实验目的:

1、掌握路由器密码恢复。

2、掌握交换机密码恢复。

实验拓扑:

实验步骤:

一、路由器密码恢复

1、断开电源,重启路由器,并按住Ctrl+break组合键,进入rommon模式,如下:

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.

Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory


Self decompressing the image :

#############

monitor: command "boot" aborted due to user interrupt

rommon 1 >

2、修改路由器配置寄存值为0x2142,重启路由器,如下:

rommon 1> confreg 0x2142

rommon 2 > reset

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.

Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory


Self decompressing the image :

########################################################################## [OK]


              Restricted Rights Legend


Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.


           cisco Systems, Inc.

170 West Tasman Drive

           San Jose, California 95134-1706

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by cisco Systems, Inc.

Compiled Wed 27-Apr-04 19:01 by miwang

Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory

Processor board ID JAD05190MTZ (4292891495)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

63488K bytes of ATA CompactFlash (Read/Write)


         --- System Configuration Dialog ---


Continue with configuration dialog? [yes/no]:

Continue with configuration dialog? [yes/no]:

Continue with configuration dialog? [yes/no]:

可以看到,由于配置寄存值的原因,路由器没有读取本地配置文件。

3、进入正常操作模式,恢复配置并删除密码,如下:

①恢复配置

Router#copy startup-config running-config

Destination filename [running-config]?


520 bytes copied in 0.416 secs (1250 bytes/sec)

R1#

②查看配置

R1#show run

Building configuration...


Current configuration : 563 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname R1

enable secret 5 $1$mERr$SFZOwQ08LKBCxfyaONDzp.

username PingingLab secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

③删除密码

R1(config)#no username PingingLab

R1(config)#no enable secret

R1(config)#line con 0

R1(config-line)#no login local

若设备本身的配置文件对我们意义不大的话,则建议直接采用write erase清空配置。

4、修改配置寄存值,如下:

R1(config)#config-register 0x2102

查看配置寄存值

R1#show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by cisco Systems, Inc.

Compiled Wed 27-Apr-04 19:01 by miwang

Image text-base: 0x8000808C, data-base: 0x80A1FECC


ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.

ROM: C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)


System returned to ROM by reload

System image file is "flash:c2600-i-mz.122-28.bin"


Cisco 2621 (MPC860) processor (revision 0x200) with 253952K/8192K bytes of memory

.

Processor board ID JAD05190MTZ (4292891495)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

63488K bytes of ATA CompactFlash (Read/Write)


Configuration register is 0x2142 (will be 0x2102 at next reload)

5、保存配置并重启路由器。

R1#write

Building configuration...

[OK]

R1#reload

Proceed with reload? [confirm]

此时,路由器密码恢复成功。

二、交换机密码恢复

1、断开电源,重启交换机,并按住交换机面板上的“mode”键盘,进入switch:模式并初始化文件系统,如下:

switch:

switch:flash_init

2、修改交换机默认配置文件的名字,重启交换机,如下:

switch:rename flash:config.text flash:config2.text

switch:boot

3、进入正常模式后,恢复配置并删除密码,如下:

①恢复配置

swith#copy flash:config2.text run

SW1#

②查看配置

SW1#show running-config

Building configuration...


Current configuration : 1145 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SW1

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

username PingingLab secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

③删除密码

SW1(config)#no username PingingLab

SW1(config)#no enable secret

SW1(config)#line console 0

SW1(config-line)#no login local

SW1(config-line)#exit

若交换机本身配置对我们没有意义,则建议直接清空配置。

4、修改交换机配置文件名字到默认命名,如下:

SW1#rename flash:config2.text flash:config.text

5、保存配置并重启交换机。

SW1#write

Building configuration...

[OK]

SW1#reload

此时交换机密码恢复成功。