Password recovery on the cisco 2900 series is a little bit more involved than password recovery on a 2800 -- you need physical access to the switch to push a button. Remote control power outlets won't help you, here. Instead of typing the "break" sequence at boot time, you need to push the "MODE" button.
So, yeah, connect up your console, power cycle the router (there's no power switch, so you have to unplug/replug it), and the press and hold the "MODE" button as you power it up.
The top LED above the MODE button is labelled "SYST". This LED will begin to flash green during the POST, and - if you are holding down the "MODE" button -- will eventually turn solid green. At that point, you can release the "MODE" button.
You should see console output that looks something like this:
Base ethernet MAC Address: de:ad:be:ef:ca:fe
Xmodem file SYSTem is available.
The password-recovery mechanism is enabled.
Initializing Flash...
Base ethernet MAC Address: 00:1a:a1:44:f5:00
Xmodem file SYSTem is available.
The password-recovery mechanism is enabled.
The SYSTem has been interrupted prior to initializing the
flash fileSYSTem. The following commands will initialize
the flash fileSYSTem, and finish loading the operating
SYSTem software:
flash_init
load_helper
boot
switch:
Next, issue the "flash_init" command so it notices its flash memory and the "load_helper" command:
switch: flash_init
Initializing Flash...
flashfs[0]: 602 files, 19 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32514048
flashfs[0]: Bytes used: 12889088
flashfs[0]: Bytes available: 19624960
flashfs[0]: flashfs fsck took 10 seconds.
...done Initializing Flash.
Boot Sector FileSYSTem (bs) installed, fsid: 3
Setting console baud rate to 9600...
switch: load_helper
switch:
If you do a directory listing of the flash drive, you should see a file named "config.text", which contains the startup configuration for your device. Renaming that to something other than "config.text" (or, if you want to do a full wipe, deleting it) will cause the switch to boot up without a startup config.
switch: rename flash:config.text flash:config.old
switch:
Issuing the "boot" command will start the rest of the boot process. Once its up and ready, answer "no" to the initial configuration prompt.
switch: boot
Loading "flash:c2960-lanbasek9-mz.122-25.SEE4.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@
File "flash:c2960-lanbasek9-mz.122-25.SEE4.bin" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
[blahblahblah]
Switch Ports MODEl SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C2960-24TT-L 12.2(25)SEE4 C2960-LANBASEK9-M
Press RETURN to get started!
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
Since the switch doesn't have a config, you can go into enable MODE without needing to use a password. Then you can load the old config into running memory.
Switch>ena
Switch#copy flash:config.old running
Destination filename [running-config]?
Failed to generate persistent self-signed certificate.
3298 bytes copied in 0.361 secs (9136 bytes/sec)
My-Pet-Switch#
And now you can change the password to whatever you want.
My-Pet-Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
My-Pet-Switch(config)#ena sec Y0ullNeverGuess
My-Pet-Switch(config)#line con 0
My-Pet-Switch(config)#pass ThisIsMyPW
My-Pet-Switch(config)#line vty 0 15
My-Pet-Switch(config)#pass ThisIsMyPW
My-Pet-Switch(config)#
My-Pet-Switch(config)#^Z
My-Pet-Switch(config)#wr mem
Don't forget to save the config to memory!
If you want to keep the old config for some archival purpose, you can tftp it off. Otherwise, you can delete it with the "delete flash:config.old" command.
No comments:
Post a Comment