路由器 : 思科 800 系列路由器

Cisco 801、802、803、804, 805个, 811个和813个系列路由器的密码恢复过程

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 22 日) | 反馈


目录


简介

本文档介绍如何恢复启用口令启用加密口令。这些口令可对特权执行和配置模式的访问权限进行保护。启用口令可以恢复,但是启用加密口令经过了加密,必须使用新口令进行替换。请使用本文档介绍的过程替换 enable secret 口令。

要在 Cisco 806、826、827、828、831、836 和 837 系列路由器上恢复口令,请参阅 Cisco 806、826、827、828、831、836 和 837 系列路由器的口令恢复过程

注意: 某些 Cisco 800 系列路由器可能出现引导问题。Cisco 801、802、803、804, 805, 811和813路由器启动到TinyRom在通电或,在他们保存从控制台端口的所有配置用Cisco IOS 软件版本12.1(3)和以上后。有关此问题的示例,请参阅 Field Notice:Cisco 801-805 及 Cisco 811 和 813 引导到 TinyROM

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下硬件版本:

  • Cisco 801 系列路由器

  • Cisco 802 系列路由器

  • Cisco 803 系列路由器

  • Cisco 804 系列路由器

  • Cisco 805 系列路由器

  • Cisco 811 系列路由器

  • Cisco 813 系列路由器

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

相关产品

有关如何恢复相关产品口令的信息,请参阅口令恢复过程

规则

有关文档规则的信息,请参阅 Cisco 技术提示规则

逐步程序

请执行以下步骤以恢复口令:

  1. 将终端或带终端仿真功能的 PC 连接到路由器的控制台端口。

    使用以下终端设置:

    • 9600 波特率

    • 无奇偶校验

    • 8 个数据位

    • 1 个停止位

    • 无流控制

    有关所需控制台电缆的规范,请参阅控制台和 AUX 端口布线指南

  2. 使用电源开关关闭路由器,然后重新打开。

  3. 在启动后的 60 秒内按下终端键盘上的 Break 键,使路由器进入 ROMMON 模式。

    如果中断顺序不起作用,请参阅口令恢复过程中的标准break键序列组合,获取其他键组合。

  4. 在 boot# 提示符处键入 set,并记录配置寄存器的当前值。

    boot#set 
    set baud           =9600 
    set data-bits      =8 
    set parity         =none     
    set stop-bits      =1 
    set console-flags  =0 
    set mac-address    =0050.7307.C329 
    set unit-ip        =10.200.40.65      
    set serv-ip        =255.255.255.255      
    set netmask        =255.255.252.0      
    set gate-ip        =10.200.40.1     
    set pkt-timeout    =8 
    set tftp-timeout   =16 
    set boot-action    =flash
    set file-name      ="c800-nsy6-mw.122-10b.bin"      
    set watchdog       =off 
    set prompt         ="boot"      
    set ios-conf       =0x2102 
    !--- The ios-conf variable sets the value for the
    !--- configuration register. Record this value.
    
    
  5. 在看到boot#提示后输入set ios-conf = 142。

    注意: 如果闪存是完好的,则最佳设置为 142。如果未安装闪存或者已擦除,则使用 141。使用此设置,您可查看或擦除配置,但不能更改口令。

  6. 在 boot# 提示符处键入 boot,以初始化路由器。

    路由器将会重新启动,但是会忽略保存的配置。

  7. 在每个设置问题后键入 no 或按 Ctrl-C,跳过初始设置过程。

  8. 在 Router> 提示符处键入 enable

    一旦出现 Router# 提示符,您就将进入启用模式。

  9. 键入 configure memorycopy startup-config running-config,将非易失性 RAM (NVRAM) 复制到内存中。

    重要信息:键入 copy running-config startup-configwrite。这些命令将会擦除您的启动配置。

  10. 键入 show running-config

    show running-config 命令将会显示路由器的配置。在此配置中,在所有接口下将会出现 shutdown 命令,显示当前关闭的所有接口。此外,口令(启用口令、启用加密、vty、控制台口令)可能是加密格式,也可能是未加密格式。您可重复使用未加密的口令,您必须将加密的口令更改为新口令。

  11. 键入 configure terminal

    此时将会显示 hostname(config)# 提示符。

  12. 键入 enable secret <password>,以更改启用加密口令。例如:

    hostname(config)#enable secret cisco
    
    
  13. 在所用的每个接口上发出 no shutdown 命令。

    如果发出 show ip interface brief 命令,则要使用的每个接口都显示 up up

  14. 键入 config-register <configuration_register_setting>。其中 configuration_register_setting 的值为步骤 2 中记录的值或 0x2102。例如:

    hostname(config)#config-register 0x2102
    
    
  15. Ctrl-zend,离开配置模式。

    此时将会显示 hostname# 提示符。

  16. 键入 write memcopy running startup,以提交更改。

  17. 键入 reload

    一旦路由器重新加载,配置寄存器值将从 0x142 更改成 0x2102

输出示例

本部分提供了一个口令恢复过程的示例。此示例是使用 Cisco 803 系列路由器创建的。即使您使用的不是 Cisco 803 系列路由器,以下输出也可为您的产品体验提供示例。

Router>show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

ROM: TinyROM version 1.0(3)
leased uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"

Cisco C803 (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)

Configuration register is 0x2102

!--- The router was just powercycled. 
!--- At bootup a break sequence is sent to the router.

