Cisco UBR7100、ubr7200和uBR10000的通用宽带路由密码恢复流程

Introduction

本文档介绍了如何恢复 enable password 和 enable secret 口令。这些口令可对特权执行和配置模式的访问权限进行保护。启用口令可以恢复，但是启用加密口令经过了加密，必须使用新口令进行替换。请使用本文档介绍的过程替换 enable secret 口令。

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

本文档中的信息基于以下硬件版本：

• ubr7100通用宽带路由器

• uBR7200通用宽带路由器

• uBR10000通用宽带路由器

The information in this document was created from the devices in a specific lab environment.All of the devices used in this document started with a cleared (default) configuration.If your network is live, make sure that you understand the potential impact of any command.

相关产品

有关如何恢复相关产品口令的信息，请参阅口令恢复过程。

Conventions

有关文档规则的信息，请参阅 Cisco 技术提示规则。

逐步程序

请执行以下步骤以恢复口令：

1. 附加终端或PC有终端仿真的路由器的控制台端口。

   使用以下终端设置：

   • 9600波特率

   • 无奇偶校验

   • 8 个数据位

   • 1 个停止位

   • 无流控制

   有关如何使用电缆将终端连接到控制台端口或 AUX 端口的信息，请参阅以下文档：

   • 控制台和Aux端口的布线指南

   • 连接终端到在Catalyst交换机的控制台端口

   • 将终端连接到 Catalyst 2948G-L3、4908G-L3 和 4840G 系列交换机

2. 如果可以访问路由器，请在提示符处键入 show version，并且记录配置寄存器设置。请参阅口令恢复过程示例，查看 show version 命令的输出

   Note: 配置寄存器通常设置为0x2102或0x102。如果能不再访问路由器(由于未接通登录或TACACS密码)，您能安全假设，您的配置寄存器设置为0x2102。

3. 请使用电源开关为了关闭路由器，然后翻回路由器。

   重要说明：

   • 要在 Cisco 6400 上模拟此步骤，请将节点路由处理器 (NRP) 或节点交换机处理器 (NSP) 卡拔出，然后再插入。

   • 要在带有 NI-2 的 Cisco 6x00 上模拟此步骤，请将 NI-2 卡拔出，然后再插入。

4. 在启动后的 60 秒内按下终端键盘上的 Break 键，使路由器进入 ROMMON 模式。

   如果中断顺序不起作用，请参阅口令恢复过程中的标准break键序列组合，获取其他键组合。

5. 在 rommon 1> 提示符处键入 confreg 0x2142，以便从闪存启动。

   此步骤将会跳过存储口令的启动配置。

6. 键入重置在rommon 2>提示。

   路由器重新启动，但是忽略已保存的配置。

7. 在每个设置问题后键入 no 或按 Ctrl-C，跳过初始设置过程。

8. 键入enable (event)在Router>提示。

   您将进入启用模式，此时应看到 Router# 提示符。

9. 键入 configure memory 或 copy startup-config running-config，将非易失性 RAM (NVRAM) 复制到内存中。

   重要信息：请勿键入 copy running-config startup-config 或执行写操作。这些erase命令您的启动配置。

10. 键入show running-config。

    show running-config 命令将会显示路由器的配置。在此配置中，在所有接口下将会出现 shutdown 命令，显示当前关闭的所有接口。另外，密码(特权密码、enable secret、VTY，控制台密码)在加密或未加密的格式。您能重新使用未加密的密码。您必须更改加密的密码到一个新的密码。

11. 类型配置终端。

    hostname(config)-提示出现。

12. 键入 enable secret <password>，以更改 enable secret 口令。例如：

    hostname(config)#enable secret cisco
    
    

13. 在所用的每个接口上发出 no shutdown 命令。

    如果发出 show ip interface brief 命令，则要使用的每个接口都应显示 up up。

14. 键入 config-register <configuration_register_setting>。其中 configuration_register_setting 的值为步骤 2 中记录的值或 0x2102。例如：

    hostname(config)#config-register 0x2102
    
    

15. 按 Ctrl-z 或 end，离开配置模式。

    主机名提示出现。

16. 键入 write memory 或 copy running-config startup-config，以提交更改。

密码恢复流程示例

本部分提供了一个口令恢复过程的示例。此示例是使用 Cisco 2600 系列路由器创建的。即使您使用的不是 Cisco 2600 系列路由器，以下输出也可为您的产品体验提供示例。

Router>enable
Password:
Password:
Password:
% Bad secrets

Router>show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0x802D0B60
System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2102

Router>



!--- The router was just powercycled, and during bootup a !--- break sequence was sent to the router.


!

*** System received an abort due to Break Key ***

signal= 0x3, code= 0x500, context= 0x813ac158
PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030
rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 32768 Kbytes of main memory


program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################
##############################################################
##############################################################
##############################################################
############################### [OK]


 Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

 cisco Systems, Inc.
 170 West Tasman Drive
 San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)


 --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0, 
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
 changed state to up
Router>
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, 
changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, 
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, 
changed state to down
00:00:50: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
00:00:50: %LINK-5-CHANGED: Interface BRI0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/0, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1, 
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/1, 
changed state to administratively down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, 
changed state to down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, 
changed state to down
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, 
changed state to down
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, 
changed state to down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret < password >
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
Router#show ip interface brief

Interface   IP-Address        OK?  Method     Status                   Protocol
Ethernet0/0 10.200.40.37      YES  TFTP       administratively down    down
Serial0/0   unassigned        YES  TFTP       administratively down    down
BRI0/0      193.251.121.157   YES  unset      administratively down    down
BRI0/0:1    unassigned        YES  unset      administratively down    down
BRI0/0:2    unassigned        YES  unset      administratively down    down
Ethernet0/1 unassigned        YES  TFTP       administratively down    down
Serial0/1   unassigned        YES  TFTP       administratively down    down
Loopback0   193.251.121.157   YES  TFTP       up                       up
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Ethernet0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, 
changed state to up
Router(config-if)#interface BRI0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, 
TEI 68 changed to up
Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0x802D0B60
System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202) 
with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0x802D0B60
System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202) 
with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Router#

Related Information

• 密码恢复流程
• 控制台和Aux端口的布线指南
• 连接终端到在Catalyst交换机的控制台端口
• 将终端连接到 Catalyst 2948G-L3、4908G-L3 和 4840G 系列交换机
• 在密码恢复期间的标准break键顺序组合
• Technical Support - Cisco Systems