Cisco IOS XR ROM Monitor Guide, Release 3.4 - Password Recovery in ROM Monitor Mode [Cisco IOS XR Software (End-of-Sale)]

Table Of Contents

Password Recovery in ROM Monitor Mode

Recovering the Root Password on Single-RP Routers

Recovering the Root Password on Redundant-RP Routers

Bypassing ksh Authentication

Password Recovery in ROM Monitor Mode

If the root password is forgotten, it can be recovered only at the DSC. To recover the password at the DSC, set the configuration register to 0x42 on the active RP and reboot the router. When the router boots, a password recovery dialog appears. This dialog prompts you to reset the root-system username and password. After you save the new password, the configuration register automatically resets to the prior value (such as 0x2102).

This chapter also includes instructions to bypass ksh authentication on a node.

This chapter contains the following sections:

•Recovering the Root Password on Single-RP Routers

•Recovering the Root Password on Redundant-RP Routers

•Bypassing ksh Authentication

Recovering the Root Password on Single-RP Routers

Use the following procedure to recover the router password from a router with a single RP.

Step 1 Place the router in ROM Monitor mode, as described in Entering ROM Monitor Mode.

Step 2 Set the RP configuration register to 0x42 at the ROMMON prompt:
rommon 1 > confreg 0x42
Note The configuration register is not an environment variable like TURBOBOOT (which is described earlier in this chapter). Do not enter an equal sign when entering the confreg command.

Step 3 Reset or power cycle the router so that the new setting can take effect:
rommon 2 > reset
Step 4 Press Return at the prompt to enter the password recovery dialog. Then enter the new root-system username and password and save the configuration.
router con0/0/CPU0 is now available
Press RETURN to get started.
--- Administrative User Dialog ---
  Enter root-system username: user
  Enter secret: 
  Enter secret again:
RP/0/0/CPU0:Jan 10 12:50:53.105 : exec[65652]: %MGBL-CONFIG-6-DB_COMMIT :
'Administration configuration committed by system'. Use 'show configuration commit changes 
2000000009' to view the changes.
Use the 'admin' mode 'configure' command to modify this configuration.
User Access Verification
Username: user
Password: 
RP/0/0/CPU0:router#
Recovering the Root Password on Redundant-RP Routers

Use the following procedure to recover the router password from a router with redundant RPs.

Step 1 Place both RPs in ROM Monitor mode, as described in Entering ROM Monitor Mode.

Step 2 Set the configuration register of the standby RP to 0x0 so that the standby RP does not take control during the password recovery:
rommon 1> confreg 0x0
Note The configuration register is not an environment variable like TURBOBOOT (which is described earlier in this chapter). Do not enter an equal sign when entering the confreg command.

Step 3 Set the active RP configuration register to 0x42:
rommon 1 > confreg 0x42
Step 4 Reset or power cycle the router so that the new setting can take effect:
rommon 2 > reset
Step 5 Press Return at the prompt to enter the password recovery dialog. Then enter the new root-system username and password and save the configuration, as shown in the following example:
router con0/0/CPU0 is now available
Press RETURN to get started.
--- Administrative User Dialog ---
  Enter root-system username: user
  Enter secret: 
  Enter secret again:
RP/0/0/CPU0:Jan 10 12:50:53.105 : exec[65652]: %MGBL-CONFIG-6-DB_COMMIT :
'Administration configuration committed by system'. Use 'show configuration commit changes 
2000000009' to view the changes.
Use the 'admin' mode 'configure' command to modify this configuration.
User Access Verification
Username: user
Password: 
RP/0/0/CPU0:router#
Step 6 Set the configuration register of the standby RP to 0x102:
rommon 1> confreg 0x102
Step 7 Reset the standby RP so that the new setting can take effect and the standby RP becomes operational:
rommon 2 > reset
Bypassing ksh Authentication

You can also bypass the ksh authentication for the auxiliary port of the route processor (RP), standby RP, and distributed RP cards and for console and auxiliary ports of line cards (LCs) and service processors (SPs). The situations where ksh authentication may need to be bypassed include the following:

•DSC (active RP) disk0 corruption

•Loss of Qnet connectivity

•Inability to determine the node ID of the DSC (ACTIVE RP)

For information and instructions to bypass ksh authentication, see the "Configuring AAA Services on Cisco IOS XR Software" chapter of Cisco IOS XR System Security Configuration Guide.

