????????? : Cisco Catalyst 6500 系列 SSL 服务模块

Cisco Catalyst 6500系列SSL服务模块的密码恢复在本地(IOS)模式下

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2014 年 10 月 1 日) | 反馈


目录


简介

本文为密码恢复提供一个步骤在本地(IOS)模式的Cisco Catalyst 6500系列安全套接字层SSL服务模块运行软件版本1.x。为了恢复SSL服务模块运行软件版本2.1或以上的一个密码,参考恢复丢失的口令- Catalyst 6500系列SSL服务模块配置说明, 3.1

先决条件

要求

  • TFTP客户端和服务器

  • Cisco Catalyst 650x交换机或760x路由器配置和命令行界面(CLI)

使用的组件

  • 思科Catalyst 650x交换机或760x路由器用支持SSL服务模块的思科IOS�软件版本

  • Cisco密码恢复Catalyst SSL服务模块的软件版本1.x镜像

  • Catalyst SSL服务模块的Cisco正常操作软件软件版本1.x镜像

  • 思科Catalyst SSL服务模块

  • TFTP 服务器

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

逐步程序

完成这些步骤:

  1. 重新启动从维护分区的模块。在本例中, SSL模块位于插槽4。

    cat-1#hw-module module 4 reset cf:1
    Device BOOT variable for reset = <cf:1>
    Warning: Device list is not verified.
    Proceed with reload of module? [confirm]
    % reset issued for module 4
    1w4d: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set
    1w4d: SP: OS_BOOT_STATUS(4) MP OS Boot Status: finished booting
    1w4d: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Online Diagnostics...
    1w4d: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics
    1w4d: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online
  2. 当SSL模块回到联机时,请复制SSL密码恢复镜像到模块。

    注意: 您必须与Cisco技术支持中心(TAC)联系得到镜像。

    cat-1#copy tftp: pclc#4-fs:
    Address or name of remote host [171.68.191.135]?
    Source filename [password.recovery.c6svc-ssl-k9y9.1.1.bin]?
    Destination filename [password.recovery.c6svc-ssl-k9y9.1.1.bin]?
    Accessing tftp://171.68.191.135/password.recovery.c6svc-ssl-k9y9.1.1.bin...
    Loading password.recovery.c6svc-ssl-k9y9.1.1.bin from 171.68.191.135 
       (via Vlan100):
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !
    
    ---- output suppressed ----
    
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    [OK - 16214899 bytes]
    16214899 bytes copied in 283.852 secs (57124 bytes/sec)
  3. 当TFTP完成时,请等五到十分钟,直到您看到消息表明您能重置模块。

    1w4d: %SVCLC-SP-5-STRRECVD: mod 4: <Application upgrade has started>
    1w4d: %SVCLC-SP-5-STRRECVD: mod 4: <Do not reset the module till upgrade 
       completes!!>
    1w4d: %SVCLC-SP-5-STRRECVD: mod 4: <Application upgrade has succeeded>
    1w4d: %SVCLC-SP-5-STRRECVD: mod 4: <You can now reset the module>
  4. 为了重置模块,请发出hw-module模块4重置的cf:4命令。

    cat-1#hw-module module 4 reset cf:4
    Device BOOT variable for reset = <cf:4>
    Warning: Device list is not verified.
    Proceed with reload of module? [confirm]
    % reset issued for module 4
    cat-1#
    1w4d: SP: The PC in slot 4 is shutting down. Please wait ...
    1w4d: SP: PC shutdown completed for module 4
    1w4d: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Reset)
    1w4d: SP: OS_BOOT_STATUS(4) AP OS Boot Status: finished booting
    1w4d: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Online
    Diagnostics...
    1w4d: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics
    1w4d: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online
    cat-1#
  5. 当模块重置时,没有密码,您能访问SSL模块。输入可用模式(没有密码),通过4清除从线路控制台0的现有密码, line vty 0和特权密码或者设置新的密码如所需求。在密码设置后,请发出write memory命令

