Password Recovery in ROM Monitor Mode

Similar documents
Password Recovery in ROM Monitor Mode

Troubleshooting Booting

Router Recovery with ROM Monitor

Configuring Local Authentication and Authorization

NBAR2 HTTP-Based Visibility Dashboard

Router Recovery with ROM Monitor

RADIUS Route Download

Upgrading and Downgrading ROM Monitor Firmware on Cisco CRS Routers

Bringing Up Cisco IOS XR Software on the Router

AAA Dead-Server Detection

Controlling Switch Access with Passwords and Privilege Levels

Configuring System MTU

Controlling Switch Access with Passwords and Privilege Levels

Dynamic Bandwidth Sharing

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)

Configuring AAA Services

Configuring Logical Routers on Cisco IOS XR Software

Cisco IOS XR ROM Monitor Guide for the Cisco XR Series Router

Configuring Disk Backup and Disk Mirroring

Password Strength and Management for Common Criteria

Configuring EEE. Finding Feature Information. Information About EEE. EEE Overview

Configuring AAA Services

Encrypted Vendor-Specific Attributes

Configuring Passwords and Privileges

Link Aggregation Control Protocol (IEEE 802.3ad) Support for Cisco ubr10012 Routers

SSH Algorithms for Common Criteria Certification

Secure Domain Router Commands

ROM Monitor Overview

Configuring System MTU

Configuring the Cisco Discovery Protocol

Cisco ASR 9000 Series Aggregation Services Router ROM Monitor Configuration Guide, Release 4.3.x

Flow-Based per Port-Channel Load Balancing

PT Activity: Configure AAA Authentication on Cisco Routers

Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

Boot Commands on. System Management Command Reference for the Cisco NCS 6000 Series Routers OL

Exclusive Configuration Change Access and Access Session Locking

Configuring Secure Shell (SSH)

Configuring AAA Services

Boot Commands on the Cisco IOS XR Software

Object Tracking: IPv6 Route Tracking

Predownloading an Image to Access Points

No Service Password-Recovery

ROM Monitor Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.1.x

Flow-Based per Port-Channel Load Balancing

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

Create User Profiles and Assign Privileges

IOS and Configuration Basics

Configuring Internal Power Supplies

Configuring Access Point Groups

Transferring Files Using HTTP or HTTPS

Configuring Administrator Usernames and Passwords

Encrypted Vendor-Specific Attributes

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH)

Upstream Interface Configuration

Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging

Configuring Embedded Resource Manager-MIB

Dynamic Bandwidth Sharing

NETCONF Protocol. Restrictions for the NETCONF Protocol. Information About the NETCONF Protocol

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Configuring Secure Shell (SSH)

Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 5.1.x

Troubleshooting Initial Startup Problems

Configuring EEE. Finding Feature Information. Restrictions for EEE

802.1P CoS Bit Set for PPP and PPPoE Control Frames

Configuring Secure Shell (SSH)

Upgrading the Cisco cbr Series Converged Broadband Routers for Cisco IOS XE Everest

Contextual Configuration Diff Utility

Perform System Upgrade and Install Feature Packages

Clock Recovery System

Exclusive Configuration Change Access and Access Session Locking

XML Transport and Event Notifications

Upgrading Field-Programmable Hardware Devices for Cisco 1000 Series ISRs

Configuring Secure Shell (SSH)

Logging to Local Nonvolatile Storage (ATA Disk)

Clock Recovery System

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Enabling ALGs and AICs in Zone-Based Policy Firewalls

Cisco cbr Converged Broadband Routers High Availability Configuration Guide

Troubleshooting. Testing Your Configuration CHAPTER

Cisco IOS XR ROM Monitor Configuration Guide for the Cisco CRS Router, Release 6.1.x

Cisco IOS Login Enhancements-Login Block

Chapter 4. Network Security. Part II

Troubleshooting the Security Appliance

Configuring SDM Templates

Downstream Channel ID Assignment

Enabling ALGs and AICs in Zone-Based Policy Firewalls

Configuring Authorization

HTTP 1.1 Web Server and Client

XML Transport and Event Notifications

Bring-up the Router. Boot the Router

This document describes the sampled flow (sflow) feature and configuration steps to implement sflow.

Using Cisco IOS XE Software

Configuring Access Point Groups

Autoroute Announce and Forwarding Adjacencies For OSPFv3

Autoroute Announce and Forwarding Adjacencies For OSPFv3

RADIUS Tunnel Attribute Extensions

Configurations for the Layer 3 Switch Router

MPLS LDP Autoconfiguration

IP Overlapping Address Pools

Transcription:

This chapter describes how to recover a password on the router. It also includes instructions to bypass ksh authentication on a node. Information About Password Recovery, page 1 Recovering the Root Password on Single-RP Routers, page 1 Recovering the Root Password on Redundant-RP Routers, page 3 Bypassing ksh Authentication, page 4 Additional References, page 4 Information About Password Recovery If the root password is forgotten, it can be recovered only at the RP card. To recover the password at the Designated Shelf Controller (DSC), set the configuration register to 0x142 on the active RP and reboot the router. When the router boots, a password recovery dialog appears. This dialog prompts you to reset the root-system username and password. After you save the new password, the configuration register automatically resets to the prior value (such as 0x102). Note The AAA authentication configuration can still prevent access, even after the root password is recovered. In this case, you must bypass the ksh authentication via the auxiliary port. Recovering the Root Password on Single-RP Routers Use the following procedure to recover the router password from a router with a single RP: OL-28410-01 1