	Cisco IOS XR ROM Monitor Guide, Release 3.4
	Password Recovery in ROM Monitor Mode
Cisco IOS XR ROM Monitor Guide, Release 3.4 Preface ROM Monitor Overview and Basic Procedures Router Recovery with ROM Monitor Managing Configuration Files in ROM Monitor Password Recovery in ROM Monitor Mode Upgrading and Downgrading ROM MonitorFirmware on Cisco CRS-1 Routers Upgrading and Downgrading ROM MonitorFirmware on Cisco CRS-1 Routers Index	Download this chapter Password Recovery in ROM Monitor Mode Download the complete book Book-level PDF: Cisco IOS XR ROM Monitor Guide (PDF - 1 MB) Feedback Table Of Contents Password Recovery in ROM Monitor Mode Recovering the Root Password on Single-RP Routers Recovering the Root Password on Redundant-RP Routers Bypassing ksh Authentication Password Recovery in ROM Monitor Mode If the root password is forgotten, it can be recovered only at the DSC. To recover the password at the DSC, set the configuration register to 0x42 on the active RP and reboot the router. When the router boots, a password recovery dialog appears. This dialog prompts you to reset the root-system username and password. After you save the new password, the configuration register automatically resets to the prior value (such as 0x2102). This chapter also includes instructions to bypass ksh authentication on a node. This chapter contains the following sections: •Recovering the Root Password on Single-RP Routers •Recovering the Root Password on Redundant-RP Routers •Bypassing ksh Authentication Recovering the Root Password on Single-RP Routers Use the following procedure to recover the router password from a router with a single RP. Step 1 Place the router in ROM Monitor mode, as described in Entering ROM Monitor Mode. Step 2 Set the RP configuration register to 0x42 at the ROMMON prompt: rommon 1 > confreg 0x42 Note The configuration register is not an environment variable like TURBOBOOT (which is described earlier in this chapter). Do not enter an equal sign when entering the confreg command. Step 3 Reset or power cycle the router so that the new setting can take effect: rommon 2 > reset Step 4 Press Return at the prompt to enter the password recovery dialog. Then enter the new root-system username and password and save the configuration. router con0/0/CPU0 is now available Press RETURN to get started. --- Administrative User Dialog --- Enter root-system username: user Enter secret: Enter secret again: RP/0/0/CPU0:Jan 10 12:50:53.105 : exec[65652]: %MGBL-CONFIG-6-DB_COMMIT : 'Administration configuration committed by system'. Use 'show configuration commit changes 2000000009' to view the changes. Use the 'admin' mode 'configure' command to modify this configuration. User Access Verification Username: user Password: RP/0/0/CPU0:router# Recovering the Root Password on Redundant-RP Routers Use the following procedure to recover the router password from a router with redundant RPs. Step 1 Place both RPs in ROM Monitor mode, as described in Entering ROM Monitor Mode. Step 2 Set the configuration register of the standby RP to 0x0 so that the standby RP does not take control during the password recovery: rommon 1> confreg 0x0 Note The configuration register is not an environment variable like TURBOBOOT (which is described earlier in this chapter). Do not enter an equal sign when entering the confreg command. Step 3 Set the active RP configuration register to 0x42: rommon 1 > confreg 0x42 Step 4 Reset or power cycle the router so that the new setting can take effect: rommon 2 > reset Step 5 Press Return at the prompt to enter the password recovery dialog. Then enter the new root-system username and password and save the configuration, as shown in the following example: router con0/0/CPU0 is now available Press RETURN to get started. --- Administrative User Dialog --- Enter root-system username: user Enter secret: Enter secret again: RP/0/0/CPU0:Jan 10 12:50:53.105 : exec[65652]: %MGBL-CONFIG-6-DB_COMMIT : 'Administration configuration committed by system'. Use 'show configuration commit changes 2000000009' to view the changes. Use the 'admin' mode 'configure' command to modify this configuration. User Access Verification Username: user Password: RP/0/0/CPU0:router# Step 6 Set the configuration register of the standby RP to 0x102: rommon 1> confreg 0x102 Step 7 Reset the standby RP so that the new setting can take effect and the standby RP becomes operational: rommon 2 > reset Bypassing ksh Authentication You can also bypass the ksh authentication for the auxiliary port of the route processor (RP), standby RP, and distributed RP cards and for console and auxiliary ports of line cards (LCs) and service processors (SPs). The situations where ksh authentication may need to be bypassed include the following: •DSC (active RP) disk0 corruption •Loss of Qnet connectivity •Inability to determine the node ID of the DSC (ACTIVE RP) For information and instructions to bypass ksh authentication, see the "Configuring AAA Services on Cisco IOS XR Software" chapter of Cisco IOS XR System Security Configuration Guide.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks