请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科服务支持社区 点击关注
思科服务支持社区

  
 找回密码
 立即注册

扫一扫,访问微社区

搜索
热搜: 邮件服务器
查看: 558|回复: 7

求助:Cisco4503密码恢复中的难题

[复制链接]
发表于 2018-7-19 13:37:41 | 显示全部楼层 |阅读模式
0可用金钱
本帖最后由 kevinpop1 于 2018-7-19 17:15 编辑

Cisco4503一台,原来密码不知道,进行密码恢复如下:

中断断电启动修改0x2142重新启动后,应该绕过配置文件,允许进行口令重置。可再次启动后,寄存器是0x2101,特权口令依旧存在,enable没有口令不能进入到特权模式。

现在的问题是:
1.为什么在0x2142之后还会进到0x2101加载mini IOS?
2.如何按照原来0x2142->重启->特权模式->修改口令->重启的流程进行口令恢复?
3.目前是0x2101状态,网络访问还是正常。如果再次断电重启,原来的配置文件会不会丢失?
恳请明白的大神、达人、专家、老大……帮帮忙,挠头ing

  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
发表于 2018-7-19 17:45:34 | 显示全部楼层
本帖最后由 gengchunlin 于 2018-7-19 17:46 编辑

cat4500和路由器恢复密码的方式不太一下,(目前没有可供重启的45设备,没办法给你具体步骤)思科官方的解决步骤如下:
Step 1 Connect to the console interface.

Step 2 Stop the boot sequence and enter ROM monitor by pressing Ctrl-C during the first 5 seconds of bootup.

Step 3 Configure the switch to boot-up without reading the configuration memory (NVRAM).

Step 4 Reboot the system.

Step 5 Access enable mode (this can be done without a password if a password has not been configured).

Step 6 View or change the password, or erase the configuration.

Step 7 Reconfigure the switch to boot-up and read the NVRAM as it normally does.

Step 8 Reboot the system.

简而言之就是Ctrl +C 终止系统正常启动,然后选择不加载配置启动,进去之后,再进行操作(如:copy startup-config system:running-config等等)

0x2101重启会加载mini的os,但不会影响系统正常运行,配置加载都是正常的。
如果你需要升级系统ios,那么在0x2101寄存器值的情况下,你无法指定新的启动ios文件,只能修改为0x2102.
0x2142应该也是重启不加载配置文件,但是没有在cat4500平台试过。
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分3 (2 评价)
 楼主| 发表于 2018-7-20 10:30:43 | 显示全部楼层
非常详尽,感激不尽!第三个问题有答案了,就是0x2101不影响正常使用。
我也是参照思科标准恢复文档操作的,https://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/21229-pswdrec-cat4000-supiii-21229.html
按照你给出的步骤,前面4步都是正常的,但Step5没有到,重启之后寄存器变成0x2101,而不是保持0x2142.是不是需要再反复尝试几次?还是有别的什么原因?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
发表于 2018-7-20 11:02:59 | 显示全部楼层
kevinpop1 发表于 2018-7-20 10:30
非常详尽,感激不尽!第三个问题有答案了,就是0x2101不影响正常使用。
我也是参照思科标准恢复文档操作的 ...

应该是修改完之后,直接boot系统吧?反复尝试估计也是一样的,理论上应该是设置完不加载配置,启动系统,然后修改密码,修改寄存器值为0x2102 ,然后重启系统。其他的也不需要做什么

你把console的输出文本收一下log吧,
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
 楼主| 发表于 2018-7-20 12:27:12 | 显示全部楼层
本帖最后由 kevinpop1 于 2018-7-20 12:37 编辑

加电重启的log,麻烦帮助看看
Press RETURN to get started.

C4503>  

**********************************************************
*                                                        *
* Welcome to Rom Monitor for WS-X45-SUP6L-E System        *
* Copyright (c) 2003-2011 by Cisco Systems, Inc.         *
* All rights reserved.                                   *
*                                                        *
**********************************************************

Checking the partition table and boot sector...
Checking FAT, Files and Directories...
Reclaiming unused space...
Updating FAT...
Rom Monitor Program Version 12.2(44r)SG10
CPU Rev: 2.1, Board Rev: 12, Board Type: 103, CPLD Nexu Rev: 12
Chassis: WS-C4503-E

Front Panel Phy is Bcm5482s
Got Mac Address: 58:8d:09:d9:e2:db

MAC Address  : 58-8d-09-d9-e2-db
Ip Address   : Not set.
Netmask      : Not set.
Gateway      : Not set.
TftpServer   : Not set.

Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset


***** The system will autoboot in 5 seconds *****


Type control-C to prevent autobooting.

Autoboot cancelled......... please wait!!!

Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]

rommon 1 > [interrupt]

rommon 1 > [interrupt]

rommon 2 >confreg 0x2142
usage: confreg
rommon 3 >reset     version——这里我用了个version命令,应该没影响吧
Rom Monitor Program Version 12.2(44r)SG10
Compiled Mon 14-Mar-11 10:02 by andrao-k5rommon_122_44r_SG10


Supervisor: WS-X45-SUP6L-E  Chassis: WS-C4503-E
CPU Rev: 2.1, Board Rev: 12, Board Type: 103
CPLD Nexu Rev: 12, FPGA Darkside Rev: 4, Installed memory: 512 MBytes
rommon 4 >reset

Resetting .......


rommon 5 >

**********************************************************
*                                                        *
* Welcome to Rom Monitor for WS-X45-SUP6L-E System        *
* Copyright (c) 2003-2011 by Cisco Systems, Inc.         *
* All rights reserved.                                   *
*                                                        *
**********************************************************

Checking the partition table and boot sector...
Checking FAT, Files and Directories...
Reclaiming unused space...
Updating FAT...
Rom Monitor Program Version 12.2(44r)SG10
CPU Rev: 2.1, Board Rev: 12, Board Type: 103, CPLD Nexu Rev: 12
Chassis: WS-C4503-E

Front Panel Phy is Bcm5482s
Got Mac Address: 58:8d:09:d9:e2:db

MAC Address  : 58-8d-09-d9-e2-db
Ip Address   : Not set.
Netmask      : Not set.
Gateway      : Not set.
TftpServer   : Not set.

Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset


***** The system will autoboot in 5 seconds *****


Type control-C to prevent autobooting.
. . . . .

******** The system will autoboot now ********


config-register = 0x2101——这里就已经变成0x2101了

Autobooting using the first file from bootflash.....


Rommon reg: 0x00004380
Reset2Reg: 0x00008EFF
#
Darkside controller 0x0B46EA76..0x0B47CE28 original size:0x00012092##
Fortooine controller 0x0B5A753F..0x0B70B6D1 original size:0x001C3EA5
##################
diagsk5 version 5.0.1

prod: WS-X45-SUP6L-E part: 73-13067-03 serial: JAE1544011L

Power-on-self-test for Module 1: WS-X45-SUP6L-E

CPU Subsystem Tests ...
seeprom: Pass

Traffic: L3 Looopback ...
Test Results: Pass

Traffic: L2 Loopback ...
Test Results: Pass

Switching Subsystem Memory ...
Packet Memory Test Results: Pass


Module 1 Passed


Rommon reg: 0x00000380
###############################################################
              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x128BE57C

cisco WS-C4503-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FOX1551G0LB
MPC8548 CPU at 1GHz, Supervisor 6L-E
Last reset from PowerUp
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.



Press RETURN to get started!


*Jul 19 20:37:39.027: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Jul 19 20:37:39.735: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 1 (WS-X45-SUP6L-E S/N: JAE1544011L Hw: 3.0) is online
*Jul 19 20:37:39.735: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 2 (WS-X4648-RJ45-E S/N: JAE152002EE Hw: 1.0) is online
*Jul 19 20:37:41.987: %SYS-5-CONFIG_I: Configured from memory by console
*Jul 19 20:37:42.291: %SYS-5-RESTART: System restarted --
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
C4503>
*Jul 19 20:37:58.355: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/1. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
*Jul 19 20:37:58.355: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/2. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
然后在用enable命令又开始问口令了

  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
发表于 2018-7-20 14:21:24 | 显示全部楼层
kevinpop1 发表于 2018-7-20 12:27
加电重启的log,麻烦帮助看看
Press RETURN to get started.

。。。。。
你改完confreg 0x2142之后,不要再敲reset,直接敲boot,然后进系统。。
进系统之后copy startup-config system:running-config
然后全局模式修改密码enable password (或enable secret xxxx)
最后修改 Router(config)#config-register 0x2102
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
 楼主| 发表于 2018-7-24 09:06:55 | 显示全部楼层
本帖最后由 kevinpop1 于 2018-7-24 09:39 编辑

一直没有找到机会重启路由器,今天测试了一下,用boot启动也是不行。
下面是抓的log,麻烦帮助看一下,感觉有些不对,在confreg那里


**********************************************************
*                                                        *
* Welcome to Rom Monitor for WS-X45-SUP6L-E System        *
* Copyright (c) 2003-2011 by Cisco Systems, Inc.         *
* All rights reserved.                                   *
*                                                        *
**********************************************************




Checking the partition table and boot sector...
Checking FAT, Files and Directories...
Reclaiming unused space...
Updating FAT...
Rom Monitor Program Version 12.2(44r)SG10
CPU Rev: 2.1, Board Rev: 12, Board Type: 103, CPLD Nexu Rev: 12
Chassis: WS-C4503-E

Front Panel Phy is Bcm5482s
Got Mac Address: 58:8d:09:d9:e2:db

MAC Address  : 58-8d-09-d9-e2-db
Ip Address   : Not set.
Netmask      : Not set.
Gateway      : Not set.
TftpServer   : Not set.

Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset


***** The system will autoboot in 5 seconds *****


Type control-C to prevent autobooting.

Autoboot cancelled......... please wait!!!

Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]

rommon 1 > [interrupt]

rommon 1 >dir

usage: dir { [ bootflash: ] | [ slot0: ] | [ usb0: ] }
rommon 2 >dir bootflash:

  File Size (Bytes)             File Name
  ---------------------------------------
      24086230                 cat4500e-lanbase-mz.150-2.SG1.bin

   Total space = 128282624 bytes, Available = 101625856 bytes

rommon 3 >dir usb0:

The device has either been removed or bad device name usb0:

usage: dir { [ bootflash: ] | [ slot0: ] | [ usb0: ] }
rommon 4 >dir slot0:

File slot0: not present    //这里看到三个设备,只有bootflahs:上面有个系统文件,奇怪的config没见到
rommon 5 >meminfo

Main memory size: 512 MB.
NVRAM size: 512KB     
rommon 6 >version
Rom Monitor Program Version 12.2(44r)SG10
Compiled Mon 14-Mar-11 10:02 by andrao-k5rommon_122_44r_SG10


Supervisor: WS-X45-SUP6L-E  Chassis: WS-C4503-E
CPU Rev: 2.1, Board Rev: 12, Board Type: 103
CPLD Nexu Rev: 12, FPGA Darkside Rev: 4, Installed memory: 512 MBytes
rommon 7 >confreg 0x2142
usage: confreg                 怎么感觉这里像是报错了
rommon 8 >confreg ?
usage: confreg
rommon 9 >conf    history

1   dir
2   dir bootflash:
3   dir usb0:
4   dir slot0:
5   meminfo
6   version
7   confreg 0x2142
8   confreg ?
9   history
rommon 10 >boot       //加电修改寄存器之后,这里用boot重启

Rommon reg: 0x00004380
Reset2Reg: 0x00008EFF
#
Darkside controller 0x0B46EA76..0x0B47CE28 original size:0x00012092##
Fortooine controller 0x0B5A753F..0x0B70B6D1 original size:0x001C3EA5
##################
diagsk5 version 5.0.1

prod: WS-X45-SUP6L-E part: 73-13067-03 serial: JAE1544011L

Power-on-self-test for Module 1: WS-X45-SUP6L-E

CPU Subsystem Tests ...
seeprom: Pass

Traffic: L3 Looopback ...
Test Results: Pass

Traffic: L2 Loopback ...
Test Results: Pass

Switching Subsystem Memory ...
Packet Memory Test Results: Pass


Module 1 Passed


Rommon reg: 0x00000380
###############################################################
              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x128BE57C

cisco WS-C4503-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FOX1551G0LB
MPC8548 CPU at 1GHz, Supervisor 6L-E
Last reset from PowerUp
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.



Press RETURN to get started!


*Jul 23 16:43:14.019: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Jul 23 16:43:14.719: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 1 (WS-X45-SUP6L-E S/N: JAE1544011L Hw: 3.0) is online
*Jul 23 16:43:14.719: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 2 (WS-X4648-RJ45-E S/N: JAE152002EE Hw: 1.0) is online
*Jul 23 16:43:16.963: %SYS-5-CONFIG_I: Configured from memory by console
*Jul 23 16:43:17.263: %SYS-5-RESTART: System restarted --
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
C4503>en
Password:
*Jul 23 16:43:33.331: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/1. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
*Jul 23 16:43:33.331: %C4K_GLMMAN-3-X2PLUGGABLESEEPROMREADFAILED: Failed to read seeprom on port Te1/2. Reinsert X2 module or configure GigabitEthernet port group if TwinGigConverter is installed.
% Password:  timeout expired!
Password:
Password:
% Bad secrets    //这里重启之后依然不能进入特权模式

C4503>show ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 25-Aug-11 07:54 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x128BE57C

ROM: 12.2(44r)SG10
Darkside Revision 4, Nexu Revision 12, Fortooine Revision 1.32

C4503 uptime is 1 minute
System returned to ROM by power-on
System image file is "bootflash:cat4500e-lanbase-mz.150-2.SG1.bin"

cisco WS-C4503-E (MPC8548) processor (revision 12) with 524288K bytes of memory.
Processor board ID FOX1551G0LB
MPC8548 CPU at 1GHz, Supervisor 6L-E
Last reset from PowerUp
27 Virtual Ethernet interfaces
52 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

--More--         Configuration register is 0x2101
//这里看到的寄存器还是0x2101,等于是0x2142没有修改成功
C4503>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
 楼主| 发表于 2018-7-25 11:01:47 | 显示全部楼层
感谢gengchunlin提供的帮助,问题圆满解决
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分1 (1 评价)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver | 思科服务支持社区  

GMT+8, 2018-8-22 07:46 , Processed in 0.106558 second(s), 48 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表