目錄
前言
忘记密码这回事,总会出现;又或是一只被遗下已久的网络仪器,想用时又不知道是谁设了密码,这些时候就要重设密码了。网上很容易找到一些 Cisco Router 或 Switch 重设密码的方法,却没有详细解释个中原理,只顾跟着做的话,很快又忘记了。本文尝试从了解开机步骤来带出重设密码的原理。
890/1900/2900 系列 Router 开机步骤
现在先了解一下 Router 的开机步骤,从按下开机制开始,Console 画面就会出现一大堆讯息,过程有点像一般个人电脑刚开机时那样。
- POST (Power On Self Test) – 首先 Router 会自我检查一下。
Initializing Hardware ... Checking for PCIe device presence...done System integrity status: 0x610 Rom image verified correctly
- 载入 Bootstrap – 然後会载入一个叫 Bootstrap 的程式,就是一个很基本的系统,用作稍後载入 OS (即 IOS) 之用。
System Bootstrap, Version 16.7(1r), RELEASE SOFTWARE Copyright (c) 1994-2017 by cisco Systems, Inc.
- 读取 Configuration Register – 重要!这时 Bootstrap 会读取一个 16Bits 叫 Configuration Register 的值,预设为 0x2102,即二进数 0010 0001 0000 0010,每个位元有不同的作用,一般情况下不会更改,详情可参考 Cisco 文档。但要重设密码最重要的是看第 6 Bit (最右面数起是第 0 Bit): 0010 0001 0000 0010,这个 Bit 可控制 Router 要不要跳过读取 Startup Configuration,预设 0 是不跳过 (即读取),设成 1 则是跳过 (即不读取)。但开机时是看不到 Configuration Register 的值,只有在开机後用 Show Version 才可看到。
Router>show version Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 15:23 by prod_rel_team ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) <--Output Omitted--> Technology Package License Information for Module:'c2900' ---------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ----------------------------------------------------------------- ipbase ipbasek9 Permanent ipbasek9 security securityk9 Permanent securityk9 uc uck9 Permanent uck9 data datak9 Permanent datak9 Configuration register is 0x2102 Router> - 载入 IOS – 依 Flash丶TFTP 和 ROM 的次序载入 IOS,即是我们常常看见很多 # 号那个时刻。
IOS Image Load Test ___________________ Digitally Signed Production Software Self decompressing the image : ################################################ ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ###############################################################################
- 载入 Startup Configuration – 跟据 Configuration Register 的值决定是否载入 Startup Configuration。如果没有载入或 Startup Configuration 不存在,就会询问是否进行 Initial Configuration,就像打开一台新机一样。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]:
无论是 Console 密码丶Enable 密码都是储存在 Startup Configuration 之中,然後被载入至 Running Configuration。然而修改 Configuration 需要 Enable 密码,重设密码的哲学在於「如何在不用密码的情况下进入 Enable Mode (或称 Privilege Mode)?」
891/1950/2901 Router 重设密码步骤
所以,重设密码的策略在於开机时需跳过载入 Startup Configuration,在没有任何密码的情况下进入 Enable Mode,然後手动载入 Configuration 并修改密码,详细步骤如下:
- 启动 Router,於 IOS 被载入时按键盘 Ctrl-Break (如 Mac 可按 Ctrl-Delete) 中断载入,并进入 rommon 模式。
System Bootstrap, Version 15.4(1r)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2014 by cisco Systems, Inc. Total memory size = 512 MB Field Upgradeable ROMMON Integrity test _______________________________________ ROM: Digitally Signed Production Software C891F-K9 platform with 524288 Kbytes of main memory Main memory is configured to 32 bit mode Upgrade ROMMON initialized IOS Image Load Test ___________________ Digitally Signed Production Software Self decompressing the image : ########################### monitor: command "boot" aborted due to user interrupt rommon 1 >
- rommon 是一个 Debug Tool,平时很少使用,可以做一些档案管理和修改参数,按 ? 再按 <ENTER> 可以看到可用的指令。而我们想要做的是修改 Configuration Register,由 0x2102 改成 0x2142,指令是 confreg 2142,然後用指令 reset 重新开机。
rommon 1 > ? alias set and display aliases command boot boot up an external process confreg configuration register utility dev list the device table dir list files in file system help monitor builtin command help history monitor command history meminfo main memory information repeat repeat a monitor command reset system reset set display the monitor variables showmon display currently selected ROM monitor sync write monitor environment to NVRAM token display board's unique token identifier unalias unset an alias unset unset a monitor variable rommon 2 > confreg 2142 You must reset or power cycle for new config to take effect rommon 3 > reset Resetting .......
- 这次开机让它载入 IOS,最後因为没有载入 Startup Configuration 而出现 Initial Configuration Dialog 模式,输入 no 跳过,这时不用密码也可进入 Enable Mode 了。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]: no Router> Router>enable Router#
- 由於刚才跳过了载入 Startup Configuration,现在手动把 Startup Configuration 抄写至 Running Configuration,现在可以修改密码了,最後别忘记 write memory 把 Configuration 储存至 Startup Configuration。
Router#copy startup-config running-config Destination filename [running-config]? Router#configure terminal Router(conf)# Router(config)#enable secret cisco Router(config)#end Router# Router#write memory Building configuration... [OK]
- 重新开机,再次按键盘 Ctrl-Break (如 Mac 可按 Ctrl-Delete) 进入 rommon 模式,把 Configuration Register 回复至 0x2102 并重新开机,重设密码的步骤便完成了。
rommon 1 > confreg 2102 You must reset or power cycle for new config to take effect rommon 2 > reset Resetting .......
2900/3500 系列 Switch 开机步骤
传统 2900 及 3500 系列,没有 Configuration Register 概念,开机步骤如下:
- POST (Power On Self Test) – 自我检查一下。
- flash_init – 载入一个叫 flash_init 的小程式,用作读取 flash 里的档案。
Initializing Flash... mifs[2]: 12 files, 1 directories mifs[2]: Total bytes : 1806336 mifs[2]: Bytes used : 831488 mifs[2]: Bytes available : 974848 mifs[2]: mifs fsck took 0 seconds. mifs[3]: 0 files, 1 directories mifs[3]: Total bytes : 3870720 mifs[3]: Bytes used : 1024 mifs[3]: Bytes available : 3869696 mifs[3]: mifs fsck took 1 seconds. mifs[4]: 5 files, 1 directories mifs[4]: Total bytes : 258048 mifs[4]: Bytes used : 8192 mifs[4]: Bytes available : 249856 mifs[4]: mifs fsck took 0 seconds. mifs[5]: 5 files, 1 directories mifs[5]: Total bytes : 258048 mifs[5]: Bytes used : 8192 mifs[5]: Bytes available : 249856 mifs[5]: mifs fsck took 0 seconds. mifs[6]: 5 files, 2 directories mifs[6]: Total bytes : 57931776 mifs[6]: Bytes used : 16562688 mifs[6]: Bytes available : 41369088 mifs[6]: mifs fsck took 9 seconds. ...done Initializing Flash.
- 载入 IOS – 依 Flash丶TFTP 和 ROM 的次序载入 IOS。
- 载入 Startup Configuration – 如 Flash 中有 config.text 这个档案则载入,否则进入 System Configuration Dialog 模式。
由於 2900 及 3500 系列的 Switch 没有 Configuration Register,要跳过载入 Startup Configuration 只需在 flash 把 config.text 档名改掉便可。
2950/2960/3550/3560 Switch 重设密码步骤
- Switch 没有开关按钮,一插电制便开机了,在插电制的同时按着面版上的 Mode 按钮,直至 Switch 进入 Password-recovery 模式。
Using driver version 3 for media type 1 Base ethernet MAC Address: aa:aa:aa:aa:aa:aa Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: - 输入 flash_init 挂载 flash 档案系统,然後输入 dir flash: 应可看到 flash 里面的档案列表。
switch: flash_init Initializing Flash... mifs[2]: 12 files, 1 directories mifs[2]: Total bytes : 1806336 mifs[2]: Bytes used : 831488 mifs[2]: Bytes available : 974848 mifs[2]: mifs fsck took 0 seconds. mifs[3]: 0 files, 1 directories mifs[3]: Total bytes : 3870720 mifs[3]: Bytes used : 1024 mifs[3]: Bytes available : 3869696 mifs[3]: mifs fsck took 1 seconds. mifs[4]: 5 files, 1 directories mifs[4]: Total bytes : 258048 mifs[4]: Bytes used : 8192 mifs[4]: Bytes available : 249856 mifs[4]: mifs fsck took 0 seconds. mifs[5]: 5 files, 1 directories mifs[5]: Total bytes : 258048 mifs[5]: Bytes used : 8192 mifs[5]: Bytes available : 249856 mifs[5]: mifs fsck took 0 seconds. mifs[6]: 5 files, 2 directories mifs[6]: Total bytes : 57931776 mifs[6]: Bytes used : 16562688 mifs[6]: Bytes available : 41369088 mifs[6]: mifs fsck took 9 seconds. ...done Initializing Flash. switch: switch: dir flash: Directory of flash:/ 2 -rwx 1492 <date> config.text 3 -rwx 16353536 <date> c2960s-universalk9-mz.152-1.E.bin 4 -rwx 5 <date> private-config.text 5 -rwx 3096 <date> multiple-fs 6 drwx 512 <date> dc_profile_dir 41369088 bytes available (16562688 bytes used)
- 把 flash 里面的 config.text 更改档案名成 config.bak,然後用指令 boot 开始载入 IOS。
switch: rename flash:config.text flash:config.bak switch: boot Loading "flash:c2960s-universalk9-mz.152-1.E.bin"...@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- 由於系统找不到 config.text,因而没法载入 Startup Configuration 而出现 Initial Configuration Dialog 模式,输入 no 跳过,这时不用密码也可进入 Enable Mode 了。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]: no Switch> Switch>enable Switch#
- 把 flash:config.bak 改回 flash:config.text,然後把 startup-config 抄至 running-config,现在可以修改密码了,最後别忘记 write memory 把 Configuration 储存至 Startup Configuration。重设密码步骤完成。
Switch#rename flash:config.bak flash:config.text Switch#copy startup-config running-config Switch#configure terminal Switch(conf)# Switch(config)#enable secret cisco Switch(config)#end Switch# Switch#write memory Building configuration... [OK]
3650/3850 Switch 重设密码步骤
从 3650 开始,Switch 的 IOS 改用 Linux Base,重设密码方法又有点不同,步骤如下:
- 在插电制时先按着面版上的 Mode 去中断正常开机程序。
- 输入指令 SWITCH_IGNORE_STARTUP_CFG=1 (全大写),这样就会跳过载入 Startup Configuration。
Booting... Interface GE 0 link down***ERROR: PHY link is down The system has been interrupted prior to initializing some filesystems and loading the operating system software. Console will be reset to 9600 baud rate, need to change terminal setting first. The following commands will initialize the remaining filesystems, and finish loading the operating system software: flash_init boot switch: SWITCH_IGNORE_STARTUP_CFG=1 - 输入指令 flash_init 和 boot 把 IOS 载入。
- 系统进入 Initial Configuration Dialog 模式,输入 no 跳过,这时不用密码也可进入 Enable Mode 了。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]: no Switch> Switch>enable Switch#
- 由於刚才跳过了载入 Startup Configuration,所以手动把 Startup Configuration 抄写至 Running Configuration,现在可以修改密码了,最後别忘记 write memory 把 Configuration 储存至 Startup Configuration。
Switch#copy startup-config running-config Destination filename [running-config]? Switch#configure terminal Switch(conf)# Switch(config)#enable secret cisco Switch(config)#end Switch# Switch#write memory Building configuration... [OK]
- 重新开机,再次按住 mode 按钮去中断正常开机程序,把 SWITCH_IGNORE_STARTUP_CFG 的值改回 0,然後输入指令 flash_init 和 boot 继续开机程序。重设密码步骤完成。
Booting... Interface GE 0 link down***ERROR: PHY link is down The system has been interrupted prior to initializing some filesystems and loading the operating system software. Console will be reset to 9600 baud rate, need to change terminal setting first. The following commands will initialize the remaining filesystems, and finish loading the operating system software: flash_init boot switch: SWITCH_IGNORE_STARTUP_CFG=0
相關主題
Jan Ho 2021-07-22
Posted In: 基本网络知识 Basic Concept