恢复1900集成多业务路由器的密码

下载选项

  • PDF     (418.2 KB)
    在各种设备上使用 Adobe Reader 查看
  • ePub     (81.4 KB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
  • Mobi (Kindle)     (72.2 KB)
    在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看
已更新: 2022 年 12 月 2 日
文档 ID:112058

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。

    简介

    本文档介绍如何从路由器恢复使能口令和使能加密口令。

    先决条件

    要求

    本文档没有任何特定的要求。

    使用的组件

    本文档中的信息基于以下硬件版本:

    • Cisco 1900 系列集成服务路由器

    本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。

    规则

    有关文档规则的信息,请参阅 Cisco 技术提示规则。

    背景信息

    这些口令可对特权执行和配置模式的访问权限进行保护。使能口令可以恢复,但使能加密口令经过加密,必须替换为新口令。请使用本文档介绍的过程替换 enable secret 口令。

    分步过程

    请执行以下步骤以恢复口令:

    1. 将终端或带终端仿真功能的 PC 连接到路由器的控制台端口。使用以下终端设置:

      • 9600 波特率

      • 无奇偶校验

      • 8 个数据位

      • 1 个停止位

      • 无流控制

      有关如何使用电缆将终端连接到控制台端口或 AUX 端口的信息,请参阅以下文档:

    2. 如果可以访问路由器,请在提示符下键入show version,并记录配置寄存器值。请参阅口令恢复过程示例部分以查看show version命令的输出。

      :配置寄存器通常设置为0x2102或0x102。如果无法再访问路由器(由于登录或TACACS密码丢失),您可以安全地假设您的配置寄存器设置为0x2102

    3. 使用电源开关关闭路由器,然后重新打开。

    4. 在看到消息program load complete, entry point: 0x80008000, size: 0x6fdb4c后,在终端键盘上按几次Break,将路由器置于ROMMON中。

      :入口点和大小的值取决于路由器。

      如果中断序列不起作用,请参阅用于其他密钥组合的使用标准中断键序列组合进行口令恢复

      如果无法进入 ROMMON 模式,请执行以下步骤:

      1. 取下闪存。

      2. 重新加载路由器。路由器最终处于ROMMON模式。

      3. 插入闪存。

      4. 执行标准的口令恢复步骤。

    5. rommon 1>提示符处键入confreg 0x2142,以便从闪存启动。

      此步骤将会跳过存储口令的启动配置。

    6. 在 rommon 2> 提示符处键入 reset。

      路由器将会重新启动,但是会忽略保存的配置。

    7. 在每个设置问题后面键入 no,或者按 Ctrl-C 跳过初始设置程序。

    8. 在 Router>提示符处键入 enable。

      您处于启用模式,并看到Router#提示。

    9. 键入 configure memory 或 copy startup-config running-config,将非易失性 RAM (NVRAM) 复制到内存中。

      告:不输copy running-config startup-config或write。这些命令将会擦除您的启动配置。

    10. 键入 show running-config。

      show running-config 命令将会显示路由器的配置。在此配置中,在所有接口下将会出现 shutdown 命令,显示当前关闭的所有接口。此外,口令(启用口令、启用加密、vty、控制台口令)可能是加密格式,也可能是未加密格式。您可重复使用未加密的口令,您必须将加密的口令更改为新口令。

    11. 键入 configure terminal。

      此时将会显示 hostname(config)# 提示符。

    12. 键入enable secret <password>以更改使能加密口令。例如:

      hostname(config)#enable secret cisco

    13. 在所用的每个接口上发出 no shutdown 命令。

      如果发出show ip interface brief命令,则要使用的每个接口都必须显示为up up up

    14. 键入config-register <configuration_register_value>。其中configuration_register_value是在步骤2中记录的值或0x2102。例如:

      hostname(config)#config-register 0x2102

    15. 按 Ctrl-z 或 end,离开配置模式。

      此时将会显示 hostname# 提示符。

    16. 键入 write memory 或 copy running-config startup-config,以提交更改。

    密码恢复程序示例

    本部分提供了一个口令恢复过程的示例。此示例是使用 Cisco 2900 系列 ISR 创建的。即使您未使用Cisco 2900系列ISR,此输出也为您提供了产品体验的示例。

    Router>enable
Password:
Password:
Password:
% Bad secrets

Router>show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1, 
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

c2921-CCP-1-xfr uptime is 2 weeks, 22 hours, 15 minutes
System returned to ROM by reload at 06:06:52 PCTime Mon Apr 2 1900
System restarted at 06:08:03 PCTime Mon Apr 2 1900
System image file is "flash:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)

Technology Package License Information for Module:'c2900'

----------------------------------------------------------------
Technology    Technology-package          Technology-package
              Current       Type          Next reboot
-----------------------------------------------------------------
ipbase        ipbasek9      Permanent     ipbasek9
security      securityk9    Permanent     securityk9
uc            uck9          Permanent     uck9
data          datak9        Permanent     datak9

Configuration register is 0x2102


Router>



!--- The router was just powercycled, and during bootup a 
    !--- break sequence was sent to the router after seeing the following message 
    !--- program load complete, entry point: 0x80008000, size: 0x6fdb4c.




rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)
Copyright (c) 2009 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2900 platform with 524288 Kbytes of main memory


program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################
##############################################################
##############################################################
##############################################################
############################### [OK]


 Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

 cisco Systems, Inc.
 170 West Tasman Drive
 San Jose, California 95134-1706

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)


 --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:  n 

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0, 
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
 changed state to up
Router>
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, 
changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, 
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, 
changed state to down
00:00:50: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team
00:00:50: %LINK-5-CHANGED: Interface BRI0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/1, 
changed state to administratively down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, 
changed state to down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, 
changed state to down
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, 
changed state to down
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, 
changed state to down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret 
      
      
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
Router#show ip interface brief

Interface   IP-Address        OK?  Method     Status                   Protocol
Ethernet0/0 10.200.40.37      YES  TFTP       administratively down    down
Serial0/0   unassigned        YES  TFTP       administratively down    down
BRI0/0      192.168.121.157   YES  unset      administratively down    down
BRI0/0:1    unassigned        YES  unset      administratively down    down
BRI0/0:2    unassigned        YES  unset      administratively down    down
Ethernet0/1 unassigned        YES  TFTP       administratively down    down
Serial0/1   unassigned        YES  TFTP       administratively down    down
Loopback0   192.168.121.157   YES  TFTP       up                       up
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Ethernet0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, 
changed state to up
Router(config-if)#interface BRI0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, 
TEI 68 changed to up
Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

c2921-CCP-1-xfr uptime is 2 weeks, 22 hours, 15 minutes
System returned to ROM by reload at 06:06:52 PCTime Mon Apr 2 1900
System restarted at 06:08:03 PCTime Mon Apr 2 1900
System image file is "flash:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)

Configuration register is 0x2102

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,
     RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 15:23 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

c2921-CCP-1-xfr uptime is 2 weeks, 22 hours, 15 minutes
System returned to ROM by reload at 06:06:52 PCTime Mon Apr 2 1900
System restarted at 06:08:03 PCTime Mon Apr 2 1900
System image file is "flash:c2900-universalk9-mz.SPA.150-1.M1.bin"
Last reload reason: Reload Command

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.
Processor board ID FHH1230P04Y
1 DSL controller
3 Gigabit Ethernet interfaces
9 terminal lines
1 Virtual Private Network (VPN) Module
1 Cable Modem interface
1 cisco Integrated Service Engine-2(s)
   Cisco Foundation 2.2.1 in slot 1
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
248472K bytes of ATA System CompactFlash 0 (Read/Write)
62720K bytes of ATA CompactFlash 1 (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Router#

    相关信息

    修订历史记录

    版本 发布日期 备注
    1.0
    08-Jul-2010
    初始版本
    TAC Authored

    由思科工程师提供

    • Julio Jimenez
      思科项目经理

    此文档是否有帮助?

    Feedback反馈

    联系我们

    本文档适用于以下产品