1.7 密码恢复
实验目的:
1、掌握路由器密码恢复。
2、掌握交换机密码恢复。
实验拓扑:
实验步骤:
一、路由器密码恢复
1、断开电源,重启路由器,并按住Ctrl+break组合键,进入rommon模式,
如下:
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
Self decompressing the p_w_picpath :
#############
monitor: command "boot" aborted due to user interrupt
rommon 1 >
2、修改路由器配置寄存值为0x2142,重启路由器,如下:
rommon 1> confreg 0x2142
rommon 2 > reset
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
Self decompressing the p_w_picpath :
########################################################################## [OK]
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
63488K bytes of ATA CompactFlash (Read/Write)
Continue with configuration dialog? [yes/no]:
Continue with configuration dialog? [yes/no]:
Continue with configuration dialog? [yes/no]:
可以看到,由于配置寄存值的原因,路由器没有读取本地配置文件。
3、进入正常操作模式,恢复配置并删除密码,如下:
①恢复配置
Router#copy startup-config running-config
Destination filename [running-config]?
520 bytes copied in 0.416 secs (1250 bytes/sec)
R1#
②查看配置
R1#show run
Building configuration...
Current configuration : 563 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
enable secret 5 $1$mERr$SFZOwQ08LKBCxfyaONDzp.
username PingingLab secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
③删除密码
R1(config)#no username PingingLab
R1(config)#no enable secret
R1(config)#line con 0
R1(config-line)#no login local
若设备本身的配置文件对我们意义不大的话,则建议直接采用write erase清空配置。
4、修改配置寄存值,如下:
R1(config)#config-register 0x2102
查看配置寄存值
R1#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang
Image text-base: 0x8000808C, data-base: 0x80A1FECC
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
ROM: C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
System returned to ROM by reload
System p_w_picpath file is "flash:c2600-i-mz.122-28.bin"
Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory
.
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
63488K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2142 (will be 0x2102 at next reload)
5、保存配置并重启路由器。
R1#write
Building configuration...
[OK]
R1#reload
Proceed with reload? [confirm]
此时,路由器密码恢复成功。
二、交换机密码恢复
1、断开电源,重启交换机,并按住交换机面板上的“mode”键盘,进入switch:模式并初始化文件系统,如下:
switch:
switch:flash_init
2、修改交换机默认配置文件的名字,重启交换机,如下:
switch:rename flash:config.text flash:config2.text
switch:boot
3、进入正常模式后,恢复配置并删除密码,如下:
①恢复配置
swith#copy flash:config2.text run
SW1#
②查看配置
SW1#show running-config
Building configuration...
Current configuration : 1145 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SW1
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
username PingingLab secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
③删除密码
SW1(config)#no username PingingLab
SW1(config)#no enable secret
SW1(config)#line console 0
SW1(config-line)#no login local
SW1(config-line)#exit
若交换机本身配置对我们没有意义,则建议直接清空配置。
4、修改交换机配置文件名字到默认命名,如下:
SW1#rename flash:config2.text flash:config.text
5、保存配置并重启交换机。
SW1#write
Building configuration...
[OK]
SW1#reload
此时交换机密码恢复成功。
PingingLab
CCIE
深圳拼客信息科技有限公司·广州大学城外环西路站
新浪微博:@拼客科技PingingLab
PingingLab微信公众号:pinginglab
PingingLab技术交流群:240920680
