路由器 : 思科 3800 系列集成多业务路由器

Cisco 1900 集成多业务路由器口令恢复步骤

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 22 日) | 反馈


目录


简介

本文档介绍如何恢复启用口令启用加密口令。这些口令可对特权执行和配置模式的访问权限进行保护。启用口令可以恢复,但是启用加密口令经过了加密,必须使用新口令进行替换。请使用本文档介绍的过程替换 enable secret 口令。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下硬件版本:

  • Cisco 1900 系列集成服务路由器

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

相关产品

有关如何恢复相关产品口令的信息,请参阅口令恢复过程

规则

有关文档规则的信息,请参阅 Cisco 技术提示规则

逐步程序

请执行以下步骤以恢复口令:

  1. 将终端或带终端仿真功能的 PC 连接到路由器的控制台端口。使用以下终端设置:

    • 9600 波特率

    • 无奇偶校验

    • 8 个数据位

    • 1 个停止位

    • 无流控制

    有关如何使用电缆将终端连接到控制台端口或 AUX 端口的信息,请参阅以下文档:

  2. 如果可以访问路由器,请在提示符处键入 show version,并且记录配置寄存器设置。请参阅口令恢复过程示例,查看 show version 命令的输出。

    注意: 配置寄存器通常设置为 0x2102 或 0x102。如果(由于丢失登录口令或 TACACS 口令)无法再访问路由器,则完全可以假设配置寄存器已设置为 0x2102

  3. 使用电源开关关闭路由器,然后重新打开。

    注意: 

    • 要在 Cisco 6400 上模拟此步骤,请将节点路由处理器 (NRP) 或节点交换机处理器 (NSP) 卡拔出,然后再插入。

    • 要在带有 NI-2 的 Cisco 6x00 上模拟此步骤,请将 NI-2 卡拔出,然后再插入。

  4. 在终端键盘上按几次 Break(在看到消息 program load complete, entry point:0x80008000, size:0x6fdb4c 后),以便将路由器置于 ROMMON 模式。

    注意: 入口点和大小的值因路由器而异。

    如果中断顺序不起作用,请参阅口令恢复过程中的标准break键序列组合,获取其他键组合。

    如果无法进入 ROMMON 模式,请执行以下步骤:

    1. 取下闪存。

    2. 重新加载路由器。路由器将最终处于 ROMMON 模式。

    3. 插入闪存。

    4. 执行标准的口令恢复步骤。

  5. 在 rommon 1> 提示符处键入 confreg 0x2142,以便从闪存启动。

    此步骤将会跳过存储口令的启动配置。

  6. 在 rommon 2> 提示符处键入 reset

    路由器将会重新启动,但是会忽略保存的配置。

  7. 在每个设置问题后键入 no 或按 Ctrl-C,跳过初始设置过程。

  8. 在 Router> 提示符处键入 enable

    您将进入启用模式,此时应看到 Router# 提示符。

  9. 键入 configure memorycopy startup-config running-config,将非易失性 RAM (NVRAM) 复制到内存中。

    警告 警告: 输入 copy running-config startup-configwrite。这些命令将会擦除您的启动配置。

  10. 键入 show running-config

    show running-config 命令将会显示路由器的配置。在此配置中,在所有接口下将会出现 shutdown 命令,显示当前关闭的所有接口。此外,口令(启用口令、启用加密、vty、控制台口令)可能是加密格式,也可能是未加密格式。您可重复使用未加密的口令,您必须将加密的口令更改为新口令。

  11. 键入 configure terminal

    此时将会显示 hostname(config)# 提示符。

  12. 键入 enable secret <password>,以更改启用加密口令。例如:

    hostname(config)#enable secret cisco
    
    
  13. 在所用的每个接口上发出 no shutdown 命令。

    如果发出 show ip interface brief 命令,则要使用的每个接口都应显示 up up

  14. 键入 config-register <configuration_register_setting>。其中 configuration_register_setting 的值为步骤 2 中记录的值或 0x2102。例如:

    hostname(config)#config-register 0x2102
    
    
  15. Ctrl-zend,离开配置模式。

    此时将会显示 hostname# 提示符。

  16. 键入 write memorycopy running-config startup-config,以提交更改。

密码恢复程序示例

本部分提供了一个口令恢复过程的示例。此示例是使用 Cisco 2900 系列 ISR 创建的。即使您使用的不是 Cisco 2900 系列 ISR,以下输出也可为您的产品体验提供示例。

Router>enable
Password:
Password:
Password:
% Bad secrets

Router>show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, 
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

c2921-CCP-1-xfr uptime is 2 weeks, 22 hours, 15 minutes
System returned to ROM by reload at 06:06:52 PCTime Mon Apr 2 1900
System restarted at 06:08:03 PCTime Mon Apr 2 1900
System image file is "flash:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)

Technology Package License Information for Module:'c2900'

----------------------------------------------------------------
Technology    Technology-package          Technology-package
              Current       Type          Next reboot
-----------------------------------------------------------------
ipbase        ipbasek9      Permanent     ipbasek9
security      securityk9    Permanent     securityk9
uc            uck9          Permanent     uck9
data          datak9        Permanent     datak9

Configuration register is 0x2102


Router>



!--- The router was just powercycled, and during bootup a
!--- break sequence was sent to the router after seeing the following message
!--- program load complete, entry point: 0x80008000, size: 0x6fdb4c.


!

rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)
Copyright (c) 2009 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2900 platform with 524288 Kbytes of main memory


program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################
##############################################################
##############################################################
##############################################################
############################### [OK]


 Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

 cisco Systems, Inc.
 170 West Tasman Drive
 San Jose, California 95134-1706

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)


 --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0, 
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
 changed state to up
Router>
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, 
changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, 
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, 
changed state to down
00:00:50: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team
00:00:50: %LINK-5-CHANGED: Interface BRI0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/1, 
changed state to administratively down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, 
changed state to down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, 
changed state to down
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, 
changed state to down
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, 
changed state to down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret < password >
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
Router#show ip interface brief

Interface   IP-Address        OK?  Method     Status                   Protocol
Ethernet0/0 10.200.40.37      YES  TFTP       administratively down    down
Serial0/0   unassigned        YES  TFTP       administratively down    down
BRI0/0      193.251.121.157   YES  unset      administratively down    down
BRI0/0:1    unassigned        YES  unset      administratively down    down
BRI0/0:2    unassigned        YES  unset      administratively down    down
Ethernet0/1 unassigned        YES  TFTP       administratively down    down
Serial0/1   unassigned        YES  TFTP       administratively down    down
Loopback0   193.251.121.157   YES  TFTP       up                       up
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Ethernet0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, 
changed state to up
Router(config-if)#interface BRI0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, 
TEI 68 changed to up
Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

c2921-CCP-1-xfr uptime is 2 weeks, 22 hours, 15 minutes
System returned to ROM by reload at 06:06:52 PCTime Mon Apr 2 1900
System restarted at 06:08:03 PCTime Mon Apr 2 1900
System image file is "flash:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)

Configuration register is 0x2102

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

c2921-CCP-1-xfr uptime is 2 weeks, 22 hours, 15 minutes
System returned to ROM by reload at 06:06:52 PCTime Mon Apr 2 1900
System restarted at 06:08:03 PCTime Mon Apr 2 1900
System image file is "flash:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Router#

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 112058