说起密码恢复,那个气啊,不会又不行,会了也不起作用,因为这东西,就像恢复或升级IOS一样,很烦人.我这人不怕困难就怕麻烦!^^ 好了废话不多说,let's do it!
作者:红头发(aka CCIE#15101/JNCIP Candidate)
出处:[url]http://www.91lab.com[/url]


一.基于CatOS的CATALYST 1200,1400,2901,2902,2926T/F,2926GS/L,2948G,2980G,4000,5000,5500,6000与6500密码恢复:

标题可真够长的-__-b,第一步都会,见下图,伟大的超级终端,你绝对不是一个人!-__-b
attachimg.gif
ht.jpg (27.94 KB)
2007-3-25 21:40


关掉交换机电源,等待片刻再打开(这一动作让我想起小时候在家里偷偷玩任天堂游戏机的经典动作:关机拔卡扯电源-__-3).当出现密码提示符后,接下来要做的事情,就是在30秒内完成一些步骤(KAO!拍大片啊).
1.回车(相当于输入空密码).
2.进入enable mode(enable命令别说你不会).
3.回车,继续玩空密码.
4.修改密码(set password和set enablepass命令).
5.回车,相当于输入旧密码(如果在这时候收到提示信息说"sorry password incorrect",抱歉,你动作太慢了,超过30秒了,把上述步骤重新做1次,动作快点).
6.设置更为安全的密码(set password和set enablepass命令).完工.

示例:
System Bootstrap, Version 5.3(1)
Copyright (c) 1994-1999 by Cisco Systems, Inc.
c6k_sup1 processor with 65536 Kbytes of main memory
Autoboot executing command: "boot bootflash:cat6000-sup.6-3-3.bin"
Uncompressing file:  ###########################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
################################################################################
##############################

System Power On Diagnostics
DRAM Size ....................64 MB
Testing DRAM..................Passed
NVRAM Size ...................512 KB
Level2 Cache .................Present

System Power On Diagnostics Complete

Boot p_w_picpath: bootflash:cat6000-sup.6-3-3.bin

Running System Diagnostics from this Supervisor (Module 1)
This may take up to 2 minutes....please wait

Cisco Systems Console

2002 Apr 08 16:08:13 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for
Module 1
Enter password:                            /------你只有30秒------/
(回车)
2007 Mar 08 11:08:15 %SYS-1-SYS_ENABLEPS: Power supply 1 enabled
2007 Mar 08 11:08:15 %SYS-1-SYS_ENABLEPS: Power supply 2 enabled
2007 Mar 08 11:08:18 %SYS-5-MOD_PWRON:Module 3 powered up
2007 Mar 08 11:08:18 %SYS-5-MOD_PWRON:Module 4 powered up
2007 Mar 08 11:08:25 %MLS-5-NDEDISABLED:Netflow Data Export disabled
2007 Mar 08 11:08:26 %MLS-5-MCAST_STATUS:IP Multicast Multilayer Switching is
enabled
2007 Mar 08 11:08:26 %SYS-5-MOD_OK:Module 1 is online

Console> enable

Enter password: 2007 Mar 08 11:08:37 %SYS-5-MOD_OK:Module 3 is online
2007 Mar 08 11:08:37 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for
Module 3

Console> (enable) set password
Enter old password:
(回车)
Enter new password:
(回车)
Retype new password:
(回车)
Password changed.

Console> (enable) set enablepass
Enter old password:
(回车)
Enter new password:
(回车)
Retype new password:
(回车)
Password changed.

其他些老古董比如CATALYST 1200和这个有点不太一样,不写了,实在需要的话查documentation吧.

二.基于CISCO IOS软件版本12.2(17)SX之前的,搭载Supervisor Engine 720的CATALYST 6500密码恢复:
标题同样很长-__-3.本section只适用于基于CISCO IOS软件版本12.2(17)SX或其之前版本的.(关于这1部分的恢复过程,也可以参见CISCO Bug ID CSCec36997这1部分的讲解).

