取消
显示结果 
搜索替代 
您的意思是: 
cancel
8409
查看次数
26
有帮助
7
回复

求助:Cisco4503密码恢复中的难题

kevinpop1
Level 1
Level 1
本帖最后由 kevinpop1 于 2018-7-19 17:15 编辑
Cisco4503一台,原来密码不知道,进行密码恢复如下:
中断断电启动修改0x2142重新启动后,应该绕过配置文件,允许进行口令重置。可再次启动后,寄存器是0x2101,特权口令依旧存在,enable没有口令不能进入到特权模式。
现在的问题是:
1.为什么在0x2142之后还会进到0x2101加载mini IOS?
2.如何按照原来0x2142->重启->特权模式->修改口令->重启的流程进行口令恢复?
3.目前是0x2101状态,网络访问还是正常。如果再次断电重启,原来的配置文件会不会丢失?
恳请明白的大神、达人、专家、老大……帮帮忙,挠头ing
7 条回复7

ilay
VIP
VIP
本帖最后由 gengchunlin 于 2018-7-19 17:46 编辑
cat4500和路由器恢复密码的方式不太一下,(目前没有可供重启的45设备,没办法给你具体步骤)思科官方的解决步骤如下:
Step 1 Connect to the console interface.
Step 2 Stop the boot sequence and enter ROM monitor by pressing Ctrl-C during the first 5 seconds of bootup.
Step 3 Configure the switch to boot-up without reading the configuration memory (NVRAM).
Step 4 Reboot the system.
Step 5 Access enable mode (this can be done without a password if a password has not been configured).
Step 6 View or change the password, or erase the configuration.
Step 7 Reconfigure the switch to boot-up and read the NVRAM as it normally does.
Step 8 Reboot the system.
简而言之就是Ctrl +C 终止系统正常启动,然后选择不加载配置启动,进去之后,再进行操作(如:copy startup-config system:running-config等等)
0x2101重启会加载mini的os,但不会影响系统正常运行,配置加载都是正常的。
如果你需要升级系统ios,那么在0x2101寄存器值的情况下,你无法指定新的启动ios文件,只能修改为0x2102.
0x2142应该也是重启不加载配置文件,但是没有在cat4500平台试过。

kevinpop1
Level 1
Level 1
非常详尽,感激不尽!第三个问题有答案了,就是0x2101不影响正常使用。
我也是参照思科标准恢复文档操作的,https://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/21229-pswdrec-cat4000-supiii-21229.html
按照你给出的步骤,前面4步都是正常的,但Step5没有到,重启之后寄存器变成0x2101,而不是保持0x2142.是不是需要再反复尝试几次?还是有别的什么原因?

ilay
VIP
VIP
kevinpop1 发表于 2018-7-20 10:30
非常详尽,感激不尽!第三个问题有答案了,就是0x2101不影响正常使用。
我也是参照思科标准恢复文档操作的 ...

应该是修改完之后,直接boot系统吧?反复尝试估计也是一样的,理论上应该是设置完不加载配置,启动系统,然后修改密码,修改寄存器值为0x2102 ,然后重启系统。其他的也不需要做什么
你把console的输出文本收一下log吧,

kevinpop1
Level 1
Level 1
本帖最后由 kevinpop1 于 2018-7-20 12:37 编辑
加电重启的log,麻烦帮助看看
Press RETURN to get started.
C4503>
**********************************************************
* *
* Welcome to Rom Monitor for WS-X45-SUP6L-E System *
* Copyright (c) 2003-2011 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************

Checking the partition table and boot sector...
Checking FAT, Files and Directories...
Reclaiming unused space...
Updating FAT...
Rom Monitor Program Version 12.2(44r)SG10
CPU Rev: 2.1, Board Rev: 12, Board Type: 103, CPLD Nexu Rev: 12
Chassis: WS-C4503-E
Front Panel Phy is Bcm5482s
Got Mac Address: 58:8d:09:d9:e2:db
MAC Address : 58-8d-09-d9-e2-db
Ip Address : Not set.
Netmask : Not set.
Gateway : Not set.
TftpServer : Not set.
Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
rommon 1 > [interrupt]
rommon 1 > [interrupt]
rommon 2 >confreg 0x2142
usage: confreg
rommon 3 >reset     version——这里我用了个version命令,应该没影响吧
Rom Monitor Program Version 12.2(44r)SG10
Compiled Mon 14-Mar-11 10:02 by andrao-k5rommon_122_44r_SG10

Supervisor: WS-X45-SUP6L-E Chassis: WS-C4503-E
CPU Rev: 2.1, Board Rev: 12, Board Type: 103
CPLD Nexu Rev: 12, FPGA Darkside Rev: 4, Installed memory: 512 MBytes
rommon 4 >reset
Resetting .......
rommon 5 >
**********************************************************
* *
* Welcome to Rom Monitor for WS-X45-SUP6L-E System *
* Copyright (c) 2003-2011 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************

Checking the partition table and boot sector...
Checking FAT, Files and Directories...
Reclaiming unused space...
Updating FAT...
Rom Monitor Program Version 12.2(44r)SG10
CPU Rev: 2.1, Board Rev: 12, Board Type: 103, CPLD Nexu Rev: 12
Chassis: WS-C4503-E
Front Panel Phy is Bcm5482s
Got Mac Address: 58:8d:09:d9:e2:db
MAC Address : 58-8d-09-d9-e2-db
Ip Address : Not set.
Netmask : Not set.
Gateway : Not set.
TftpServer : Not set.
Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
. . . . .
******** The system will autoboot now ********
config-register = 0x2101——这里就已经变成0x2101了
Autobooting using the first file from bootflash.....
Rommon reg: 0x00004380
Reset2Reg: 0x00008EFF
#
Darkside controller 0x0B46EA76..0x0B47CE28 original size:0x00012092##
Fortooine controller 0x0B5A753F..0x0B70B6D1 original size:0x001C3EA5
##################
diagsk5 version 5.0.1
prod: WS-X45-SUP6L-E part: 73-13067-03 serial: JAE1544011L
Power-on-self-test for Module 1: WS-X45-SUP6L-E
CPU Subsystem Tests ...
seeprom: Pass
Traffic: L3 Looopback ...
Test Results: Pass
Traffic: L2 Loopback ...
Test Results: Pass
Switching Subsystem Memory ...
Packet Memory Test Results: Pass
Module 1 Passed
Rommon reg: 0x00000380
###############################################################
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x128BE57C
cisco WS-C4503-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FOX1551G0LB
MPC8548 CPU at 1GHz, Supervisor 6L-E
Last reset from PowerUp
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Press RETURN to get started!
*Jul 19 20:37:39.027: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Jul 19 20:37:39.735: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 1 (WS-X45-SUP6L-E S/N: JAE1544011L Hw: 3.0) is online
*Jul 19 20:37:39.735: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 2 (WS-X4648-RJ45-E S/N: JAE152002EE Hw: 1.0) is online
*Jul 19 20:37:41.987: %SYS-5-CONFIG_I: Configured from memory by console
*Jul 19 20:37:42.291: %SYS-5-RESTART: System restarted --
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
C4503>
*Jul 19 20:37:58.355: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/1. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
*Jul 19 20:37:58.355: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/2. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
然后在用enable命令又开始问口令了

ilay
VIP
VIP
kevinpop1 发表于 2018-7-20 12:27
加电重启的log,麻烦帮助看看
Press RETURN to get started.

。。。。。
你改完confreg 0x2142之后,不要再敲reset,直接敲boot,然后进系统。。
进系统之后copy startup-config system:running-config
然后全局模式修改密码enable password (或enable secret xxxx)
最后修改 Router(config)#config-register 0x2102

kevinpop1
Level 1
Level 1
本帖最后由 kevinpop1 于 2018-7-24 09:39 编辑
一直没有找到机会重启路由器,今天测试了一下,用boot启动也是不行。
下面是抓的log,麻烦帮助看一下,感觉有些不对,在confreg那里


**********************************************************
* *
* Welcome to Rom Monitor for WS-X45-SUP6L-E System *
* Copyright (c) 2003-2011 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************

Checking the partition table and boot sector...
Checking FAT, Files and Directories...
Reclaiming unused space...
Updating FAT...
Rom Monitor Program Version 12.2(44r)SG10
CPU Rev: 2.1, Board Rev: 12, Board Type: 103, CPLD Nexu Rev: 12
Chassis: WS-C4503-E
Front Panel Phy is Bcm5482s
Got Mac Address: 58:8d:09:d9:e2:db
MAC Address : 58-8d-09-d9-e2-db
Ip Address : Not set.
Netmask : Not set.
Gateway : Not set.
TftpServer : Not set.
Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
rommon 1 > [interrupt]
rommon 1 >dir
usage: dir { [ bootflash: ] | [ slot0: ] | [ usb0: ] }
rommon 2 >dir bootflash:
File Size (Bytes) File Name
---------------------------------------
24086230 cat4500e-lanbase-mz.150-2.SG1.bin
Total space = 128282624 bytes, Available = 101625856 bytes
rommon 3 >dir usb0:
The device has either been removed or bad device name usb0:
usage: dir { [ bootflash: ] | [ slot0: ] | [ usb0: ] }
rommon 4 >dir slot0:
File slot0: not present //这里看到三个设备,只有bootflahs:上面有个系统文件,奇怪的config没见到
rommon 5 >meminfo
Main memory size: 512 MB.
NVRAM size: 512KB
rommon 6 >version
Rom Monitor Program Version 12.2(44r)SG10
Compiled Mon 14-Mar-11 10:02 by andrao-k5rommon_122_44r_SG10

Supervisor: WS-X45-SUP6L-E Chassis: WS-C4503-E
CPU Rev: 2.1, Board Rev: 12, Board Type: 103
CPLD Nexu Rev: 12, FPGA Darkside Rev: 4, Installed memory: 512 MBytes
rommon 7 >confreg 0x2142
usage: confreg 怎么感觉这里像是报错了
rommon 8 >confreg ?
usage: confreg
rommon 9 >conf    history
1 dir
2 dir bootflash:
3 dir usb0:
4 dir slot0:
5 meminfo
6 version
7 confreg 0x2142
8 confreg ?
9 history
rommon 10 >boot //加电修改寄存器之后,这里用boot重启
Rommon reg: 0x00004380
Reset2Reg: 0x00008EFF
#
Darkside controller 0x0B46EA76..0x0B47CE28 original size:0x00012092##
Fortooine controller 0x0B5A753F..0x0B70B6D1 original size:0x001C3EA5
##################
diagsk5 version 5.0.1
prod: WS-X45-SUP6L-E part: 73-13067-03 serial: JAE1544011L
Power-on-self-test for Module 1: WS-X45-SUP6L-E
CPU Subsystem Tests ...
seeprom: Pass
Traffic: L3 Looopback ...
Test Results: Pass
Traffic: L2 Loopback ...
Test Results: Pass
Switching Subsystem Memory ...
Packet Memory Test Results: Pass
Module 1 Passed
Rommon reg: 0x00000380
###############################################################
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x128BE57C
cisco WS-C4503-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FOX1551G0LB
MPC8548 CPU at 1GHz, Supervisor 6L-E
Last reset from PowerUp
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Press RETURN to get started!
*Jul 23 16:43:14.019: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Jul 23 16:43:14.719: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 1 (WS-X45-SUP6L-E S/N: JAE1544011L Hw: 3.0) is online
*Jul 23 16:43:14.719: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 2 (WS-X4648-RJ45-E S/N: JAE152002EE Hw: 1.0) is online
*Jul 23 16:43:16.963: %SYS-5-CONFIG_I: Configured from memory by console
*Jul 23 16:43:17.263: %SYS-5-RESTART: System restarted --
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
C4503>en
Password:
*Jul 23 16:43:33.331: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/1. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
*Jul 23 16:43:33.331: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/2. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
% Password: timeout expired!
Password:
Password:
% Bad secrets //这里重启之后依然不能进入特权模式
C4503>show ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x128BE57C
ROM: 12.2(44r)SG10
Darkside Revision 4, Nexu Revision 12, Fortooine Revision 1.32
C4503 uptime is 1 minute
System returned to ROM by power-on
System image file is "bootflash:cat4500e-lanbase-mz.150-2.SG1.bin"
cisco WS-C4503-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FOX1551G0LB
MPC8548 CPU at 1GHz, Supervisor 6L-E
Last reset from PowerUp
27 Virtual Ethernet interfaces
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
--More--  Configuration register is 0x2101
//这里看到的寄存器还是0x2101,等于是0x2142没有修改成功
C4503>

kevinpop1
Level 1
Level 1
感谢gengchunlin提供的帮助,问题圆满解决lol:lol
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接