    此示例设置所有密码为在运行的配置的cisco

    cat-1#
    cat-1#session slot 4 proc 1
    The default escape character is Ctrl-^, then x.
    You can also type 'exit' at the remote prompt to end the session
    Trying 127.0.0.41 ... Open
    
    
    ssl-proxy>enable
    % No Password set
    
    ssl-proxy#
    
    ssl-proxy#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    ssl-proxy(config)#enable password cisco
    ssl-proxy(config)#line con 0
    ssl-proxy(config-line)#password cisco
    ssl-proxy(config-line)#line vty 0 4
    ssl-proxy(config-line)#password cisco
    ssl-proxy(config-line)#exit
    ssl-proxy(config)#exit
    ssl-proxy#write memory
    Saving the running configuration.
    
    
    Building Configuration...
    [OK]
    ssl-proxy#quit
    
  6. 重置SSL模块到维护分区。

    cat-1#hw module 4 reset cf:1
    Device BOOT variable for reset = <cf:1>
    Warning: Device list is not verified.
    
    Proceed with reload of module? [confirm]
    % reset issued for module 4
    cat-1#
    1w5d: SP: The PC in slot 4 is shutting down. Please wait ...
    1w5d: SP: shutdown_pc_process: No response from module 4
    1w5d: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Reset)
    1w5d: SP: OS_BOOT_STATUS(6) MP OS Boot Status: finished booting
    1w5d: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Online Diagnostics...
    1w5d: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics
    1w5d: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online
    cat-1#
  7. 升级模块对标准镜像。重新安装标准镜像是非常重要的;密码恢复镜像可能允许SSL模块的正常操作,然而,继续允许对SSL模块的访问,不用密码通过控制台、Telnet或者会话从Supervisor。

    cat-1#copy tftp pclc#4-fs:
    Address or name of remote host [171.68.191.135]?
    Source filename [c6svc-ssl-k9y9.2-1-2.bin]?
    Destination filename [c6svc-ssl-k9y9.2-1-2.bin]?
    Accessing tftp://171.68.191.135/c6svc-ssl-k9y9.2-1-2.bin...
    Loading c6svc-ssl-k9y9.2-1-2.bin from 171.68.191.135 (via Vlan100): !!!!
         lines deleted
    !!!!!!!
    [OK - 17767421 bytes]
    17767421 bytes copied in 354.192 secs (50163 bytes/sec)
    cat-1#
    1w5d: %SVCLC-SP-5-STRRECVD: mod 4: <Application upgrade has started>
    1w5d: %SVCLC-SP-5-STRRECVD: mod 4: <Do not reset the module till upgrade 
       completes!!>
    1w5d: %SVCLC-SP-5-STRRECVD: mod 4: <Application upgrade has succeeded>
    1w5d: %SVCLC-SP-5-STRRECVD: mod 4: <You can now reset the module>
    cat-1#
  8. 重新设置SSL模块到操作的分区。

    cat-1#hw module 4 reset cf:4
    Device BOOT variable for reset = <cf:4>
    Warning: Device list is not verified.
    
    Proceed with reload of module? [confirm]
    % reset issued for module 4
    cat-1#
    1w5d: SP: The PC in slot 4 is shutting down. Please wait ...
    1w5d: SP: PC shutdown completed for module 4
    1w5d: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Reset)
    1w5d: SP: OS_BOOT_STATUS(6) AP OS Boot Status: finished booting
    1w5d: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Online Diagnostics...
    1w5d: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics
    1w5d: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online
    cat-1#
    cat-1#
    cat-1#session slot 4 proc 1
    The default escape character is Ctrl-^, then x.
    You can also type 'exit' at the remote prompt to end the session
    Trying 127.0.0.41 ... Open
    
    
    User Access Verification
    
    Password:

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 47065