恢復採用Supervisor Engine的Catalyst 4500/4900交換器的密碼
下載選項
已更新: 2023 年 10 月 31 日
文件 ID:21229
無偏見用語
本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。
關於此翻譯
思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。
簡介
本文說明如何在具有執行Cisco IOS®軟體的Supervisor Engine的Catalyst 4500/4900交換器上復原遺失的密碼。
必要條件
需求
本文件沒有特定需求。
採用元件
Catalyst 4500/4000交換器
- 管理引擎II-Plus(WS-X4013+)
- 管理引擎II-Plus-TS(WS-X4013+TS)
- 管理引擎II-Plus-10GE(WS-X4013+10GE)
- 管理引擎III(WS-X4014)
- 管理引擎IV(WS-X4515)
- 管理引擎V(WS-X4516)
- 管理引擎V-10GE(WS-X4516-10GE)模組
Cisco Catalyst 4948 交換器
Cisco Catalyst 4948 10GE交換器
Cisco Catalyst 4900M交換器
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
背景資訊
附註:在Catalyst 4500/4000系列交換器中,Supervisor Engine II+、II+10GE、II+TS、III、IV、V和V-10GE僅支援Cisco IOS軟體。
配置流程
在Catalyst 4500/4900交換器上復原密碼:
附註:在執行這些步驟時,請確保您對交換機具有物理訪問權,並且使用控制檯訪問Supervisor Engine模組。如需交換器主控台連線的詳細資訊,請參閱將資料機連線到Catalyst交換器上的主控台連線埠。
提示:如果按照上述步驟操作,交換機配置不會丟失。作為最佳實踐,思科建議您在TFTP伺服器或網路管理伺服器上擁有所有思科裝置配置的備份副本。
-
重新通電。
要重新通電,請關閉裝置,然後重新開啟。
在5秒內按Ctrl-C可阻止自動啟動。此操作將您置於ROM監控(ROMmon)提示模式。
!--- Here, you power cycle the switch. ********************************************************** * * * Welcome to ROM Monitor for WS-X4014 System. * * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. * * All rights reserved. * * * ********************************************************** ROM Monitor Program Version 12.1(10r)EY(1.21) Board type 1, Board revision 7 Swamp FPGA revision 16, Dagobah FPGA revision 43 Timer interrupt test passed. MAC Address : 00-02-b9-83-af-fe IP Address : 172.16.84.122 Netmask : 255.255.255.0 Gateway : 172.16.84.1 TftpServer : Not set. Main Memory : 256 MBytes ***** The system
willautoboot in 5 seconds ***** Type control-C to prevent autobooting.
!--- At this point, press Ctrl-C.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
!--- The module ended in the ROMmon.
rommon 1 > [interrupt] -
在提示
confreg時發出命rommon令。選擇此處以粗體顯示的內容,以便進行密碼恢復:
rommon 1 > set
rommon 1 > confreg Configuration Summary : => load ROM after netboot fails => console baud: 9600 => autoboot from: commands specified in 'BOOT' environment variable do you wish to change the configuration? y/n [n]: y enable "diagnostic mode"? y/n [n]: n enable "use net in IP bcast address"? y/n [n]: n disable "load ROM after netboot fails"? y/n [n]: n enable "use all zero broadcast"? y/n [n]: n enable "break/abort has effect"? y/n [n]: n enable "ignore system config info"? y/n [n]: y change console baud rate? y/n [n]: n change the boot characteristics? y/n [n]: n Configuration Summary : => load ROM after netboot fails => ignore system config info => console baud: 9600 => autoboot from: commands specified in 'BOOT' environment variable do you wish to save this configuration? y/n [n]: y You must reset or power cycle for new configuration to take effect
附註:您還可以在ROMmon提
confreg 0x2142示符時使用命令,以設定配置暫存器值以繞過NVRAM中儲存的啟動配置。rommon 1 > confreg 0x2142 You must reset or power cycle for the new configuration to take effect.
-
發出命
reset令,讓模組重新啟動。由於您在步驟2中所做的更改,模組將重新啟動,但會忽略儲存的配置。
rommon 2 > reset
Resetting
rommon 3 >********************************************************** * * * Welcome to ROM Monitor for WS-X4014 System. * * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. * * All rights reserved. * * * **********************************************************
!--- Output suppressed.
Press RETURN to get started!
!--- Press Return.00:00:21: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai 00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
Switch> -
確保配置暫存器值為0x2142。
此值使模組從快閃記憶體開機,而不載入儲存的組態。在Switch提示時發出enable命令以進入啟用模式。然後,發出show version命令以檢查配置暫存器值。
Switch>enable Switch#show version Cisco Internetwork Operating System Software Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: https://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai Image text-base: 0x00000000, data-base: 0x00AA2B8C ROM: 12.1(10r)EY(1.21) Switch uptime is 5 minutes System returned to ROM by reload
Runningdefault software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of non-volatile configuration memory.
Configuration register is 0x2142
Switch# -
發出
configure memory命令或命令copy startup-config running-config,將NVRAM複製到記憶體中。不要發出
configure terminal命令,該命令顯示模組上的預設配置。Switch#configure memory Uncompressed configuration from 1307 bytes to 3014 bytes Switch# 00:13:52: %SYS-5-CONFIG_I: Configured from memory by console c-4006-SUPIII#
-
發出
show ip interface brief命令,以確保之前使用的介面顯示為up/up狀態。如果在口令恢復之前使用的任何介面顯示down,請在該介面上發出no shutdown命令以啟用該介面。
-
發出write terminal命令或show running-config命令以顯示模組上儲存的配置。
c-4006-SUPIII#
show running-configBuildingconfiguration...
Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!--- Output suppressed.line con 0 stopbits 1 line vty 0 4 login
!
end
c-4006-SUPIII#現在,您可以更改模組上的密碼了。
-
發出以下命令更改密碼:
c-4006-SUPIII#configure terminal Enter configuration commands, one per line. End with CNTL/Z. c-4006-SUPIII(config)#no enable secret !--- This step is necessary if the switch had an enable secret password. c-4006-SUPIII(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.] !--- This command sets the new password.
-
請確保將配置暫存器值更改回0x2102。
在configprompt(配置提示符)下完成這些步驟,以更改並驗證配置暫存器值。
c-4006-SUPIII(config)#config-register 0x2102 c-4006-SUPIII(config)# ^Z c-4006-SUPIII# 00:19:01: %SYS-5-CONFIG_I: Configured from console by console c-4006-SUPIII#write memory !--- This step saves the configuration.
Buildingconfiguration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
!--- This step verifies the value change.
Cisco Internetwork Operating System Software
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reloadRunningdefault software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142 (will be 0x2102 at next reload)
c-4006-SUPIII#此時,您已更改密碼。
組態與輸出範例
此範例輸出是Catalyst 4000 Supervisor Engine III上的密碼復原程式的結果。
c-4006-SUPIII> enable Password: Password: Password: % Bad secrets !--- Here, you power cycle the switch. ********************************************************** * * * Welcome to ROM Monitor for WS-X4014 System. * * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. * * All rights reserved. * * * ********************************************************** ROM Monitor Program Version 12.1(10r)EY(1.21) Board type 1, Board revision 7 Swamp FPGA revision 16, Dagobah FPGA revision 43 Timer interrupt test passed. MAC Address : 00-02-b9-83-af-fe IP Address : 172.16.84.122 Netmask : 255.255.255.0 Gateway : 172.16.84.1 TftpServer : Not set. Main Memory : 256 Mbytes ***** The systemwillautoboot in 5 seconds *****
Type control-C to preventautobooting.
!--- At this point, press Ctrl-C.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
rommon 1 > [interrupt]
rommon 1 > confreg
Configuration Summary :
=> load ROM after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
rommon 2 > resetResetting.......
rommon 3 >********************************************************** * * * Welcome to ROM Monitor for WS-X4014 System. * * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. * * All rights reserved. * * * **********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16,
Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe
IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 Mbytes
***** The systemwillautoboot in 5 seconds *****
Type control-C to preventautobooting.
. . . . .
******** The systemwillautoboot now ********
config-register = 0x2142BOOT variable specified file.....
Autobooting using
Current BOOT file is --- bootflash:
Rommon reg: 0x2B004180Decompressingthe image : ###########################
#####################################################
####################################### [OK]
k2diags version 1.6
prod: WS-X4014 part: 73-6854-07 serial: JAB0546060Z
Power-on-self-test for Module 1: WS-X4014
Status: (. = Pass, F = Fail)
Traffic using serdes loopback (L2; one port at a time)...
switch port 0: . switch port 1: . switch port 2: .
switch port 3: . switch port 4: . switch port 5: .
switch port 6: . switch port 7: . switch port 8: .
!--- Output suppressed.
Module 1 PassedExitingtoios...
Rommon reg: 0x2B000180Decompressingthe image : ##########################
!--- Output suppressed.
######################################################### [OK]Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco Internetwork Operating System Software Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai Image text-base: 0x00000000, database: 0x00AA2B8C
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Press RETURN to get started!
00:00:21: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch isundergoinga cold start
Switch>enable
Switch#show version
Cisco Internetwork Operating System Software
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142
Switch#
Switch#configure memory
Uncompressed configuration from 1307 bytes to 3014 bytes
c-4006-SUPIII#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#show running-configBuildingconfiguration...
Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!vlan 20 private-vlan primary ! vlan 100 ! vlan 202 private-vlan association 440 ! vlan 440 private-vlan isolated ! vlan 500 ip subnet-zero no ip domain-lookup ! ip multicast-routing ! ! interface GigabitEthernet1/1 no switchport ip address 10.1.1.1 255.255.255.0 ip pim dense-mode ! interface GigabitEthernet1/2 no switchport ip address 10.2.2.2 255.255.255.0
!
!--- Output suppressed.
!interface Vlan1 ip address 172.16.84.140 255.255.255.0 ip pim dense-mode ! interface Vlan2 no ip address shutdown ! interface Vlan20 no ip address shutdown
!
!--- Output suppressed.
!line con 0 stopbits 1 line vty 0 4 login
!
end
c-4006-SUPIII#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret
!--- This step is necessary if the switch had an enable secret password.
c-4006-SUPIII(config)#enable secret < password >
[Choose a strong password with at least one capital letter,
one number, and one special character.]
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)#^Z
c-4006-SUPIII#write memoryBuildingconfiguration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
Cisco Internetwork Operating System Software
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reloadRunningdefault software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142 (willbe 0x2102 at next reload)
c-4006-SUPIII#
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
2.0 |
31-Oct-2023 |
重新認證 |
1.0 |
13-Mar-2002 |
初始版本 |
由思科工程師貢獻
- Julio JimenezCisco TAC Engineer
意見