Cisco路由器密码恢复方法.doc

Cisco路由器密码恢复方法2011-11-13 16:00:22标签：路由器内存memoryCisco动态Cisco路由器保存了几种不同的配置参数，并存放在不同的内存模块中。Cisco系列路由器的内存有：ROM、闪存(Flashmemory)、RAM、不可变RAM和动态内存(DRAM)等5种。一般情况下，路由器启动时，首先运行ROM中的程序，进行系统自检及引导，然后运行Flash中的ISO，并在NVRAM中寻找路由器配置，并装入DRAM中。口令恢复的关键在于对配置登记码(Configuration Register Value)进行修改，从而让路由器从不同的内存中调用不同的参数表进行启动。有效口令存放在NVRAM中，因此修改口令的实质是先让登记码不起作用，从而可以进行直接启动，完成后再将登记码恢复(如忘记恢复，路由器重新启动后修改的配置可能会丢失)。ConfigurationRegisterValue含义0X2102缺省设置Bit13=0X2000Flash引导失败5次后，自动从ROM引导Bit8=0X0100关闭Break键Bootfield=0X20X2101从Flash中引导正常运行模式Bootfield=0X10X142进入bootROM运行模式Router(boot)Bit8=0X0040进入bootmonitor运行模式或rommonBootfield=0X2从Flash中引导正常运行模式对于cisco的各种路由器进入rom状态的方法不尽相同，但一般通过如下三种方法可以进入rom状态 ，在使用过程中可以分别试用进入。1、如果break 未被屏蔽，可以在开机60秒内按ctl+break 键中断启动过程，进入rom状态。此方法原则上适用于所有的Cisco系列路由器。2、如果break键已经屏蔽，可以通过循环开机的方法进入rom状态。方法是：路由器开机后，将电源关闭。间隔5秒后重新开机，一般会进入rom状态。此方法适用于7500、12000等路由器。3、将超级终端通讯波特率设置为1200，数据位8 ，奇偶位1 停止位无。开启路由器电源，启动后，关机。停5秒后，重新开机，同时一直按住空格键12秒后放开，等路由器启动完成后，重新更改超级终端位默认值。通讯波特率设置为9600，数据位8 ，奇偶位1 停止位无 。重新连接后，从终端上可以看到已经进入rom 状态。注意在波特率位1200时终端上没有内容显示。此方法适用于2500、2600、4500等系列路由器。具体的操作步骤当Cisco 路由器的口令被错误修改或者忘记时，可以按如下步骤进行操作：开机时按，使进入ROM监控状态。作如下设置，使路由器引导时忽略NVRAM中的设置。o/r0x2142Cisco2500系列rommon1confreg0x2142Cisco26001600系列boot#setios-conf=0x2142Cisco800系列正常值一般为0x2102重新启动路由器在Setup下，选择No回答进入特权模式恢复NVRAM中的配置Router#configurememory恢复正常配置寄存器并激活所有端口Router#configureterminalRouter(config)#config-register0x2102Router(config)#interfacexxRouter(config)#noshut查询并记录丢失的口令Router#showconfigure(showstartup-config)修改口令Router#configuretermonalRouter#enablesecretxxxxxxxRouter(config)#lineconsole0Router(config-line)#loginRouter(config-line)#passwordxxxxxxxRouter(config-line)#Cisco 路由器的enable密码恢复实例(适用1700/2600/3600/3700)1、将一台终端或装有超级终端软件的PC接到交换机的console口上。终端参数设置如下：速率：9600bps检较位：无数据位：8停止位：1流控：无2、关闭路由器电源3、在启动的60秒内同时按下Ctrl+Break，使设备进行rommon状态。4、在Rommon中输入：confreg 0x2142，如下所示：rommon1confreg0x21425、输入reset，命令如下：rommon2reset6、等待系统重启，如果设备在重启过程中要求进行初始化配置，回答no，如下所示：cisco3745(R7000)processor(revision2.0)with116736K/14336Kbytesofmemory.ProcessorboardIDJPE0810106MR7000CPUat350Mhz,Implementation39,Rev3.3,256KBL2,2048KBL3CacheChannelizedE1,Version1.0.Bridgingsoftware.X.25software,Version3.0.0.PrimaryRateISDNsoftware,Version1.1.2FastEthernet/IEEE802.3interface(s)4ChannelizedE1/PRIport(s)DRAMconfigurationis64bitswidewithparitydisabled.151Kbytesofnon-volatileconfigurationmemory.31168KbytesofATASystemCompactFlash(Read/Write)-SystemConfigurationDialog-Wouldyouliketoentertheinitialconfigurationdialog?yes/no:nPressRETURNtogetstarted!7、输入回车，enable，再回车，进入enable状态，命令如下：RouterenRouter#8、输入config memory，调入原配置文件。命令如下：Router#confmem9、进入配置模式并配置新口令：Router#conftRouter(config)#enablesecret(newpassword)10、退出到用户模式，然后进入特权模式测试新口令11、修改config-register，命令如下：Router(config)#config-register0x210212、保存配置Router(config)#exitRouter#writeCisco2500系列路由器(以2509为例)登陆密码的恢复具体操作方法：1、在启动的60 秒内按下中断键Ctrl+Break,如果Break被屏蔽了可以使用循环开机的方法，使设备进入rom monitor状态。2、在rom monitor中输入o命令：oconfigurationregister=0X2102atlastboot记下当前的Configuration register值，这里是0x2102，通常为0x2102或0x102。如果用命令不能获得有关提示，可以查看类似的路由器来获得配置寄存器的值或用0x2102试试。