000) processor with 458752K/65536K bytes of memory. Processor board ID SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from power-on X.25 software, Version 3.0.0. Bridging software. 3 Virtual Ethernet/IEEE 802.3 interface(s) 96 FastEthernet/IEEE 802.3 interface(s) 58 Gigabit Ethernet/IEEE 802.3 interface(s) 1917K bytes of non-volatile configuration memory. 8192K bytes of packet buffer memory. 65536K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2142 (will be 0x2102 at next reload) sup720# sup720#copy running-config startup-config Destination filename [startup-config]?Building configuration... [OK] sup720# !--- Optional: If you want to test that the router operates properly and that you have changed the passwords, !--- reload and test. sup720#reload Proceed with reload? [confirm]