本文描述如何恢复Firepower 9300/4100系列工具的Supervisor管理输入-输出(减少)密码。
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
本文档中的信息基于以下硬件版本:
• Cisco Firepower 4100系列和9300种工具。
The information in this document was created from the devices in a specific lab environment.All of the devices used in this document started with a cleared (default) configuration.If your network is live, make sure that you understand the potential impact of any command.
背景信息
当用户忘记Supervisor减少密码时,密码恢复流程执行。当您执行密码恢复流程时,要达到此,所有数据库文件和配置被重置对工厂默认设置。
Note:不应该使用此程序重置已经知道的密码。
逐步密码恢复流程
为了恢复减少的Supervisor的密码,请执行这些步骤:
步骤1.Connect对控制台端口的PC使用提供的控制台电缆,和连接到控制台使用为9600波特设置的终端仿真器, 8数据位,无奇偶校验, 1个结束位,没有流控制。检查Cisco Firepower 9300硬件安装指南关于控制台电缆的更多信息。
Note:密码恢复需要对FXO Supervisor的控制台访问。
步骤2.停电系统,然后通电它。
第 3 步:当引导时,请按ESC或CTRL+ L键,当提示您输入ROMmon模式时。
!! Rommon image verified successfully !!
Cisco System ROMMON, Version 1.0.09, RELEASE SOFTWARE
Copyright (c) 1994-2015 by Cisco Systems, Inc.
Compiled Thu 05/28/2015 17:21:39.46 by gilchen
Current image running: Boot ROM0
Last reset cause: ResetRequest
DIMM Slot 0 : Present
DIMM Slot 1 : Present
No USB drive !!
BIOS has been locked !!
Platform FPR9K-SUP with 16384 Mbytes of main memory
MAC Address: b0:aa:77:2f:93:74
find the string ! boot bootflash:/installables/switch/fxos-k9-kickstart.5.0.3.N2.3.14.69.SPA bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA
Use BREAK, ESC or CTRL+L to interrupt boot.
Use SPACE to begin boot immediately.
Boot interrupted.
rommon 1 >
第 4 步: 记录下来kickstart突出显示的镜像和系统镜像以上。
bootflash:/installables/switch/fxos-k9-kickstart.5.0.3.N2.3.14.69.SPA
bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA
步骤5.负荷kickstart镜像,当您输入引导程序(kickstart镜像名称) at命令ROMmon提示。
rommon 1 > boot bootflash:/installables/switch/fxos-k9-kickstart.5.0.3.N2.3.14.69.SPA
!! Kickstart Image verified successfully !!
Linux version: 2.6.27.47 (security@cisco.com) #1 SMP Tue Nov 24 12:10:28 PST 2015
[ 0.000000] Fastboot Memory at 0c100000 of size 201326592
Usage: init 0123456SsQqAaBbCcUu
INIT: POST INIT Starts at Wed Jun 1 13:46:33 UTC 2016
can't create lock file /var/lock/mtab~302: No such file or directory (use -n flag to override)
S10mount-ramfs.supnuovaca Mounting /isan 3000m
Mounted /isan
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2015, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch(boot)#
第6.步。在switch(boot)-提示,请输入config terminal命令为了连接到Configure模式,并且尔后,请输入erase命令的管理密码重置密码。以后提示用户输入确认。
警告:如果选择Y在此提示,清除所有配置并且带来系统回到工厂默认配置。
switch(boot)#
switch(boot)# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(boot)(config)# admin-password erase
Your password and configuration will be erased!
Do you want to continue? (y/n) [n] y
步骤7.退出对switch(boot)-提示并且装载及早被保存的系统镜像完成程序。
switch(boot)(config)# exit
switch(boot)# load bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA
Uncompressing system image: bootflash:/installables/switch/fxos-k9-system.5.0.3.N2.3.14.69.SPA
<lines ommitted>
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Only minimal configuration including IP connectivity to
the Fabric interconnect and its clustering mode is performed through these steps.
Type Ctrl-C at any time to abort configuration and reboot system.
To back track or make modifications to already entered values,
complete input till end of section and answer no when prompted
to apply configuration.
You have chosen to setup a new Security Appliance. Continue? (y/n): y
Enforce strong password? (y/n) [y]: n
Enter the password for "admin":
Confirm the password for "admin":
Enter the system name: FF09-FPR9300-1
Physical Switch Mgmt0 IP address : 192.168.10.10
Physical Switch Mgmt0 IPv4 netmask : 255.255.255.0
IPv4 address of the default gateway : 192.168.10.1
Configure the DNS Server IP address? (yes/no) [n]: n
Configure the default domain name? (yes/no) [n]: n
Following configurations will be applied:
Switch Fabric=A
System Name=FF09-FPR9300-1
Enforced Strong Password=no
Physical Switch Mgmt0 IP Address=192.168.10.1
Physical Switch Mgmt0 IP Netmask=255.255.255.0
Default Gateway=192.168.10.1
Ipv6 value=0
Apply and save the configuration (select 'no' if you want to re-enter)? (yes/no): yes
Applying configuration. Please wait.
Configuration file - Ok
Cisco FPR Series Security Appliance
FF09-FPR9300-1 login:
Related Information