東森新聞速報

2008年7月10日 星期四

How do I recover the password for a Cisco router?

How do I recover the password for a Cisco router?

"Physical access to a computer or router usually gives a sophisticated user complete control over the device. Software security measures can often be circumvented when access to the hardware is not controlled." -- Cisco Systems, Inc.

Recovering the passwords for most Cisco devices via the console port is very simple. However, Cisco has purchased so many other manufacturers and put the Cisco label on their devices that the procedures for password recovery vary greatly from one Cisco device to another. In addition, the Cisco password recovery procedures have also changed with IOS upgrades. I have attempted to make these password recovery instructions as generic as possible, to account for past and future oddities that you may run into.


These Cisco password recovery instructions will enable you to recover from a lost password or most Cisco devices. Unless otherwise stated the instruction below refer to the 2000, 2500, 3000, 4000, 7000 and IGS series routers.

Part I: The Configuration Register

To begin password recovery, connect a terminal or a computer running terminal emulation software to the console port of the Cisco device. Set your terminal to 9600 bps, eight data bits, no parity, and two stop bits.

Some Cisco devices, such as the AccessPro Card, prefer 9600 bps, eight data bits, no parity, and one stop bit.

Power cycle the Cisco device.

Within 60 seconds of turning on the Cisco device, send a BREAK signal from your terminal or terminal emulation software. If you are using:

  • Telix, press
  • Procomm, press
  • Hyperterminal, press

If the cable you are using to connect to the Cisco device is good and you are sending a break signal correctly, you will be rewarded with a '>' prompt. This is not an IOS prompt. This is the ROM monitor prompt.

Note: The Cisco 1003, 1600, 2600, 3600, 4500, 7200, 7500, 12000, AS5200, AS5300, uBR7246 and IDT Orion-Based routers use "rommon" as the ROM monitor prompt.

Note: The Cisco 3800 ERM uses "3800-ERM(boot)>" as the boot monitor prompt. You can enter privileged mode directly from the 3800 ERM boot monitor, at which point the prompt changes to "3800-ERM(boot)#".

Look at the configuration register using the command `e/s 2000002`. Write down the value of the configuration register. Use the `Q` command to return to the ROM monitor prompt.

Note: If you can login to the device, you can view the configuration register simply by using the command `show version`. Some Cisco devices do not require passwords to login from the console port.

Note: The Cisco 1003, 1600, 2600, 3600, 4500, 7200, 7500, 12000, AS5200, AS5300, uBR7246 and IDT Orion-Based routers use the `confreg` or `config-register` command to enter the configuration register utility. You will be asked a series of questions. Answer yes to "Do you wish to change the configuration[y/n]?", "ignore system config info[y/n]?", and "change boot characteristics[y/n]?". Answer no to all of the other questions. At the "enter to boot:" prompt enter `2` and press return. Answer no to the question "Do you wish to change the configuration[y/n]?" the second time you see it.

Set the configuration register. Enter the command `o/r0x42` to cause the device to boot from the flash ROM's. If the flash ROM's are corrupted, you can use the command `o/r0x41` to cause the device to boot from the boot ROM's.

Note: Some older Cisco devices, such as CGS, MGS, AGS, AGS+ and early 7000 routers require you to change the configuration register by moving hardware jumpers. On many of these devices the jumpers are on the CSC processor card and must be changed by removing jumper eight and placing it in position fifteen.

Early Cisco IGS routers use DIP switches to set the configuration register. On the IGS, you will need you will need to set switches 0-3 OFF/UP and switch 7 ON/DOWN.

Part II: Modifying The Configuration

Power cycle the device.

Answer `No` to all of the setup questions.

At the "Router>" prompt, use the `enable` command to enter privileged mode. Your prompt will change to "Router#".

Use the `show startup-config` command to view the devices configuration file. Look for the passwords. If the passwords are not encrypted, note the passwords and reboot the device. If the passwords are encrypted, continue along with these directions.

