This section provides an example of the password recovery procedure. This example uses a Cisco 2500 Series Router.
Router>enable
Password:
Password:
Password:
% Bad secrets
Router>show version
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-JS-L), Version 12.2(24a)
RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 28-May-04 19:30 by pwade
Image text-base: 0×0306C4E0, data-base: 0×00001000
ROM: System Bootstrap, Version 11.0(10c), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)Router uptime is 5 minutes
System returned to ROM by power-on
System image file is “flash:/c2500-js-l.122-24a.bin”
cisco 2500 (68030) processor (revision D) with 14336K/2048K bytes of memory.
Processor board ID 02315272, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
1 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0×2102
!— This is the current value of the configuration register.
Router>
!— The router was just power cycled and during bootup
!— break sequence is sent to the router (CTRL+Break).
System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 16384 Kbytes of main memory
Abort at 0×10EA83C (PC)
>o
Configuration register = 0×2102 at last boot
!— You can also issue the o command at the ROMmon prompt
!— in order to view the configuration register settings value.
Bit# Configuration register option settings:
15 Diagnostic mode disabled
14 IP broadcasts do not have network numbers
13 Boot default ROM software if network boot fails
12-11 Console speed is 9600 baud
10 IP broadcasts with ones
08 Break disabled
07 OEM disabled
06 Ignore configuration disabled
03-00 Boot file is cisco2-2500 (or ‘boot system’ command)
>o/r 0×2142
!— Changes the value of config-register to 2142, so that
!— the router boots and ignores the NVRAM contents.
>i
!— Initializes or resets the router; the
!— router boots with the default configuration.
System Bootstrap, Version 11.0(10c), RELEASE SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 8192 Kbytes of main memory
F3: 13626872+197596+780568 at 0×3000060
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-JS-L), Version 12.2(24a),
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Fri 28-May-04 19:30 by pwade
Image text-base: 0×0306C4E0, data-base: 0×00001000
cisco 2500 (68030) processor (revision D) with 14336K/2048K bytes of memory.
Processor board ID 02315272, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
1 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
— System Configuration Dialog —
Would you like to enter the initial configuration dialog? [yes/no]:
!— Ctrl+C pressed.
!
Press RETURN to get started!
00:00:08: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:00:08: %LINK-3-UPDOWN: Interface Serial0, changed state to up
00:00:08: %LINK-3-UPDOWN: Interface Serial1, changed state to up
00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up
00:00:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,
changed state to up
00:01:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,
changed state to up
00:01:29: %LINK-3-UPDOWN: Interface Ethernet0Translating “Router”…
domain server (255.255.255.255), changed state to up
00:01:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,
changed state to up
00:01:31: %SYS-5-RESTART: System restarted –
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-JS-L), Version 12.2(24a),
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Fri 28-May-04 19:30 by pwade
00:01:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to down
00:01:33: %LINK-5-CHANGED: Interface Ethernet0, changed state to
administratively down
00:01:33: %LINK-5-CHANGED: Interface Serial0, changed state to
administratively down
00:01:33: %LINK-5-CHANGED: Interface Serial1, changed state to
administratively down
00:01:33: %LINK-5-CHANGED: Interface TokenRing0, changed state to
administratively down
00:01:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,
changed state to down
00:01:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,
changed state to down
00:01:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface TokenRing0,
changed state to down
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
!— Press ENTER.
1278 bytes copied in 10.448 secs (127 bytes/sec)
Note: After you copy the configuration file from NVRAM to RAM, based on how the password is last configured, you can either:
* perform a password recovery, if the enable password is configured (which is in plain text format)
or
* perform a password replacement, if the enable secret password is configured (which is in encrypted format)
In order to check the format in which the password is configured on the router, use the show running-config command, and look for enable password or enable secret password in the configuration.
Password Replacement
This output from the show running-config command shows that the enable secret password is configured. As a result, you can perform password replacement as shown in this example.
Router#show running-config
!— This command can be used to view the unencrypted password.
Building configuration…
Current configuration : 431 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable password XxXxXx
!— Here the password is plain clear text. We can either maintain
!— the same password or replace with a new password for security reasons.