Recovering the Root Password on Single-RP Routers SUMMARY STEPS 1. Place the router in ROM Monitor (ROMMON) mode. 2. Set the RP configuration register to 0x42 at the ROM Monitor prompt: 3. Reset or power cycle the router so that the new setting takes effect: 4. Press Return at the prompt to enter the password recovery dialog, and then enter the new root-system username and password, and save the configuration. DETAILED STEPS Command or Action Purpose Step 1 Step 2 Step 3 Step 4 Place the router in ROM Monitor (ROMMON) mode. Set the RP configuration register to 0x42 at the ROM Monitor prompt: rommon B1> confreg 0x42 Reset or power cycle the router so that the new setting takes effect: Press Return at the prompt to enter the password recovery dialog, and then enter the new root-system username and password, and save the configuration. Note The configuration register is not an environment variable like TURBOBOOT. Do not enter an equal sign when entering the confreg command. rommon B2> reset The router password is recovered successfully. router con0/0/cpu0 is now available Press RETURN to get started. --- Administrative User Dialog --- Enter root-system username: user Enter secret: Enter secret again: RP/0/0/CPU0:Jan 10 12:50:53.105 : exec[65652]: %MGBL-CONFIG-6-DB_COMMIT : 'Administration configuration committed by system'. Use 'show configuration commit changes 2000000009' to view the changes. Use the 'admin' mode 'configure' command to modify this configuration. User Access Verification Username: user Password: RP/0/RP0/CPU0:router# 2 OL-28410-01

Recovering the Root Password on Redundant-RP Routers Recovering the Root Password on Redundant-RP Routers Use the following procedure to recover the router password from a router with redundant RPs. SUMMARY STEPS 1. Place both RPs in ROM Monitor mode. 2. Set the configuration register of the standby RP to 0x0 so that the standby RP does not take control during the password recovery. 3. For more information about configuration prompts that are displayed when you enter the confreg command. Set the boot type as 0 to enable ROM Monitor mode during the next system boot. 4. Set the active RP configuration register to 0x42: 5. Reset or power cycle the router so that the new setting takes effect. 6. Press Return at the prompt to enter the password recovery dialog. Then enter the new root-system username and password and save the configuration, as shown in the following example: 7. Set the configuration register of the standby RP to 0x102: 8. Reset the standby RP so that the new setting takes effect and the standby RP becomes operational. DETAILED STEPS Command or Action Purpose Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Place both RPs in ROM Monitor mode. Set the configuration register of the standby RP to 0x0 so that the standby RP does not take control during the password recovery. rommon B1> confreg 0x0 For more information about configuration prompts that are displayed when you enter the confreg command. Set the boot type as 0 to enable ROM Monitor mode during the next system boot. Set the active RP configuration register to 0x42: Reset or power cycle the router so that the new setting takes effect. Press Return at the prompt to enter the password recovery dialog. Then enter the new root-system username and password and save the configuration, as shown in the following example: Note The configuration register is not an environment variable like TURBOBOOT. Do not enter an equal sign (=) when entering the confreg command. rommon B1> confreg 0x42 rommon B2> reset The router password is recovered successfully. router con0/0/cpu0 is now available Press RETURN to get started. OL-28410-01 3

Bypassing ksh Authentication Command or Action Purpose --- Administrative User Dialog --- Enter root-system username: user Enter secret: Enter secret again: RP/0/RP0/CPU0:Jan 10 12:50:53.105 : exec[65652]: %MGBL-CONFIG-6-DB_COMMIT : 'Administration configuration committed by system'. Use 'show configuration commit changes 2000000009' to view the changes. Use the 'admin' mode 'configure' command to modify this configuration. Step 7 Step 8 User Access Verification Username: user Password: RP/0/0/CPU0:router# Set the configuration register of the standby RP to 0x102: Reset the standby RP so that the new setting takes effect and the standby RP becomes operational. rommon B3> confreg 0x102 rommon B4> reset Bypassing ksh Authentication You can bypass the ksh authentication for the auxiliary port of the route processor (RP), standby RP, and distributed RP cards and for console and auxiliary ports of line cards (LCs) and service processors (SPs). The situations in which ksh authentication may need to be bypassed include the following: DSC (active RP) disk0 corruption Loss of Qnet connectivity Inability to determine the node ID of the DSC(Active RP) For information and instructions to bypass ksh authentication, see the Configuring AAA Services on Cisco IOS XR Software chapter of Cisco IOS XR System Security Configuration Guide for the Cisco CRS Router. Additional References The following sections provide references related to the ROM Monitor. 4 OL-28410-01

Additional References Related Documents Related Topic How to bypass ksh authentication Document Title Configuring AAA Services on Cisco IOS XR Software module of Cisco IOS XR System Security Configuration Guide for the Cisco CRS Router Technical Assistance Description The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Link http://www.cisco.com/support OL-28410-01 5

Additional References 6 OL-28410-01

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback