Cisco 3945路由器密码恢复,rommon模式操作详解
在一次客户的网络出现故障,网络中断,排除故障的原因,发现到达路由器地址不通; 观察到路由器接口灯全部熄灭,电源状态正常;然后使用console线连接设备后,连续出现以下信息:
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
我推测是设备的Flash卡有问题,导致系统不能正常加载;
设备坏了,咱可以换,只可惜客户这边没有专业的运维人员,在以前配置完后也没保存配置;这不可就为难我了;
经过我不懈的尝试,设备多重启几次偶尔有一次是可以正常加载系统并恢复正常,但是好像只能维持5分钟左右,赶紧试试客户给的密码,结果都不对。估计我出门没烧香;
下面就是展现我真正实力的时候了:
先梳理一下流程:
此时有正常启动的机率--->但是不知道enable密码--->恢复密码--->查看原来的配置;
1、我把Flash卡拔掉,让系统加载rommon模式:
此时加电:
Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled
Readonly ROMMON initialized
终于进入rommon模式了,先来个问号,看看都可以干嘛;
rommon 1 > ?
alias set and display aliases command
boot boot up an external process
break set/show/clear the breakpoint
confreg configuration register utility
cont continue executing a downloaded image
context display the context of a loaded image
cookie display contents of motherboard cookie PROM in hex
dev list the device table
dir list files in file system
frame print out a selected stack frame
help monitor builtin command help
history monitor command history
iomemset set IO memory percent
meminfo main memory information
repeat repeat a monitor command
reset system reset
rommon-pref Select ROMMON
set display the monitor variables
showmon display currently selected ROM monitor
stack produce a stack trace
sync write monitor environment to NVRAM
sysret print out info from last system return
tftpdnld tftp image download
unalias unset an alias
unset unset a monitor variable
hwpart Read HW resources partition
rommon 2 > dev //查看设备表
Devices in device table:
id nameflash0: compact flash 0
flash: compact flash 0 flash1: compact flash 1
bootflash: boot flash
usbflash0: usbflash0
usbflash1: usbflash1
我把Flash怼回去 在Flash1中看到了它里面的文件;
rommon 3 > dir flash1:/
program load complete, entry point: 0x4000000, size: 0x18fa0
Directory of flash1:/
2 96183024 -rw- c3900-universalk9-mz.SPA.153-3.M.bin
23485 2903 -rw- cpconfig-39xx.cfg
23486 2999808 -rw- cpexpress.tar
24219 1038 -rw- home.shtml
24220 115712 -rw- home.tar
24249 1697952 -rw- securedesktop-ios-3.1.1.45-k9.pkg
24664 415956 -rw- sslclient-win-1.1.4.176.pkg
0 0 -rw- crashinfo_20181128-025939-UTC
24834 363143 -rw- crashinfo_20181129-041102-UTC //一堆系统崩溃信息;
24923 328800 -rw- crashinfo_20181129-060619-UTC
25004 331573 -rw- crashinfo_20181129-120924-UTC
25085 323167 -rw- crashinfo_20181210-191214-UTC
下面开始恢复密码:
需要修改寄存器的值,然后重启就行了;
rommon 6 > confreg //输入confreg ,下面显示了当前寄存器的数值
Configuration Summary(Virtual Configuration Register: 0x2102)
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C3900-SPE150/K9出现以下提示 :
do you wish to change the configuration? y/n [n]: y //你希望改变的配置?y / n[n]:输入yes
enable "diagnostic mode"? y/n [n]: //下面几个默认就行
enable "use net in IP bcast address"? y/n [n]:
disable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]: y //到这里 启用忽略系统配置信息 输入yes
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]:
Configuration Summary(Virtual Configuration Register: 0x2142) //寄存器值已经更改,接下来重启就行了;
do you wish to change the configuration? y/n [n]: n //输入no
You must reset or power cycle for new config to take effect
接下来重启设备,成功捏把汗,失败再重来!
rommon 7 > reset
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled
Readonly ROMMON initialized
Compact Flash0: Not present
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
CISCO3945-CHASSIS with C3900-SPE150/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled
Readonly ROMMON initialized
program load complete, entry point: 0x4000000, size: 0x18fa0
program load complete, entry point: 0x4000000, size: 0x18fa0
IOS Image Load Test
Digitally Signed Release Software
program load complete, entry point: 0x4000000, size: 0x5bb9ee0
Self decompressing the image : ############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################# [OK]
*** No sreloc section
Smart Init is enabled
smart init is sizing iomem
TYPE MEMORY_REQ
OIR memory 0x01800000
Onboard devices &
buffer pools 0x0230F000 TOTAL: 0x03B0F000Rounded IOMEM up to: 60Mb.
Using 5 percent iomem. [60Mb/1024Mb]
Restricted Rights LegendUse, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.3(3)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 22-Jul-13 01:55 by prod_rel_team
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Installed image archive
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 987136K/61440K bytes of memory.
Processor board ID **
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (×××) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA CompactFlash 1 (Read/Write)
--- System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]: n
% Crashinfo may not be recovered at flash:crashinfo
% This file system device reports an error
Press RETURN to get started!
*Jan 2 00:00:01.427: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3900 Next reboot level = ipbasek9 and License = ipbasek9
*Jan 2 00:00:01.467: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3900 Next reboot level = securityk9 and License = securityk9
*Mar 1 06:35:34.627: c3600_scp_set_dstaddr2_idb(184)add = 80 name is Embedded-Service-Engine0/0
*Mar 1 06:35:35.411: %×××_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Mar 1 06:35:35.411: %×××_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Mar 1 06:35:43.851: %SW_VLAN-4-IFS_FAILURE: VLAN manager encountered file operation error: call = ifs_open/read / code = 2595 (No such device)
/ bytes transfered = 0*Mar 1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
*Mar 1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
*Mar 1 06:35:43.863: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
*Mar 1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Mar 1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Mar 1 06:35:44.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Mar 1 06:35:45.459: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuration is ignored based on the configuration register setting.
*Mar 1 06:36:01.083: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.3(3)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 22-Jul-13 01:55 by prod_rel_team
*Mar 1 06:36:01.119: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Mar 1 06:36:01.191: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Mar 1 06:36:01.191: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Mar 1 06:36:02.691: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
*Mar 1 06:36:02.691: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Mar 1 06:36:02.743: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
*Mar 1 06:36:02.827: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
*Mar 1 06:36:03.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
Router>
很OK,成功了;
Router>
Router>en
Router#
Router#show run
Router#show running-config
Building configuration...
Current configuration : 1022 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!!
!
redundancy
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
Router#
Router#show startup-config //查看原来的配置,记得保存下来
Using 6903 out of 262136 bytes
!
! Last configuration change at 04:46:13 UTC Fri Oct 26 2018
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Return
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable password cisco
!
no aaa new-model
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
redundancy
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description <<to_BJ_4M>>
ip address 102.10.10.1 255.255.255.0
ip access-group wireless out
ip ospf hello-interval 3
ip ospf cost 10
duplex auto
speed auto
!
interface GigabitEthernet0/1
description <<TO-SW2-G0/24>>
ip address 102.123.134.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
description <<TO-SW1-G0/24>>
ip address 102.123.150.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
哈哈 ,如果帮到你了,记得点赞哦!