Cisco Catalyst交换机密码恢复策略

Cisco Catalyst交换机密码恢复策略 如果交换机的login密码忘记了，别急别急,只要你有PC,有类似超级终端(Hyper Terminal)这样是终端程序,连接到交换机的console口,那么密码的恢复就N简单了. 1.对于Catalyst 2900/3500XL系列来说: 拔下交换机的电源线,然后按住交换机的Mode按钮,再重新插上交换机的电源线.直到端口Port 1x的LED熄灭之后释放Mode按钮. 2.对于Catalyst 2940/2950L系列来说: 拔下交换机的电源线,然后按住交换机的Mode按钮,再重新插上交换机的电源线.直到STAT的LED熄灭之后释放Mode按钮. 3.对于Catalyst 2955系列来说: Catalyst 2955没有没有外部的Mode按钮,因此就不能使用之前的那种方法来进行密码恢复.在交换机启动时,对于Windows系列的PC,按下Ctrl+Break键;对于UNIX系列的工作站,按下Ctrl+C.如下: C2955 Boot Loader (C2955−HBOOT−M) Version 12.1(0.0.514), CISCO DEVELOPMENT TEST VERSION Compiled Fri 13−Dec−02 17:38 by madison WS−C2955T−12 starting... Base ethernet MAC Address: 00:0b:be:b6:ee:00 Xmodem file system is available. Initializing Flash... flashfs[0]: 19 files, 2 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 7741440 flashfs[0]: Bytes used: 4510720 flashfs[0]: Bytes available: 3230720 flashfs[0]: flashfs fsck took 7 seconds. ...done initializing flash. Boot Sector Filesystem (bs installed, fsid: 3 Parameter Block Filesystem (pb installed, fsid: 4 /---接下来交换机会在15秒内自动启动, 等出现该信息之后,按下Ctrl+Break键或Ctrl+C键----/ The system has been interrupted prior to initializing the flash file system to finish loading the operating system software: flash_init load_helper bootswitch: 接下来输入flash_init命令: switch:flash_init Initializing Flash... flashfs[0]: 143 files, 4 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 3612672 flashfs[0]: Bytes used: 2729472 flashfs[0]: Bytes available: 883200 flashfs[0]: flashfs fsck took 86 seconds ....done Initializing Flash. Boot Sector Filesystem (bs installed, fsid: 3 Parameter Block Filesystem (pb:) installed, fsid: 4 switch: 接着输入load_helper命令: switch:load_helper switch: 再输入dir flash:命令显示交换机的文件系统: switch:dir flash: Directory of flash:/ 2 −rwx 1803357 <date> c3500xl−c3h2s−mz.120−5.WC7.bin 4 −rwx 1131 <date> config.text 5 −rwx 109 <date> info 6 −rwx 389 <date> env_vars 7 drwx 640 <date> html 18 −rwx 109 <date> info.ver 403968 bytes available (3208704 bytes used) switch: 把配置文件重命名: switch:rename flash:config.text flash:config.old switch: 输入boot命令启动交换机: switch:boot Loading "flash:c3500xl−c3h2s−mz.120−5.WC7.bin"...############################### ################################################################################ ###################################################################### File "flash:c3500xl−c3h2s−mz.120−5.WC7.bin" uncompressed and installed, entry po int: 0x3000 executing... 不进入setup模式: −−− System Configuration Dialog −−− At any point you may enter a question mark '?' for help. Use ctrl−c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Continue with configuration dialog? [yes/no]: n 进入特权模式,恢复原始的配置文件: Switch#rename flash:config.old flash:config.text Destination filename [config.text] Switch# 把配置文件保存在内存里: Switch#copy flash:config.text system:running−config Destination filename [running−config]? 1131 bytes copied in 0.760 secs Switch# 进入全局配置模式,取消密码设置: Switch(config)#no enable secret 保存配置: Switch#write memory Building configuration... [OK] Switch# 4.对于Catalyst 3550/3750系列来说: 1.通过带有支持Xmodem协议的超级终端程序的PC连接到交换机的console口,把波特率设置为9600. 2.拔掉交换机的电源. 3.按下交换机上的Mode按钮,与此同时,重新插上交换机的电源线.当交换机端口1X上的LED熄灭后可以松开Mode按钮1到2秒.之后将显示一些指示信息: The system has been interrupted prior to initializing the flash file system. The following commands will initialize the flash file system, and finish loading the operating system software: flash_init load_helper boot switch： 4.初始化flash文件系统: switch：flash_init 5.加载帮助文件: switch：load_helper 6.显示闪存里的内容: switch：dir flash: 7.重命名配置文件: switch：rename flash:config.text flash:config.text.old 8.启动系统,并且如果提示进入setup模式,输入N: switch：boot Continue with the configuration dialog? [yes/no]: N 9.进入特权模式,把配置文件名恢复为原始文件名: Switch#rename flash:config.text.old flash:config.text 10.把配置文件写进内存: Switch#copy flash:config.text system:running-config Source filename [config.text]? Destination filename [running-config]? 11.进入全局配置模式更改密码: Switch(config)#enable secret {password} 12.退出,并保存到startup-config文件里: Switch(config)#copy running-config startup-config 其实有的时候硬件安全比软件安全还要重要些.不然人人都扛个本本,.连根线到console口去恢复密码了-_-