五月份某地市移动OA网核心割接时,曾按照旧的配置文件将C6506配置了AAA,但是又没有配置username。搞得连CONSOLE也没法登陆。虽是小问题,但在深夜一两点钟专门研究绝对不是件浪漫的事情。
详细版:
1
交换机先不启动
用console先连接交换机,这里的型号是2900xl
线的另外一头用转接线接到pc上,
在电脑上打开超级终端。
建超级终端的方法不在详细说明,
也很简单,把设置都点成默认的即可。
3
确认线都连好了,
然后打开交换机,在打开的同时,安装moderm检,大约10-15秒左右,直到出现
C2900XL Boot Loader (C2900-HBOOT-M) Version 12.0(5.2)XU, MAINTENANCE INTERIM SOF
TWARE
Compiled Mon 17-Jul-00 18:19 by ayounes
starting...
Base ethernet MAC Address: 00:03:e3:b6:de:00
Xmodem file system is available.
The system has been interrupted prior initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:
switch:
4
输入命令
switch:flash_init
出现如下代码。
switch: flash_init
Initializing Flash...
flashfs[0]: 110 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2780672
flashfs[0]: Bytes available: 832000
flashfs[0]: flashfs fsck took 6 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
5
然后输入load_helper,这里没有什么显示的东西,接着第六步。
6然后查看flash
这个步骤是必须的,
输入命令
swtich:dir flash:
出现如下状态
switch: dir flash:
Directory of flash:/
2 -rwx 1645810 c2900XL-c3h2s-mz-120.5.2-XU.bin
3 -rwx 105970 c2900XL-diag-mz-120.5.2-XU
4 drwx 6784 html
111 -rwx 286 env_vars
113 -rwx 908 vlan.dat
114 -rwx 2052 config.text
832000 bytes available (2780672 bytes used)
这个有个config.txt,主要就是对这个文件的操作了,
交换机启动的时候要加载这个文件,我们把这个文件的名字给改掉就不加栽了,
swtich:rename flash:config.text flash:config.back
这样我们就不用输密码就能进入系统了。
7然后我们输入boot命令
让交换机启动,出现如下状态。
Loading "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"...##############################
################################################################################
#############################################
File "flash:c2900XL-c3h2s-mz-120.5.2-XU.bin"
oint: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE IN
TERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 17-Jul-00 17:35 by ayounes
Image text-base: 0x00003000, data-base: 0x00301F3C
Initializing C2900XL flash...
flashfs[1]: 110 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 3612672
flashfs[1]: Bytes used: 2780672
flashfs[1]: Bytes available: 832000
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initializ
...done Initializing C2900XL flash.
C2900XL POST: System Board Test: Passed
C2900XL POST: Daughter Card Test: Passed
C2900XL POST: CPU Buffer Test: Passed
C2900XL POST: CPU Notify RAM Test: Passed
C2900XL POST: CPU Interface Test: Passed
C2900XL POST: Testing Switch Core: Passed
C2900XL POST: Testing Buffer Table: Passed
C2900XL POST: Data Buffer Test: Passed
C2900XL POST: Configuring Switch Parameters: Passed
C2900XL POST: Ethernet Controller Test: Passed
C2900XL POST: MII Test: Passed
cisco WS-C2924-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K byte
s of memory.
Processor board ID FAB0441T19K, with hardware revision 0x01
Last reset from power-on
Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
24 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:03:E3:B6:DE:00
Motherboard assembly number: 73-3382-08
Power supply part number: 34-0834-01
Motherboard serial number: FAB0440838L
Power supply serial number: DAB042636ZX
Model revision number: A0
Motherboard revision number: C0
Model number: WS-C2924-XL-EN
System serial number: FAB0441T19K
C2900XL INIT: Complete
00:00:28: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.2)XU, MAINTENANCE IN
TERIM SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mo
蓝色狂想(43970287) 20:06:38
Compiled Mon 17-Jul-00 17:35 by ayounes
00:00:29: %SPANTREE-2-RECV_1Q_NON_TRUNK:
Received 802.1Q BPDU on non trunk FastEthernet0/1 on vlan 1.
00:00:29: %SPANTREE-2-BLOCK_PORT_TYPE: Blocking FastEthernet0/1 on vlan 1.
Inconsistent port type.
8
启动后.你会看到熟悉的Continue with configuration dialog? [yes/no]:
记住要输入n,
要做的事情改config.text的名字
Switch>en
Switch#rename flash:config.back flash:config.text
Destination filename [config.text]?
按回车
9
然后
switch#copy flash:config.text system:running-config
出现了如下情况
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administ
ratively down
00:04:07: %LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interfac
192.168.17.128 overlaps with VLAN1e FastEthernet0/16, changed state to administr
atively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administ
ratively down
00:04:08: %LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administ
ratively down
00:04:09: %LINK-5-CHANGED: Interface
2052 bytes copied in 5.736 secs (410 bytes/sec)
Switch#FastEthernet0/21, changed state to administratively down
00:04:09: %LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administ
ratively down
00:04:09: %LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administ
ratively down
00:04:09: %LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administ
ratively down
Switch#
00:04:10: %SYS-5-CONFIG: Configured from by
Switch#
00:04:18: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/1 on vlan 1
.
Port consistency restored.
10
然后config term
Switch#config ter
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
进入终端模式
Switch(config)#enable secret cisco设置交换机密码为cisco
Switch(config)#end
Switch#
00:05:59: %SYS-5-CONFIG_I: Configured from console by console
11
Switch#copy running-config start
Destination filename [startup-config]?
Building configuration...
12
disable推出
en
测试密码是否成功,
reload
重启就可以了
到此完成了。
今天应客户要求对其6509交换机进行恢复密码,客户那共有两台6509交换机,互为主备,分别为6509A和6509B,本次恢复的是主核心交换6509A。两台交换机的硬件配置都一样,具体模块如下,使用的sup2引擎。
6509B#sh module
Mod Ports Card Type
Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-SUP2-2GE SAL06386B6H
3 8 8 port 1000mb GBIC Enhanced QoS WS-X6408A-GBIC SAL06386AE8
4 8 8 port 1000mb GBIC Enhanced QoS WS-X6408A-GBIC SAL06386AA6
5 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 SAL06386JB6
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 0009.11e4.ecc4 to 0009.11e4.ecc5 3.10 6.1(3) 6.2(2.104) Ok
3 000a.f45c.5540 to 000a.f45c.5547 2.1 5.4(2) 6.2(2.104) Ok
4 000a.f45c.54e8 to 000a.f45c.54ef 2.1 5.4(2) 6.2(2.104) Ok
5 000a.f4b6.fa50 to 000a.f4b6.fa7f 6.2 5.4(2) 6.2(2.104) Ok
Mod Sub-Module Model Serial Hw Status
--- --------------------------- --------------- --------------- ------- -------
1 Policy Feature Card 2 WS-F6K-PFC2 SAL063766HW 3.3 Ok
1 Cat6k MSFC 2 daughterboard WS-F6K-MSFC2 SAL06365VH1 2.5 Ok
本恢复步骤的使用范围:
本恢复步骤适用于cisco6500/6000系列使用Supervisor 1, Supervisor 2, or Supervisor 720的IoS系统交换机,但不适用于使用Supervisor 720且IoS版本低于12.2(17)SX.的交换机
以下是详细恢复过程及注意事项:
Step1. 将笔记本电脑与交换引擎上的Console口相连,打开超级终端,确定已经连接好!(具体的连接和设置方法就不说了,相信大家都会)
Step2.交换机断电(两个电源模块的开关都关闭)后,等待30秒后重新加电
Step3.超级终端上会显示系统正在引导,待出现以下显示时按Ctrl-Break键中断启动(大约需哟25到60秒的时候会出现)
00:00:03: %OIR?6?CONSOLE: Changing console ownership to route processor
原因是65交换机在启动时先启动交换功能,然后把控制权交给路由处理器,启动路由功能。我们在恢复密码的时候必须在路由处理器获得控制权后中断启动,否则密码不能恢复!
Step4:成功中断后你会看到Rommon >1 提示符,在该提示符下输入confreg 0x2142后回车会出现Rommon 2>提示符,在该提示符下输入reset重新启动交换机
Step5:交换机重启后不会引导原先的配置,可以顺利进入特权模式。依次输入以下命令
6509>enable
6509#copy start run 把原先的配置引导进来(没输此命令前一定不要输入conf t进入配置模式)
6509A#conf t
6509A(config)#enable secret cisco(输入新密码,替换旧密码)
6509A(config)#config-register 0x2102(恢复到原来的寄存器值)
6509A#wr mem
到此密码就已经修改完毕,但是还没有完全结束,以下操作很重要!
6509A#sh ip int b(你会看的所有的接口都已经shut down了,虽然原来的配置已经在运行)
所以必须在接口命令下手工将需要打开的接口启用(使用命令no shut)!no shut后再保存一遍配置。
Step6:6509A#reload (重新加载系统完成密码恢复)
重新启动后我使用命令sh spanning-tree b和show standby检查了该交换机是否已经工作正常。密码恢复过程中由备用核心交换6509B负责数据转发。