!— Output Suppressed.
This output from the show running-config command shows that the enable secret password is configured. As a result, you can perform password replacement as shown in this example.
Router#show running-config
Building configuration…
Current configuration : 835 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 $1$Oea234/6Ppi0PZYzAj/vX0
!— Password replacement has to be done as the password is in encrypted format.
!— Output suppressed.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret xxxxxxx
Router(config)#
00:03:39: %SYS-5-CONFIG_I: Configured from console by console
When the password recovery or replacement is complete, the next steps are the same, as shown in this example output:
Router#show ip interface brief
Router(config)#interface ethernet 0
Router(config-if)#no shutdown
*Mar 1 00:04:12.863: %LINK-3-UPDOWN: Interface Ethernet0,
changed state to up
*Mar 1 00:04:13.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,
changed state to up
Router(config-if)#interface serial 0
Router(config-if)#no shutdown
*Mar 1 00:04:18.107: %LINK-3-UPDOWN: Interface Serial0,
changed state to up
*Mar 1 00:04:19.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up
Router(config-if)#interface serial 1
Router(config-if)#no shutdown
Router(config-if)#
*Mar 1 00:04:27.055: %LINK-3-UPDOWN: Interface Serial1,
changed state to up
*Mar 1 00:04:28.071: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1,
changed state to up #
Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
After you recover or replace the password, you must reset the configuration register value to 0×2102, which was changed earlier in the procedure to 0×2142 in order to ignore the startup configuration and boot the router. In order to verify the configuration register value, issue the show version command.
Router#show version
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-JS-L), Version 12.2(24a)RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 28-May-04 19:30 by pwade
Image text-base: 0×0306C4E0, data-base: 0×00001000
ROM: System Bootstrap, Version 11.0(10c), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)
Router uptime is 5 minutes
System returned to ROM by power-on
System image file is “flash:/c2500-js-l.122-24a.bin”
cisco 2500 (68030) processor (revision D) with 14336K/2048K bytes of memory.
Processor board ID 02315272, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
1 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0×2142
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0×2102
!— The config-register is changed back to load the router
!— with NVRAM configuration.
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console
When you issue the config-reg 0×2102 command, the new configuration register value is not immediately applied. The new value is applied only after the router is reloaded. The show version command shows the current value (0×2142) and the value that will be applied after the next reload (0×2102).
Router#show version
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-JS-L), Version 12.2(24a)RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 28-May-04 19:30 by pwade
Image text-base: 0×0306C4E0, data-base: 0×00001000
ROM: System Bootstrap, Version 11.0(10c), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)
Router uptime is 5 minutes
System returned to ROM by power-on
System image file is “flash:/c2500-js-l.122-24a.bin”
cisco 2500 (68030) processor (revision D) with 14336K/2048K bytes of memory.
Processor board ID 02315272, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
1 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0×2142 (will be 0×2102 at next reload)
Router#
After you save the configuration, reload the router, and verify the configuration register value is 0×2102, as shown in this example:
Router#write memory
*Mar 1 00:05:09.035: %SYS-5-CONFIG_I: Configured from console by console
Building configuration…
[OK]
Router#
Router#reload
Proceed with reload? [confirm]
!— Press Enter to continue.
!— Starts to load the Cisco IOS from Flash and takes the configuration from the NVRAM.
00:17:36: %SYS-5-RELOAD: Reload requested by console.
System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
F3: 15011856+968960+947120 at 0×3000060
!— Output suppressed.
Router#show version
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-JS-L), Version 12.2(24a)RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 28-May-04 19:30 by pwade
Image text-base: 0×0306C4E0, data-base: 0×00001000
ROM: System Bootstrap, Version 11.0(10c), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)
Router uptime is 5 minutes
System returned to ROM by reload
System image file is “flash:/c2500-js-l.122-24a.bin”
cisco 2500 (68030) processor (revision D) with 14336K/2048K bytes of memory.
Processor board ID 02315272, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
1 Token Ring/IEEE 802.5 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0×2102
Router#
0 comments
Post a Comment