Use the `configure memory` command to copy the configuration file from NVRAM into RAM. Before you do this, the device configuration will be empty. After you do this, the device configuration will be the configuration previously stored in NVRAM by the devices administrator.

Use the `configure terminal` command to enter configuration mode.

If desired, use the `password` command to set the login password, or the `no password` command to remove the login password.

If desired, use the `enable password` command to set the enable password, or the `no enable password` command to remove the enable password.

If desired, use the `enable secret` command to set the secret password or the `no enable secret` command to remove the secret password.

If desired, use the `line 0` and `password` commands to set a password on the console port, or the `line 0` and `no password` commands to remove a password on the console port.

Changing these password may inconvenience and annoy any previous administrator of this device! If the passwords are not encrypted, you will not need to change them. If the password are encrypted, you will need to either change them or decrypt them. For information on decrypting these passwords, read How do I decrypt Cisco passwords?.

Press to exit configuration mode.

Use the `copy running-config startup-config` command to copy the configuration you have been editing back into the startup-config. This will save the changes you have just made to the configuration.



Part III: Cleaning Up

Power cycle the device.

Restore the configuration register to its original value. Use the `configure terminal` command to enter configuration mode and then use the `config-register` command to set the configuration register. If you were not able to note the configuration register earlier, you will almost always be fine by setting it to 0x2102, which is the default for most Cisco devices.

Note: The default configuration register value for the Router Switch Processor (RSP4) is 0x0101.

Note: On devices where you moved jumpers or set DIP switches, you will need to change them back to their original configuration.

Some Cisco devices require you to delete their entire configurations to recover from a lost password. On the Catalyst 2820 ATM module, you reset to factory defaults from the Port Configuration Menu. On the 500-CS, press the reset button on the top of the case while you power on the device and the entire configuration is returned to factory default. On the Catalyst 3000, press the SysReq button on the back panel for five seconds, release it, and then select "Clear Non-Volatile RAM" from the menu.

原文轉址



Cisco password recover

一:先準備一條使用RJ45接頭的連接線,連接Router的Console Port。

二:終端機使用以下設定(不要用Win NT,建議用WinXP.2000.2003)
9600 baud rate
No parity
8 data bits
1 stop bit
No flow control


三:將Router開機,
System Bootstrap, Version 11.3(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1998 by cisco Systems, Inc.
C2600 processor with 32768 Kbytes of main memory
Main memory is configured to 32 bit mode with parity enabled
看到出現此訊息後,趕緊按下Ctrl+Break送出 Break,就會進到ROMMON Mode。


四:在rommon>下輸入confreg
rommon 1 > confreg
回答下列問題
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600

do you wish to change the configuration? y/n [n]: y-------回答Y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
disable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]: y-------回答Y
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]: y-------回答Y

enter to boot:
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
[2]: 2-----要選2

五:rommon 2 > reset 重新啟動 Router
六:--- System Configuration Dialog --- Router 會自動進入 Setup 選單
Would you like to enter the initial configuration dialog? [yes/no]:
按 Ctrl-C 中斷 Setup

七:Router 會進入一般模式
Router>enable 進入 Priviledged mode (不需輸入任何密碼)
Router#show startup-config 顯示 NVRAM 裡面的 Startup-Config
(顯示結果省略)

八:將 Startup-Config 載入 DRAM
Router#configure memory

九: 2611#configure terminal----輸入此命令進入設定模式

十:將 enable 的密碼改為 [自訂]
2611(config)#enable secret [自訂]
十一:將 Running-Config 寫回 NVRAM
2611#copy running-config startup-config

十二:
2611#show version
Cisco Internetwork Operating System Software
(中間結果省略)
Configuration register is 0x2142 目前的 Configuration Register 為 0x2142

十三:
2611#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
2611(config)#config-reg 0x2102 將 Configuration Register 改回來
2611(config)#^Z -----Ctrl+Z
2611#
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
2611# reload 重新開機

原文轉載


原廠官方資料連結 http://www.cisco.com/warp/public/474/index.shtml#routers

沒有留言:

張貼留言

現在對外IP