Cisco 3945路由器密碼恢復,rommon模式操作詳解
在一次客戶的網絡出現故障,網絡中斷,排除故障的原因,發現到達路由器地址不通; 觀察到路由器接口燈全部熄滅,電源狀態正常;然後使用console線連接設備後,連續出現以下信息:
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
我推測是設備的Flash卡有問題,導致系統不能正常加載;
設備壞了,咱可以換,只可惜客戶這邊沒有專業的運維人員,在以前配置完後也沒保存配置;這不可就爲難我了;
經過我不懈的嘗試,設備多重啓幾次偶爾有一次是可以正常加載系統並恢復正常,但是好像只能維持5分鐘左右,趕緊試試客戶給的密碼,結果都不對。估計我出門沒燒香;
下面就是展現我真正實力的時候了:
先梳理一下流程:
此時有正常啓動的機率--->但是不知道enable密碼--->恢復密碼--->查看原來的配置;
1、我把Flash卡拔掉,讓系統加載rommon模式:
此時加電:
Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled
Readonly ROMMON initialized
終於進入rommon模式了,先來個問號,看看都可以幹嘛;
rommon 1 > ?
alias set and display aliases command
boot boot up an external process
break set/show/clear the breakpoint
confreg configuration register utility
cont continue executing a downloaded image
context display the context of a loaded image
cookie display contents of motherboard cookie PROM in hex
dev list the device table
dir list files in file system
frame print out a selected stack frame
help monitor builtin command help
history monitor command history
iomemset set IO memory percent
meminfo main memory information
repeat repeat a monitor command
reset system reset
rommon-pref Select ROMMON
set display the monitor variables
showmon display currently selected ROM monitor
stack produce a stack trace
sync write monitor environment to NVRAM
sysret print out info from last system return
tftpdnld tftp image download
unalias unset an alias
unset unset a monitor variable
hwpart Read HW resources partition
rommon 2 > dev //查看設備表
Devices in device table:
id nameflash0: compact flash 0
flash: compact flash 0 flash1: compact flash 1
bootflash: boot flash
usbflash0: usbflash0
usbflash1: usbflash1
我把Flash懟回去 在Flash1中看到了它裏面的文件;
rommon 3 > dir flash1:/
program load complete, entry point: 0x4000000, size: 0x18fa0
Directory of flash1:/
2 96183024 -rw- c3900-universalk9-mz.SPA.153-3.M.bin
23485 2903 -rw- cpconfig-39xx.cfg
23486 2999808 -rw- cpexpress.tar
24219 1038 -rw- home.shtml
24220 115712 -rw- home.tar
24249 1697952 -rw- securedesktop-ios-3.1.1.45-k9.pkg
24664 415956 -rw- sslclient-win-1.1.4.176.pkg
0 0 -rw- crashinfo_20181128-025939-UTC
24834 363143 -rw- crashinfo_20181129-041102-UTC //一堆系統崩潰信息;
24923 328800 -rw- crashinfo_20181129-060619-UTC
25004 331573 -rw- crashinfo_20181129-120924-UTC
25085 323167 -rw- crashinfo_20181210-191214-UTC
下面開始恢復密碼:
需要修改寄存器的值,然後重啓就行了;
rommon 6 > confreg //輸入confreg ,下面顯示了當前寄存器的數值
Configuration Summary(Virtual Configuration Register: 0x2102)
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C3900-SPE150/K9出現以下提示 :
do you wish to change the configuration? y/n [n]: y //你希望改變的配置?y / n[n]:輸入yes
enable "diagnostic mode"? y/n [n]: //下面幾個默認就行
enable "use net in IP bcast address"? y/n [n]:
disable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]: y //到這裏 啓用忽略系統配置信息 輸入yes
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]:
Configuration Summary(Virtual Configuration Register: 0x2142) //寄存器值已經更改,接下來重啓就行了;
do you wish to change the configuration? y/n [n]: n //輸入no
You must reset or power cycle for new config to take effect
接下來重啓設備,成功捏把汗,失敗再重來!
rommon 7 > reset
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled
Readonly ROMMON initialized
Compact Flash0: Not present
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled
Readonly ROMMON initialized
program load complete, entry point: 0x4000000, size: 0x18fa0
program load complete, entry point: 0x4000000, size: 0x18fa0
IOS Image Load Test
Digitally Signed Release Software
program load complete, entry point: 0x4000000, size: 0x5bb9ee0
Self decompressing the image : ############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################# [OK]
*** No sreloc section
Smart Init is enabled
smart init is sizing iomem
TYPE MEMORY_REQ
OIR memory 0x01800000
Onboard devices &
buffer pools 0x0230F000 TOTAL: 0x03B0F000Rounded IOMEM up to: 60Mb.
Using 5 percent iomem. [60Mb/1024Mb]
Restricted Rights LegendUse, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.3(3)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 22-Jul-13 01:55 by prod_rel_team
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Installed image archive
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 987136K/61440K bytes of memory.
Processor board ID **
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (×××) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash 1 (Read/Write)
--- System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]: n
% Crashinfo may not be recovered at flash:crashinfo
% This file system device reports an error
Press RETURN to get started!
*Jan 2 00:00:01.427: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3900 Next reboot level = ipbasek9 and License = ipbasek9
*Jan 2 00:00:01.467: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3900 Next reboot level = securityk9 and License = securityk9
*Mar 1 06:35:34.627: c3600_scp_set_dstaddr2_idb(184)add = 80 name is Embedded-Service-Engine0/0
*Mar 1 06:35:35.411: %×××_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Mar 1 06:35:35.411: %×××_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Mar 1 06:35:43.851: %SW_VLAN-4-IFS_FAILURE: VLAN manager encountered file operation error: call = ifs_open/read / code = 2595 (No such device)
/ bytes transfered = 0*Mar 1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
*Mar 1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
*Mar 1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
*Mar 1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Mar 1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Mar 1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Mar 1 06:35:45.459: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuration is ignored based on the configuration register setting.
*Mar 1 06:36:01.083: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.3(3)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 22-Jul-13 01:55 by prod_rel_team
*Mar 1 06:36:01.119: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Mar 1 06:36:01.191: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Mar 1 06:36:01.191: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Mar 1 06:36:02.691: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
*Mar 1 06:36:02.691: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Mar 1 06:36:02.743: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Mar 1 06:36:02.827: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
*Mar 1 06:36:03.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
Router>
很OK,成功了;
Router>
Router>en
Router#
Router#show run
Router#show running-config
Building configuration...
Current configuration : 1022 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!!
!
redundancy
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
Router#
Router#show startup-config //查看原來的配置,記得保存下來
Using 6903 out of 262136 bytes
!
! Last configuration change at 04:46:13 UTC Fri Oct 26 2018
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Return
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable password cisco
!
no aaa new-model
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
redundancy
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description <<to_BJ_4M>>
ip address 102.10.10.1 255.255.255.0
ip access-group wireless out
ip ospf hello-interval 3
ip ospf cost 10
duplex auto
speed auto
!
interface GigabitEthernet0/1
description <<TO-SW2-G0/24>>
ip address 102.123.134.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
description <<TO-SW1-G0/24>>
ip address 102.123.150.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
哈哈 ,如果幫到你了,記得點贊哦!