通常当交换机加电后,交换机处理器(SP)启动,大约25-60秒后,控制权转交给路由处理器(RP,MSFC),RP继续加载软件镜象.接下来要做的,老规矩,CTRL+BREAK,但是别太快,该过程是应该在RP启动的时候做而不是在SP启动的时候做,否则就进到SP ROMMON模式去了.因此,出现以下信息后,就可以CTRL+BREAK了:
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor

注意由于之前提到的bug,这次更猛,你只有10秒的时间去CTRL+BREAK(看来是前作大片的续集啊-__-#).接下来修改寄存器值为0x2142让交换机忽略启动配置文件.然后就会重启:
rommon 1 > confreg 0x2142
00:00:41: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co.
00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7
-Process= "SCP Download Process", ipl= 7, pid= 57
-Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C
00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7
-Process= "SCP Download Process", ipl= 7, pid= 57
-Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C
00:00:41: %SYS-SP-2-INTSCHED: 't_idle' at level 7
-Process= "SCP Download Process", ipl= 7, pid= 57
-Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C
00:00:41: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor
   
*** System received a Software forced crash ***
signal= 0x17, code= 0x24, context= 0x4269f6f4
PC = 0x401370d8, Cause = 0x3020, Status Reg = 0x34008002

之后不要进setup模式,进入命令行后,enable命令进到特权模式.然后configure memory或copy startup-config running-config命令伺候,把NVRAM中的东西拷贝到RAM中.

继续,进到全局配置模式后,用enable secret命令修改密码.然后把寄存器值改回0x2102.如果你VTY线路下设置的有密码,这时候可以顺便一起改了:
Router(config)#line vty 0 4
Router(config-line)# password NUAIKO
Router(config-line)#^Z
Router#

最后保存配置:wr吧.收工!

示例:
System Bootstrap, Version 7.7(1)
Copyright (c) 1994-2003 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 524288 Kbytes of main memory

Autoboot executing command: "boot disk0:s72033-ps-mz.122-14.SX1.bin"

Self decompressing the p_w_picpath : ################################################]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 27-May-03 20:48 by ccai
Image text-base: 0x40020C10, data-base: 0x40B98000

00:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor

00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor     /------你只有10秒CTRL+BREAK------/

System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 2003 by cisco Systems, Inc.
Cat6k-Sup720/RP platform with 524288 Kbytes of main memory

Download Start
*** Mistral Interrupt on line 4 ***
System memory 1 bit ECC correctable error interrupt ..
  PC = 0x8000841c, SP = 0x80007f00, RA = 0x80008488
  Cause Reg = 0x00004400, Status Reg = 0x3041c003

rommon 1 >
rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect.

rommon 2 >             /------自动重启了,别怕------/

00:00:31: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co.

00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7
-Process= "SCP Download Process", ipl= 7, pid= 57
-Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C
00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7
-Process= "SCP Download Process", ipl= 7, pid= 57
-Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C
00:00:31: %SYS-SP-2-INTSCHED: 't_idle' at level 7
-Process= "SCP Download Process", ipl= 7, pid= 57
-Traceback= 4013991C 401232B4 402827F4 40282994 40283010 405CB010 402A9858 4013C
00:00:31: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor

*** System received a Software forced crash ***
signal= 0x17, code= 0x24, context= 0x4269f6f4
PC = 0x401370d8, Cause = 0x3020, Status Reg = 0x34008002

System Bootstrap, Version 7.7(1)
Copyright (c) 1994-2003 by cisco Systems, Inc.
Cat6k-Sup720/SP processor with 524288 Kbytes of main memory

Autoboot executing command: "boot disk0:s72033-ps-mz.122-14.SX1.bin"

Self decompressing the p_w_picpath : ################################################]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 27-May-03 20:48 by ccai
Image text-base: 0x40020C10, data-base: 0x40B98000

00:00:03: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor

System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 2003 by cisco Systems, Inc.
Cat6k-Sup720/RP platform with 524288 Kbytes of main memory

Download Start
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Download Completed! Booting the p_w_picpath.
Self decompressing the p_w_picpath : ################################################]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 27-May-03 20:40 by ccai
Image text-base: 0x40008C10, data-base: 0x41ACE000

cisco Catalyst 6000 (R7000) processor with 458752K/65536K bytes of memory.
Processor board ID
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
X.25 software, Version 3.0.0.
Bridging software.
1 Virtual Ethernet/IEEE 802.3  interface(s)
96 FastEthernet/IEEE 802.3 interface(s)
58 Gigabit Ethernet/IEEE 802.3 interface(s)
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

        --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:03: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure conso.

