目錄
前言
忘記密碼這回事,總會出現;又或是一隻被遺下已久的網絡儀器,想用時又不知道是誰設了密碼,這些時候就要重設密碼了。網上很容易找到一些 Cisco Router 或 Switch 重設密碼的方法,卻沒有詳細解釋箇中原理,只顧跟著做的話,很快又忘記了。本文嘗試從了解開機步驟來帶出重設密碼的原理。
890/1900/2900 系列 Router 開機步驟
現在先了解一下 Router 的開機步驟,從按下開機制開始,Console 畫面就會出現一大堆訊息,過程有點像一般個人電腦剛開機時那樣。
- POST (Power On Self Test) – 首先 Router 會自我檢查一下。
Initializing Hardware ... Checking for PCIe device presence...done System integrity status: 0x610 Rom image verified correctly
- 載入 Bootstrap – 然後會載入一個叫 Bootstrap 的程式,就是一個很基本的系統,用作稍後載入 OS (即 IOS) 之用。
System Bootstrap, Version 16.7(1r), RELEASE SOFTWARE Copyright (c) 1994-2017 by cisco Systems, Inc.
- 讀取 Configuration Register – 重要!這時 Bootstrap 會讀取一個 16Bits 叫 Configuration Register 的值,預設為 0x2102,即二進數 0010 0001 0000 0010,每個位元有不同的作用,一般情況下不會更改,詳情可參考 Cisco 文檔。但要重設密碼最重要的是看第 6 Bit (最右面數起是第 0 Bit): 0010 0001 0000 0010,這個 Bit 可控制 Router 要不要跳過讀取 Startup Configuration,預設 0 是不跳過 (即讀取),設成 1 則是跳過 (即不讀取)。但開機時是看不到 Configuration Register 的值,只有在開機後用 Show Version 才可看到。
Router>show version Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Wed 02-Dec-09 15:23 by prod_rel_team ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) <--Output Omitted--> Technology Package License Information for Module:'c2900' ---------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ----------------------------------------------------------------- ipbase ipbasek9 Permanent ipbasek9 security securityk9 Permanent securityk9 uc uck9 Permanent uck9 data datak9 Permanent datak9 Configuration register is 0x2102 Router> - 載入 IOS – 依 Flash、TFTP 和 ROM 的次序載入 IOS,即是我們常常看見很多 # 號那個時刻。
IOS Image Load Test ___________________ Digitally Signed Production Software Self decompressing the image : ################################################ ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ############################################################################### ###############################################################################
- 載入 Startup Configuration – 跟據 Configuration Register 的值決定是否載入 Startup Configuration。如果沒有載入或 Startup Configuration 不存在,就會詢問是否進行 Initial Configuration,就像打開一台新機一樣。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]:
無論是 Console 密碼、Enable 密碼都是儲存在 Startup Configuration 之中,然後被載入至 Running Configuration。然而修改 Configuration 需要 Enable 密碼,重設密碼的哲學在於「如何在不用密碼的情況下進入 Enable Mode (或稱 Privilege Mode)?」
891/1950/2901 Router 重設密碼步驟
所以,重設密碼的策略在於開機時需跳過載入 Startup Configuration,在沒有任何密碼的情況下進入 Enable Mode,然後手動載入 Configuration 並修改密碼,詳細步驟如下:
- 啟動 Router,於 IOS 被載入時按鍵盤 Ctrl-Break (如 Mac 可按 Ctrl-Delete) 中斷載入,並進入 rommon 模式。
System Bootstrap, Version 15.4(1r)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2014 by cisco Systems, Inc. Total memory size = 512 MB Field Upgradeable ROMMON Integrity test _______________________________________ ROM: Digitally Signed Production Software C891F-K9 platform with 524288 Kbytes of main memory Main memory is configured to 32 bit mode Upgrade ROMMON initialized IOS Image Load Test ___________________ Digitally Signed Production Software Self decompressing the image : ########################### monitor: command "boot" aborted due to user interrupt rommon 1 >
- rommon 是一個 Debug Tool,平時很少使用,可以做一些檔案管理和修改參數,按 ? 再按 <ENTER> 可以看到可用的指令。而我們想要做的是修改 Configuration Register,由 0x2102 改成 0x2142,指令是 confreg 2142,然後用指令 reset 重新開機。
rommon 1 > ? alias set and display aliases command boot boot up an external process confreg configuration register utility dev list the device table dir list files in file system help monitor builtin command help history monitor command history meminfo main memory information repeat repeat a monitor command reset system reset set display the monitor variables showmon display currently selected ROM monitor sync write monitor environment to NVRAM token display board's unique token identifier unalias unset an alias unset unset a monitor variable rommon 2 > confreg 2142 You must reset or power cycle for new config to take effect rommon 3 > reset Resetting .......
- 這次開機讓它載入 IOS,最後因為沒有載入 Startup Configuration 而出現 Initial Configuration Dialog 模式,輸入 no 跳過,這時不用密碼也可進入 Enable Mode 了。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]: no Router> Router>enable Router#
- 由於剛才跳過了載入 Startup Configuration,現在手動把 Startup Configuration 抄寫至 Running Configuration,現在可以修改密碼了,最後別忘記 write memory 把 Configuration 儲存至 Startup Configuration。
Router#copy startup-config running-config Destination filename [running-config]? Router#configure terminal Router(conf)# Router(config)#enable secret cisco Router(config)#end Router# Router#write memory Building configuration... [OK]
- 重新開機,再次按鍵盤 Ctrl-Break (如 Mac 可按 Ctrl-Delete) 進入 rommon 模式,把 Configuration Register 回復至 0x2102 並重新開機,重設密碼的步驟便完成了。
rommon 1 > confreg 2102 You must reset or power cycle for new config to take effect rommon 2 > reset Resetting .......
2900/3500 系列 Switch 開機步驟
傳統 2900 及 3500 系列,沒有 Configuration Register 概念,開機步驟如下:
- POST (Power On Self Test) – 自我檢查一下。
- flash_init – 載入一個叫 flash_init 的小程式,用作讀取 flash 裡的檔案。
Initializing Flash... mifs[2]: 12 files, 1 directories mifs[2]: Total bytes : 1806336 mifs[2]: Bytes used : 831488 mifs[2]: Bytes available : 974848 mifs[2]: mifs fsck took 0 seconds. mifs[3]: 0 files, 1 directories mifs[3]: Total bytes : 3870720 mifs[3]: Bytes used : 1024 mifs[3]: Bytes available : 3869696 mifs[3]: mifs fsck took 1 seconds. mifs[4]: 5 files, 1 directories mifs[4]: Total bytes : 258048 mifs[4]: Bytes used : 8192 mifs[4]: Bytes available : 249856 mifs[4]: mifs fsck took 0 seconds. mifs[5]: 5 files, 1 directories mifs[5]: Total bytes : 258048 mifs[5]: Bytes used : 8192 mifs[5]: Bytes available : 249856 mifs[5]: mifs fsck took 0 seconds. mifs[6]: 5 files, 2 directories mifs[6]: Total bytes : 57931776 mifs[6]: Bytes used : 16562688 mifs[6]: Bytes available : 41369088 mifs[6]: mifs fsck took 9 seconds. ...done Initializing Flash.
- 載入 IOS – 依 Flash、TFTP 和 ROM 的次序載入 IOS。
- 載入 Startup Configuration – 如 Flash 中有 config.text 這個檔案則載入,否則進入 System Configuration Dialog 模式。
由於 2900 及 3500 系列的 Switch 沒有 Configuration Register,要跳過載入 Startup Configuration 只需在 flash 把 config.text 檔名改掉便可。
2950/2960/3550/3560 Switch 重設密碼步驟
- Switch 沒有開關按鈕,一插電制便開機了,在插電制的同時按著面版上的 Mode 按鈕,直至 Switch 進入 Password-recovery 模式。
Using driver version 3 for media type 1 Base ethernet MAC Address: aa:aa:aa:aa:aa:aa Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot switch: - 輸入 flash_init 掛載 flash 檔案系統,然後輸入 dir flash: 應可看到 flash 裡面的檔案列表。
switch: flash_init Initializing Flash... mifs[2]: 12 files, 1 directories mifs[2]: Total bytes : 1806336 mifs[2]: Bytes used : 831488 mifs[2]: Bytes available : 974848 mifs[2]: mifs fsck took 0 seconds. mifs[3]: 0 files, 1 directories mifs[3]: Total bytes : 3870720 mifs[3]: Bytes used : 1024 mifs[3]: Bytes available : 3869696 mifs[3]: mifs fsck took 1 seconds. mifs[4]: 5 files, 1 directories mifs[4]: Total bytes : 258048 mifs[4]: Bytes used : 8192 mifs[4]: Bytes available : 249856 mifs[4]: mifs fsck took 0 seconds. mifs[5]: 5 files, 1 directories mifs[5]: Total bytes : 258048 mifs[5]: Bytes used : 8192 mifs[5]: Bytes available : 249856 mifs[5]: mifs fsck took 0 seconds. mifs[6]: 5 files, 2 directories mifs[6]: Total bytes : 57931776 mifs[6]: Bytes used : 16562688 mifs[6]: Bytes available : 41369088 mifs[6]: mifs fsck took 9 seconds. ...done Initializing Flash. switch: switch: dir flash: Directory of flash:/ 2 -rwx 1492 <date> config.text 3 -rwx 16353536 <date> c2960s-universalk9-mz.152-1.E.bin 4 -rwx 5 <date> private-config.text 5 -rwx 3096 <date> multiple-fs 6 drwx 512 <date> dc_profile_dir 41369088 bytes available (16562688 bytes used)
- 把 flash 裡面的 config.text 更改檔案名成 config.bak,然後用指令 boot 開始載入 IOS。
switch: rename flash:config.text flash:config.bak switch: boot Loading "flash:c2960s-universalk9-mz.152-1.E.bin"...@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- 由於系統找不到 config.text,因而沒法載入 Startup Configuration 而出現 Initial Configuration Dialog 模式,輸入 no 跳過,這時不用密碼也可進入 Enable Mode 了。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]: no Switch> Switch>enable Switch#
- 把 flash:config.bak 改回 flash:config.text,然後把 startup-config 抄至 running-config,現在可以修改密碼了,最後別忘記 write memory 把 Configuration 儲存至 Startup Configuration。重設密碼步驟完成。
Switch#rename flash:config.bak flash:config.text Switch#copy startup-config running-config Switch#configure terminal Switch(conf)# Switch(config)#enable secret cisco Switch(config)#end Switch# Switch#write memory Building configuration... [OK]
3650/3850 Switch 重設密碼步驟
從 3650 開始,Switch 的 IOS 改用 Linux Base,重設密碼方法又有點不同,步驟如下:
- 在插電制時先按著面版上的 Mode 去中斷正常開機程序。
- 輸入指令 SWITCH_IGNORE_STARTUP_CFG=1 (全大寫),這樣就會跳過載入 Startup Configuration。
Booting... Interface GE 0 link down***ERROR: PHY link is down The system has been interrupted prior to initializing some filesystems and loading the operating system software. Console will be reset to 9600 baud rate, need to change terminal setting first. The following commands will initialize the remaining filesystems, and finish loading the operating system software: flash_init boot switch: SWITCH_IGNORE_STARTUP_CFG=1 - 輸入指令 flash_init 和 boot 把 IOS 載入。
- 系統進入 Initial Configuration Dialog 模式,輸入 no 跳過,這時不用密碼也可進入 Enable Mode 了。
--- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]: no Switch> Switch>enable Switch#
- 由於剛才跳過了載入 Startup Configuration,所以手動把 Startup Configuration 抄寫至 Running Configuration,現在可以修改密碼了,最後別忘記 write memory 把 Configuration 儲存至 Startup Configuration。
Switch#copy startup-config running-config Destination filename [running-config]? Switch#configure terminal Switch(conf)# Switch(config)#enable secret cisco Switch(config)#end Switch# Switch#write memory Building configuration... [OK]
- 重新開機,再次按住 mode 按鈕去中斷正常開機程序,把 SWITCH_IGNORE_STARTUP_CFG 的值改回 0,然後輸入指令 flash_init 和 boot 繼續開機程序。重設密碼步驟完成。
Booting... Interface GE 0 link down***ERROR: PHY link is down The system has been interrupted prior to initializing some filesystems and loading the operating system software. Console will be reset to 9600 baud rate, need to change terminal setting first. The following commands will initialize the remaining filesystems, and finish loading the operating system software: flash_init boot switch: SWITCH_IGNORE_STARTUP_CFG=0
相關主題
Jan Ho 2019-05-18
Posted In: 基本網絡知識 Basic Concept