Cisco 2600密码恢复的原理: 启动时绕过startup-config的配置(enable密码保存在startup-config中),然后重新配置enable密码。如果要使路由器在启动时绕过startup-config的配置,只有修改配置寄存器的值。正常情况下配置寄存器的值是0x2102==0010.0001.0000.0010,其中第三段的第2个比特位可以控制路由器的启动顺序。如果该位为0,则启动时候运行startup-config的配置,如果该位为1则忽略startup-config的配置,而进入setup模式。
1. 冷启动路由器,在开机的前
60秒之内,按住“Ctrl+Break”键,系统会进入灾难恢复模式;
2. 在灾难恢复模式下修改路由器寄存器的值使得路由器重新启动时,不读
NVRAM中的配置文件,从而进入路由器的特权模式就不需要输入密码了;
3. 进行特权模式修改密码,并保存配置。从而破掉特权密码。
具体的密码恢复过程
1. 冷启动路由器,在开机的前
60秒之内,按住“Ctrl+Break”键。这时系统会进入灾难恢复模式,其提示符为“Rommon>”
System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
Copyright (c) 2002 by cisco Systems, Inc.
C2600 platform with 131072 Kbytes of main memory
monitor: command "boot" aborted due to user interrupt
rommon 1 >
rommon 1 >
2. Rommon>
confreg 0X2142 //
修改寄存器的值为0X2142
改变寄存器的值,让路由器忽略startup-config的配置,而进入Setup模式
You must reset or power cycle for new config to take effect
3. Rommon>
reset
//
重启路由器,重启后由于不再读NVRAM中的配置文件,因此系统会提示是否进入SETUP模式,请选择“NO”
System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)
Copyright (c) 2002 by cisco Systems, Inc.
C2600 platform with 131072 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0xe688c8
Self decompressing the p_w_picpath : #################################################
################################################################################
################################################################################
########################## [OK]
Smart Init is enabled
smart init is sizing iomem
ID MEMORY_REQ TYPE
00036B 0X00103980 C2611XM Dual Fast Ethernet
0X000F3BB0 public buffer pools
0X00211000 public particle pools
TOTAL: 0X00408530
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 5Mb.
Using 3 percent iomem. [5Mb/128Mb]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK8O3S-M), Version 12.2(11)T, RELEASE SOFTWARE (
fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 01-Aug-02 12:47 by ccai
Image text-base: 0x8000809C, data-base: 0x818188F4
Compliance with U.S. Export Laws and Regulations - Encryption
This product performs encryption and is regulated for export
by the U.S. Government.
This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.
This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.
Persons outside the U.S. and Canada may not re-export, resell,
or transfer this product by either physical or electronic means
without prior approval of Cisco Systems, Inc. or the U.S.
Government.
cisco 2611XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of me
mory.
Processor board ID JAD07020UQK (3078295415)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
no //
不进入对话模式退回到EXEC模式
Press RETURN to get started!
*Mar 1 00:00:14.046: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
*Mar 1 00:00:14.046: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state t
o up
*Mar 1 00:00:15.048: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/0, changed state to down
*Mar 1 00:00:15.048: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/1, changed state to down
*Mar 1 00:00:20.613: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state
to administratively down
*Mar 1 00:00:20.613: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state
to administratively down
*Mar 1 00:00:22.384: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK8O3S-M), Version 12.2(11)T, RELEASE SOFTWARE (
fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 01-Aug-02 12:47 by ccai
*Mar 1 00:00:22.384: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing
a cold start
4. Router>
//
用户模式提示符
5. Router>
enable //
进入特权模式
6. Router#
//特权模式提示符
7. Router#
copy startup-config running-config //
把NARAM中的配置文件装载到RAM中,使得原来的配置还在
使路由器以前的配置生效,保证以前的配置不丢失。
Destination filename [running-config]?
702 bytes copied in 2.488 secs (282 bytes/sec)
8. Router#
config terminal //
进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
9. Router(config)#
//
全局配置模式提示符
10. Router(config)#
no enable password //
删除使能密码
11. Router(config)#
no enable secret //
删除加密密码
12. Router(config)#
config-register 0X2102 //
还原寄存器的值为0X2102
把配置寄存器的值改回来,否则以后每次重新启动路由器都进入setup模式
13. Router(config)#
exit //
返回到特权模式
14. Router#
//特权模式提示符
15. Router#
copy running-config startup-config //
把修改过密码的配置文件备份到NVRAM里
Destination filename [startup-config]?
Building configuration...
[OK]