00:00:46: curr is 0x10000

00:00:46: RP: Currently running ROMMON from F1 region
00:01:00: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-PS-M), Version 12.2(14)SX1, EARLY DEPLOY)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 27-May-03 20:40 by ccai
00:01:00: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold stat
00:01:00: %SYS-6
Router>-BOOTTIME: Time taken to reboot after reload = 1807 seconds

Firmware compiled 19-May-03 10:54 by integ Build [100]

00:00:54: %SPANTREE-SP-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
00:00:54: SP: SP: Currently running ROMMON from F1 region
00:01:00: %SYS-SP-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) s72033_sp Software (s72033_sp-SP-M), Version 12.2(14)SX1, EARLY DEPLOY)
TAC Support: [url]http://www.cisco.com/tac[/url]
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 27-May-03 20:48 by ccai
00:01:01: %OIR-SP-6-INSPS: Power supply inserted in slot 1
00:01:01: %C6KPWR-SP-4-PSOK: power supply 1 turned on.
00:01:01: %OIR-SP-6-INSPS: Power supply inserted in slot 2
00:01:01: %C6KPWR-SP-4-PSOK: power supply 2 turned on.
00:01:01: %C6KPWR-SP-4-PSREDUNDANTBOTHSUPPLY: in power-redundancy mode, system .
00:01:05: %FABRIC-SP-5-FABRIC_MODULE_ACTIVE: the switching fabric module in sloe
00:01:06: %DIAG-SP-6-RUN_MINIMUM: Module 5: Running Minimum Diagnostics...
Router>
Router>
00:01:18: %DIAG-SP-6-DIAG_OK: Module 5: Passed Online Diagnostics
00:01:18: %OIR-SP-6-INSCARD: Card inserted in slot 5, interfaces are now online
00:01:21: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Diagnostics...
Router>
Router>
Router>
00:01:36: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimum Diagnostics...
Router>
Router>
00:01:42: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimum Diagnostics...
00:01:44: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics
00:01:45: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online
00:01:54: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics
00:01:54: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online
00:01:57: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics
00:01:57: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online
00:02:06: %DIAG-SP-6-RUN_MINIMUM: Module 2: Running Minimum Diagnostics...
00:02:15: %DIAG-SP-6-DIAG_OK: Module 2: Passed Online Diagnostics
00:02:15: %OIR-SP-6-INSCARD: Card inserted in slot 2, interfaces are now online
Router>
Router> enable
Router# copy startup-config running-config
Destination filename [running-config]?
(回车)
4864 bytes copied in 2.48 secs (2432 bytes/sec)
sup720#
sup720# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
sup720(config)# enable secret NUAIKO
sup720(config)# config-register 0x2102
sup720(config)# line vty 0 4
sup720(config-line)# password 91Lab
sup720(config-line)#^Z
sup720# copy running-config startup-config
Destination filename [startup-config]?
(回车)
Building configuration...
[OK]
sup720# reload

Proceed with reload? [confirm]
(回车)

三.基于CISCO IOS的CATALYST 6000/6500密码恢复:
本section只适用于基于Supervisor Engine 1/2/720的系统,并且对于Supervisor Engine 720,本section针对的是CISCO IOS软件版本12.2(17)SX或其后续版本的,之前版本的恢复参考,请参见上一section.

其密码恢复过程,除了CTRL+BREAK无10秒的限制,以及在修改了寄存器值为0x2142后,要手动重启之外:
rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect
rommon 2 > reset
其他过程和上一section完全一样,就不赘述了.我也收工洗澡睡觉.

作者:红头发(aka CCIE#15101/JNCIP Candidate)
出处:
[url]http://www.91lab.com[/url]