3、输入“o/r 0x0142”，更新Configuration register值，使路由器启动时跳过配置文件直接启动，以便原来的密码不起作用，具体操作如下：o/r0x01424、重新启动路由器：irommon2reset5、在“Setup”模式，对所有问题回答“No”6、进入特权模式：routerenable7、下载NVRAMRouterconfigurememory8、恢复原始配置寄存器值并激活所有端口：2509#configureterminal2509(config)#configregister0X21022509(config)#interfacee0/12509(config)#noshutdown9、查询并记录丢失的口令：2509#showconfiguration(showstartupconfig)10、修改口令：2509#configureterminal2509(config)lineconsole02509(configline)#login2509(configline)#passwordxxxxxxx2509(configline)#2509(configline)#writememory(copyrunningconfigstartupconfig)Cisco 1600系列路由器密码恢复步骤目录介绍开始前规则前提条件逐步说明密码恢复步骤举例相关信息介绍本文件说明了恢复enable password密码或enable secret密码的步骤。这些密码是用来保护对特权EXEC和配置模式的合法访问。Enable password密码可以恢复，而enable secret密码是经过加密的，因此只能采取下面的步骤生成一个新密码来取代旧密码。注：?/B密码恢复步骤适用于以下思科产品： Cisco 806 Cisco 4700 Catalyst 2948G-L3 Cisco 827 Cisco AS5x00 Catalyst 4840G Cisco uBR900 Cisco 6x00 Catalyst 4908G-L3 Cisco 1003 Cisco 7000 (RSP7000) Catalyst 5500 (RSM) Cisco 1004 Cisco 7100 Catalyst 8510-CSR Cisco 1005 Cisco 7200 Catalyst 8510-MSR Cisco 1400 Cisco 7500 Catalyst 8540-CSR Cisco 1600 Cisco uBR7100 Catalyst 8540-MSR Cisco 1700 Cisco uBR7200 Cisco MC3810 Cisco 2600 Cisco uBR10000 Cisco NI-2 Cisco 3600 Cisco 12000 Cisco VG200 Analog Gateway（模拟网关） Cisco 4500 Cisco LS1010 Route Processor Module（路由处理器模块）开始前规则有关文件规则的详情，请参阅Cisco技术提示规则。前提条件本文件没有特别的前提条件。逐步说明请参照以下步骤恢复密码：1. 将带有终端仿真的终端或PC连接到路由器的控制台端口。采用以下终端设置：o 9600波特率o 无奇偶o 8个数据位o 1个停止位o 无流控制有关如何将终端与控制台端口或AUX端口连接的详细说明，请参阅以下文件：o Cisco路由器的控制台和AUX端口布线指南o 将终端连接到Catalyst 2948G-L3、4908G-L3和4840G 系列交换机o Catalyst 8510CSR和8540CSR 交换机控制台端口引脚2. 如果您仍然连接在路由器上，键入show version并记录配置寄存器的设置，通常是0x2102或0x102，在这里点击并可看到show version命令的输出。3. 如果您已无权限使用路由器（由于注册或TACACS密码丢失），您可以认为您的配置寄存器设置为0x2102。4. 关闭路由器电源，然后再打开。注意： 在Cisco 6400上进行第4步时，先拔出节点路由处理器(NRP)或节点交换处理器 (NSP) 卡，然后再将其插入。注意： 在使用NI-2的Cisco 6x00上进行第4步时，先拔出NI-2 卡，然后再将其插入。5. 在路由器加电的60秒内按终端键盘上的Break，将路由器置于ROMMON。如果break序列不起作用，请参阅“在密码恢复过程中Break序列的可能键组合”查找其它键组合。6. 在rommon 1提示符下键入confreg 0x2142，在不装载配置的情况下从闪存启动。7. 在rommon 2提示符下键入reset。路由器重启，但会忽略以前保存的配置。8. 在每个设置问题后键入no或按Ctrl-C跳过最初的设置步骤。9. 在Router 提示符下键入enable。您将处于开启模式并看到Router# 提示符。10. 注意： 键入configure memory或copy startup-config running-config，将非易失性RAM (NVRAM)拷贝到内存中。不要键入configure terminal。11. 键入write terminal或show running-config。show running-config和write terminal命令显示路由器的配置。在这个配置中，您将在所有界面下看到shutdown命令，表明所有界面当前都处于关闭状态。此外，您还可以看到加密或未加密的密码（启用密码，启用 secret、vty、console密码等）。未加密的密码可以再次使用，而加密的密码只能用新密码替换。12. 键入configure terminal进行更改。现在的提示符是hostname(config)#。13. 例如，键入enable secret 来更改enable secret密码。14. 在您使用的每个界面下给出no shutdown命令。如果您发出show ip interface brief命令，那么您要使用的每个界面都应是up状态。15. 键入config-register 0x2102或您在第2步中记录的值。16. 按Ctrl-z或end退出配置模式。现在的提示符是hostname#。17. 键入write memory或copy running-config startup-config确认所做的更改。密码恢复步骤举例下面是一个密码恢复步骤的实例。我们是使用Cisco 2600来进行密码恢复的。然而，即使您并未使用Cisco 2600，您所采用的其他产品的密码恢复步骤也与以下步骤基本相似。Routerenable Password: Password: Password: % Bad secrets Routershow version Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 0x80008088, data-base: 0x80C524F8 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by abort at PC 0x802D0B60 System image file is flash:c2600-is-mz.120-7.T cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) Configuration register is 0x2102 Router !