 
TinyROM version 1.0(3)
Fri Apr 30 18:22:12 1999
Copyright (c) 1998-1999 by cisco Systems, Inc.
All rights reserved.

POST ......... OK. 12MB DRAM, 8MB Flash.
boot# set 
set baud           =9600 
set data-bits      =8 
set parity         =none     
set stop-bits      =1 
set console-flags  =0 
set mac-address    =0050.7307.C329 
set unit-ip        =10.200.40.65      
set serv-ip        =255.255.255.255      
set netmask        =255.255.252.0      
set gate-ip        =10.200.40.1     
set pkt-timeout    =8 
set tftp-timeout   =16 
set boot-action    =flash
set file-name      ="c800-nsy6-mw.122-10b.bin"      
set watchdog       =off 
set prompt         ="boot"      
set ios-conf       =0x2102


boot# set ios-conf = 142 
!--You can use 0x142 or 0x2142.

boot# boot

Booting "c800-nsy6-mw.122-10b.bin"...,
        Restricted Rights Legend

Use, duplication, or disclosure by the Government is 
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

      cisco Systems, Inc.
      170 West Tasman Drive
      San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-Y6-MW), Version
12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

Cisco C803  (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)


    --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no


Press RETURN to get started! (press Enter)

00:26:02: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
00:26:02: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
00:26:02: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down
00:26:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state to down
00:26:03: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down
00:26:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state 
to down

Router>enable

Router#copy startup-config running-config
Destination filename [running-config]?  (press Enter)

% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
797 bytes copied in 2.304 secs (346 bytes/sec)

00:27:47: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:27:47: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down
00:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to down

注意: 将配置文件从 NVRAM 复制到 RAM 后,您可执行以下某个过程:

  • 口令恢复 - 如果已配置启用口令(以纯文本格式),则执行此过程。

  • 口令替换 - 如果已根据上次配置口令的方式配置启用加密口令(以加密格式),则执行此过程。

注意: 要检查在路由器上配置口令的格式,请使用 show running-config 命令,并在配置中查找启用口令启用加密口令。有关详细信息,请参阅启用口令恢复示例口令替换示例

启用口令恢复示例

show running-config 命令的此示例输出表示已配置启用口令

Router#show running-config
Building configuration...
Current configuration : 820 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash c800-nsy6-mw.122-10b.bin
enable password cisco


!--- Here the password is plain text. You can either maintain 
!--- the same password or replace it with a new password.

!--- Output omitted.

口令替换示例

show running-config 命令的此示例输出表示已配置启用加密口令。结果,如此示例所示,您可执行口令替换。

Router#show running-config
Building configuration...
Current configuration : 835 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash c800-nsy6-mw.122-10b.bin
enable secret 5 $1$O80N$NjrO/6P5jpi0PZYzAj/vX0


!--- Password replacement is performed because 
!--- the password is encrypted.

!--- Output omitted.


Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret letmein
Router(config)#
00:03:39: %SYS-5-CONFIG_I: Configured from console by console

一旦完成口令恢复或替换,则剩余步骤都相同,如此示例所示:

Router#show ip interface brief 
Interface   IP-Address      OK?    Method   Status                 Protocol
BRI0        unassigned      YES    TFTP     administratively down  down
BRI0:1      unassigned      YES    unset    administratively down  down
BRI0:2      unassigned      YES    unset    administratively down  down
Ethernet0   10.200.40.65    YES    TFTP     administratively down  down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#no shutdown
Router(config-if)#
00:30:02: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:30:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router(config)#config-reg 0x2102
Router(config)#^Z
Router#
00:04:36: %SYS-5-CONFIG_I: Configured from console by console
Router#write memory

发出 config-reg 0x2102 命令后,不会立即应用新的配置寄存器值。只有在重新加载路由器之后,才会应用新值。show version 命令的此输出显示当前值 (0x142) 和下次重新加载后应用的值 (0x2102)。

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

ROM: TinyROM version 1.0(3)
leased uptime is 7 minutes
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"

Cisco C803  (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)

Configuration register is 0x142
 
!--- This value becomes 0x2102 at next reload.

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

ROM: TinyROM version 1.0(3)
leased uptime is 0 minutes
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"

Cisco C803  (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)

Configuration register is 0x2102

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 12732