수퍼바이저 엔진을 사용하여 Catalyst 4500/4900 스위치의 비밀번호 복구

소개

이 문서에서는 Cisco IOS® Software를 실행하는 수퍼바이저 엔진이 있는 Catalyst 4500/4900 스위치에서 비밀번호 손실을 복구하는 방법에 대해 설명합니다.

사전 요구 사항

요구 사항

이 문서에 대한 특정 요건이 없습니다.

사용되는 구성 요소 

Catalyst 4500/4000 스위치

• Supervisor Engine II-Plus(WS-X4013+)
• Supervisor Engine II-Plus-TS(WS-X4013+TS)
• Supervisor Engine II-Plus-10GE(WS-X4013+10GE)
• Supervisor Engine III(WS-X4014)
• Supervisor Engine IV(WS-X4515)
• Supervisor Engine V(WS-X4516)
• Supervisor Engine V-10GE(WS-X4516-10GE) 모듈

Cisco Catalyst 4948 스위치

Cisco Catalyst 4948 10GE Switch

Cisco Catalyst 4900M 스위치

이 문서의 정보는 특정 랩 환경의 디바이스를 토대로 작성되었습니다. 이 문서에 사용된 모든 디바이스는 초기화된(기본) 컨피그레이션으로 시작되었습니다. 현재 네트워크가 작동 중인 경우 모든 명령의 잠재적인 영향을 미리 숙지하시기 바랍니다.

표기 규칙

문서 규칙에 대한 자세한 내용은 Cisco 기술 팁 표기 규칙을 참고하십시오.

배경 정보

참고: Catalyst 4500/4000 Series 스위치에서 Supervisor Engine II+, II+10GE, II+TS, III, IV, V 및 V-10GE는 Cisco IOS 소프트웨어만 지원합니다.

구성 프로세스

Catalyst 4500/4900 스위치에서 비밀번호를 복구하려면

참고: 스위치에 대한 물리적 액세스 권한이 있는지, 그리고 이러한 단계를 수행하는 동안 Supervisor Engine 모듈에 대한 콘솔 액세스 권한을 사용하는지 확인합니다. 스위치 콘솔 연결에 대한 자세한 내용은 Catalyst 스위치의 콘솔 포트에 모뎀 연결을 참조하십시오.

팁: 스위치 컨피그레이션은 앞서 언급한 대로 절차를 따를 경우 손실되지 않습니다. 모범 사례로서, TFTP 서버 또는 네트워크 관리 서버에 있는 모든 Cisco 디바이스의 컨피그레이션에 대한 백업 복사본을 보유하는 것이 좋습니다.

1. 디바이스의 전원을 껐다가 켭니다.

   전원을 껐다가 다시 켜려면 장치를 껐다가 다시 켭니다.

   자동 부팅을 방지하려면 5초 내에 Ctrl-C를 누릅니다. 이 작업을 수행하면 ROMmon(ROM monitor) 프롬프트 모드가 됩니다.

    !--- Here, you power cycle the switch. 
   ********************************************************** 
   *                                                        * 
   * Welcome to ROM Monitor for WS-X4014 System.            * 
   * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
   * All rights reserved.                                   * 
   *                                                        * 
   **********************************************************
    
    ROM Monitor Program Version 12.1(10r)EY(1.21) 
   
    Board type 1, Board revision 7
    Swamp FPGA revision 16, Dagobah FPGA revision 43 
    
    Timer interrupt test passed.
   
    MAC Address  : 00-02-b9-83-af-fe 
    IP Address   : 172.16.84.122 
    Netmask      : 255.255.255.0 
    Gateway      : 172.16.84.1 
    TftpServer   : Not set. 
    Main Memory  : 256 MBytes
   
   
    ***** The system will autoboot in 5 seconds *****  Type control-C to prevent autobooting. 
   
   !--- At this point, press Ctrl-C.  
   
   Autoboot cancelled......... please wait!!! 
   Autoboot cancelled......... please wait!!! 
   rommon 1 > [interrupt] 
   
   !--- The module ended in the ROMmon.  
   
   rommon 1 > [interrupt]

2. 프롬프트에서 confreg 명령을 rommon 실행합니다.

   비밀번호 복구를 위해 여기에 굵은 글꼴로 표시되는 항목을 선택합니다.

   rommon 1 > set
   

   rommon 1 > confreg
   
    Configuration Summary : 
    => load ROM after netboot fails
    => console baud: 9600
    => autoboot from: commands specified in 'BOOT' environment variable
   
    do you wish to change the configuration? y/n  [n]:  y
    enable  "diagnostic mode"? y/n  [n]:  n
    enable  "use net in IP bcast address"? y/n  [n]:  n
    disable "load ROM after netboot fails"? y/n  [n]:  n
    enable  "use all zero broadcast"? y/n  [n]:  n
    enable  "break/abort has effect"? y/n  [n]:  n
    enable  "ignore system config info"? y/n  [n]:  y
   
    change console baud rate? y/n  [n]:  n
   
    change the boot characteristics? y/n  [n]:  n
   
    Configuration Summary : 
    => load ROM after netboot fails
    => ignore system config info
    => console baud: 9600
    => autoboot from: commands specified in 'BOOT' environment variable
   
    do you wish to save this configuration? y/n  [n]:   y 
    You must reset or power cycle for new configuration to take effect
   

   참고: 또한 NVRAM에 저장된 시작 컨피그레이션을 우회하도록 컨피그레이션 레지스터 값을 설정하려면 ROMmon 프롬프트에서 명령을confreg 0x2142사용할 수 있습니다.

   rommon 1 > confreg 0x2142
   You must reset or power cycle for the new configuration to take effect.

3. 모듈이 reset 재부팅되도록 명령을 실행합니다.

   2단계에서 변경한 내용으로 인해 모듈이 재부팅되지만 저장된 컨피그레이션은 무시됩니다.

   rommon 2 > reset
   
   Resetting ....... 
   
   rommon 3 > 
   
   ********************************************************** 
   *                                                        * 
   * Welcome to ROM Monitor for WS-X4014 System.            * 
   * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
   * All rights reserved.                                   * 
   *                                                        * 
   **********************************************************
   
   !--- Output suppressed.  
   
   Press RETURN to get started! 
   
   !--- Press Return.  
   
   00:00:21: %SYS-5-RESTART: System restarted --
   Cisco Internetwork Operating System Software 
   IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
      Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
   TAC Support: http://www.cisco.com/tac
   Copyright (c) 1986-2002 by cisco Systems, Inc.
   Compiled Thu 24-Jan-02 17:34 by ccai
   00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch 
      is undergoing a cold start
   Switch>

4. 컨피그레이션 레지스터 값이 0x2142인지 확인합니다.

   이 값을 사용하면 저장된 컨피그레이션을 로드하지 않고 Flash에서 모듈이 부팅됩니다. Switch 프롬프트에서 enable 명령을 실행하여 enable 모드로 이동합니다. 그런 다음 show version 명령을 실행하여 컨피그레이션 레지스터 값을 확인합니다.

   Switch>enable
   Switch#show version
   Cisco Internetwork Operating System Software 
   Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
      Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
   TAC Support: https://www.cisco.com/tac
   Copyright (c) 1986-2002 by cisco Systems, Inc.
   Compiled Thu 24-Jan-02 17:34 by ccai
   Image text-base: 0x00000000, data-base: 0x00AA2B8C
   
   ROM: 12.1(10r)EY(1.21)
   Switch uptime is 5 minutes
   System returned to ROM by reload
   Running default software 
   
   cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
   Processor board ID FOX04183666 
   Last reset from Reload 
   32 Gigabit Ethernet/IEEE 802.3 interface(s) 
   467K bytes of non-volatile configuration memory. 
   
   Configuration register is 0x2142 
   
   Switch#

5. NVRAM을 메모리에 복사하려면 configure memory copy startup-config running-config 명령 또는 명령을 실행합니다.

   모듈의 기본 컨피그레이션을 configure terminal 표시하는 명령을 실행하지 마십시오.

   Switch#configure memory
   
   Uncompressed configuration from 1307 bytes to 3014 bytes
   Switch#
   00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
   c-4006-SUPIII#

6. 명령을 show ip interface brief 실행하여 이전에 사용 중이던 인터페이스가 up/up 상태를 표시하는지 확인합니다.

   비밀번호 복구 전에 사용 중이던 인터페이스가 중단된 경우, 해당 인터페이스에서 no shutdown 명령을 실행하여 인터페이스를 시작합니다.

7. write terminal 명령 또는 show running-config 명령을 실행하여 모듈에 저장된 컨피그레이션을 표시합니다.

   c-4006-SUPIII# show running-config   
   Building configuration... 
   
   Current configuration : 3014 bytes 
   ! 
   version 12.1 
   no service pad 
   service timestamps debug uptime 
   service timestamps log uptime 
   no service password-encryption 
   service compress-config 
   ! 
   hostname c-4006-SUPIII 
   ! 
   boot system flash bootflash: 
   ! 
   vtp mode transparent 
   
   !--- Output suppressed.  
   
   line con 0
    stopbits 1
   line vty 0 4
    login
   ! 
   end 
   
   c-4006-SUPIII#

   이제 모듈의 비밀번호를 변경할 준비가 되었습니다.

8. 다음 명령을 실행하여 비밀번호를 변경합니다.

   c-4006-SUPIII#configure terminal 
   Enter configuration commands, one per line.  End with CNTL/Z.
   c-4006-SUPIII(config)#no enable secret
   
   !--- This step is necessary if the switch had an enable secret password.
   
   c-4006-SUPIII(config)#enable secret < password > 
   [Choose a strong password with at least one capital letter,
    one number, and one special character.]
   
   !--- This command sets the new password.
   

9. 컨피그레이션 레지스터 값을 0x2102로 다시 변경해야 합니다.

   컨피그레이션 레지스터 값을 변경하고 확인하려면 컨피그레이션 프롬프트에서 다음 단계를 완료합니다.

   c-4006-SUPIII(config)#config-register 0x2102
   c-4006-SUPIII(config)# ^Z
   c-4006-SUPIII#
   00:19:01: %SYS-5-CONFIG_I: Configured from console by console
   c-4006-SUPIII#write memory 
   
   !--- This step saves the configuration.
   
    Building  configuration... 
   Compressed configuration from 3061 bytes to 1365 bytes[OK] 
   c-4006-SUPIII#show version 
   
   !--- This step verifies the value change.  
   
   Cisco Internetwork Operating System Software 
   Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
      Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
   TAC Support: https://www.cisco.com/tac 
   Copyright (c) 1986-2002 by cisco Systems, Inc. 
   Compiled Thu 24-Jan-02 17:34 by ccai 
   Image text-base: 0x00000000, database: 0x00AA2B8C 
   
   ROM: 12.1(10r)EY(1.21) 
   c-4006-SUPIII uptime is 20 minutes 
   System returned to ROM by reload 
   Running default software 
   
   cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
   Processor board ID FOX04183666 
   Last reset from Reload 
   32 Gigabit Ethernet/IEEE 802.3 interface(s) 
   467K bytes of nonvolatile configuration memory. 
   
   Configuration register is 0x2142 (will be 0x2102 at next reload) 
   
   c-4006-SUPIII#

   이제 비밀번호를 변경했습니다.

컨피그레이션 및 출력 예

이 예제 출력은 Catalyst 4000 Supervisor Engine III의 비밀번호 복구 절차 결과입니다.

c-4006-SUPIII> enable
Password: 
Password: 
Password: 
% Bad secrets 

!--- Here, you power cycle the switch. 
********************************************************** 
*                                                        * 
* Welcome to ROM Monitor for WS-X4014 System.            * 
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
* All rights reserved.                                   * 
*                                                        * 
**********************************************************
 
 ROM Monitor Program Version 12.1(10r)EY(1.21) 

 Board type 1, Board revision 7
 Swamp FPGA revision 16, Dagobah FPGA revision 43 
 
 Timer interrupt test passed.

 MAC Address  : 00-02-b9-83-af-fe 
 IP Address   : 172.16.84.122 
 Netmask      : 255.255.255.0 
 Gateway      : 172.16.84.1 
 TftpServer   : Not set. 
 Main Memory  : 256 Mbytes


 ***** The system  will  autoboot in 5 seconds ***** 

Type control-C to prevent autobooting. 

!--- At this point, press Ctrl-C.  

Autoboot cancelled......... please wait!!! 
Autoboot cancelled......... please wait!!! 
rommon 1 > [interrupt] 

rommon 1 > [interrupt] 

rommon 1 > confreg 

Configuration Summary : 
=> load ROM after netboot fails 
=> console baud: 9600 
=> autoboot from: commands specified in 'BOOT' environment variable 

do you wish to change the configuration? y/n [n]: y 
enable "diagnostic mode"? y/n [n]: n 
enable "use net in IP bcast address"? y/n [n]: n 
disable "load ROM after netboot fails"? y/n [n]: n 
enable "use all zero broadcast"? y/n [n]: n 
enable "break/abort has effect"? y/n [n]: n 
enable "ignore system config info"? y/n [n]: y 

change console baud rate? y/n [n]: n 

change the boot characteristics? y/n [n]: n 

Configuration Summary : 
=> load ROM after netboot fails 
=> ignore system config info 
=> console baud: 9600 
=> autoboot from: commands specified in 'BOOT' environment variable 

do you wish to save this configuration? y/n [n]: y 
You must reset or power cycle for new configuration to take effect 

rommon 2 > reset 

Resetting ....... 

rommon 3 > 

********************************************************** 
*                                                        * 
* Welcome to ROM Monitor for WS-X4014 System.            * 
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.   * 
* All rights reserved.                                   * 
*                                                        * 
**********************************************************

ROM Monitor Program Version 12.1(10r)EY(1.21) 
Board type 1, Board revision 7 
Swamp FPGA revision 16, 
Dagobah FPGA revision 43 

Timer interrupt test passed. 

MAC Address : 00-02-b9-83-af-fe 
IP Address : 172.16.84.122 
Netmask : 255.255.255.0 
Gateway : 172.16.84.1 
TftpServer : Not set.
Main Memory : 256 Mbytes 

***** The system will autoboot in 5 seconds ***** 

Type control-C to prevent autobooting. 
. . . . . 

******** The system will autoboot now ******** 


config-register = 0x2142  
Autobooting using BOOT variable specified file..... 

Current BOOT file is --- bootflash: 

Rommon reg: 0x2B004180 
Decompressing the image : ########################### 
##################################################### 
####################################### [OK] 

k2diags version 1.6 

prod: WS-X4014 part: 73-6854-07 serial: JAB0546060Z 

Power-on-self-test for Module 1: WS-X4014 
Status: (. = Pass, F = Fail) 

Traffic using serdes loopback (L2; one port at a time)... 
switch port 0: . switch port 1: . switch port 2: . 
switch port 3: . switch port 4: . switch port 5: . 
switch port 6: . switch port 7: . switch port 8: . 

!--- Output suppressed.  

Module 1 Passed 


Exiting to ios... 

Rommon reg: 0x2B000180 
Decompressing the image : ########################## 

!--- Output suppressed.  

######################################################### [OK] 

              Restricted Rights Legend  

Use, duplication, or disclosure by the Government is 
subject to restrictions as set forth in subparagraph 
(c) of the Commercial Computer Software - Restricted 
Rights clause at FAR sec. 52.227-19 and subparagraph 
(c) (1) (ii) of the Rights in Technical Data and Computer 
Software clause at DFARS sec. 252.227-7013. 

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco Internetwork Operating System Software 
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C


cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
Processor board ID FOX04183666 
Last reset from Reload 
32 Gigabit Ethernet/IEEE 802.3 interface(s) 
467K bytes of nonvolatile configuration memory. 


Press RETURN to get started! 

00:00:21: %SYS-5-RESTART: System restarted -- 
Cisco Internetwork Operating System Software
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 
Compiled Thu 24-Jan-02 17:34 by ccai 
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start 

Switch>enable 
Switch#show version 
Cisco Internetwork Operating System Software 
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) 
TAC Support: https://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 
Compiled Thu 24-Jan-02 17:34 by ccai 
Image text-base: 0x00000000, database: 0x00AA2B8C 

ROM: 12.1(10r)EY(1.21) 
Switch uptime is 5 minutes 
System returned to ROM by reload 
Running default software 

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
Processor board ID FOX04183666 
Last reset from Reload 
32 Gigabit Ethernet/IEEE 802.3 interface(s) 
467K bytes of nonvolatile configuration memory. 

Configuration register is 0x2142 

Switch# 

Switch#configure memory 

Uncompressed configuration from 1307 bytes to 3014 bytes 
c-4006-SUPIII# 
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console 
c-4006-SUPIII#show running-config  
Building configuration... 

Current configuration : 3014 bytes 
! 
version 12.1 
no service pad 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
service compress-config 
! 
hostname c-4006-SUPIII 
! 
boot system flash bootflash: 
! 
vtp mode transparent 
!
vlan 20
  private-vlan primary
!
vlan 100
!
vlan 202
  private-vlan association 440
!         
vlan 440
  private-vlan isolated
!
vlan 500
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
!
!
interface GigabitEthernet1/1
 no switchport
 ip address 10.1.1.1 255.255.255.0
 ip pim dense-mode
!
interface GigabitEthernet1/2
 no switchport
 ip address 10.2.2.2 255.255.255.0
! 

!--- Output suppressed.  

! 
interface Vlan1
 ip address 172.16.84.140 255.255.255.0
 ip pim dense-mode
!
interface Vlan2
 no ip address
 shutdown
!
interface Vlan20
 no ip address
 shutdown
! 

!--- Output suppressed.  

! 
line con 0
 stopbits 1
line vty 0 4
 login
! 
end 

c-4006-SUPIII#configure terminal  
Enter configuration commands, one per line. End with CNTL/Z. 
c-4006-SUPIII(config)#no enable secret

!--- This step is necessary if the switch had an enable secret password. 

c-4006-SUPIII(config)#enable secret < password >
[Choose a strong password with at least one capital letter, 
one number, and one special character.] 
c-4006-SUPIII(config)#config-register 0x2102 
c-4006-SUPIII(config)#^Z 
c-4006-SUPIII#write memory 
Building configuration... 
Compressed configuration from 3061 bytes to 1365 bytes[OK] 
c-4006-SUPIII#show version 
Cisco Internetwork Operating System Software 
Cisco IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), 
   Version 12.1(8a)EW,  RELEASE SOFTWARE (fc1)
TAC Support: https://www.cisco.com/tac 
Copyright (c) 1986-2002 by cisco Systems, Inc. 
Compiled Thu 24-Jan-02 17:34 by ccai 
Image text-base: 0x00000000, database: 0x00AA2B8C 

ROM: 12.1(10r)EY(1.21) 
c-4006-SUPIII uptime is 20 minutes 
System returned to ROM by reload 
Running default software 

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. 
Processor board ID FOX04183666 
Last reset from Reload 
32 Gigabit Ethernet/IEEE 802.3 interface(s) 
467K bytes of nonvolatile configuration memory. 

Configuration register is 0x2142 (will be 0x2102 at next reload) 

c-4006-SUPIII#

관련 정보

• 비밀번호 복구 중 표준 브레이크 키 시퀀스 조합
• LAN 스위치 제품 지원
• Cisco 기술 지원 및 다운로드