- 路由器刚刚关机又开机，启动时，向路由器发送Break序列 ! * System received an abort due to Break Key * signal= 0x3, code= 0x500, context= 0x813ac158 PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030 rommon 1 confreg 0x2142 You must reset or power cycle for new config to take effect rommon 2 reset System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2600 platform with 32768 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0x6fdb4c Self decompressing the image : # # # # # OK Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 0x80008088, data-base: 0x80C524F8 cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) - System Configuration Dialog - Would you like to enter the initial configuration dialog? yes/no: n Press RETURN to get started! 00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up 00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up 00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up 00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down 00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0, changed state to down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up Router 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down 00:00:50: %SYS-5-RESTART: System restarted - Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye 00:00:50: %LINK-5-CHANGED: Interface BRI0/0, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down 00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down 00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down Router Routerenable Router#copy startup-config running-config Destination filename running-config? 1324 bytes copied in 2.35 secs (662 bytes/sec) Router# 00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to down 00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, changed state to down Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret cisco Router(config)#Z 00:01:54: %SYS-5-CONFIG_I: Configured from console by console Router#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 7 YES TFTP administratively down down Serial0/0 unassigned YES TFTP administratively down down BRI0/0 57 YES unset administratively down down BRI0/0:1 unassigned YES unset administratively down down BRI0/0:2 unassigned YES unset administratively down down Ethernet0/1 unassigned YES TFTP administratively down down Serial0/1 unassigned YES TFTP administratively down down Loopback0 57 YES TFTP up up Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface Ethernet0/0 Router(config-if)#no shutdown Router(config-if)# 00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up 00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up Router(config-if)#interface BRI0/0 Router(config-if)#no shutdown Router(config-if)# 00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down 00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down 00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up 00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 68 changed to up Router(config-if)#Z Router# 00:02:35: %SYS-5-CONFIG_I: Configured from console by console Router#copy running-config startup-config Destination filename startup-config? Building configuration. OK Router#show version Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 0x80008088, data-base: 0x80C524F8 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by abort at PC 0x802D0B60 System image file is flash:c2600-is-mz.120-7.T cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile co