Research and Practice of Cisco Series Router Password Recovery
1 password recovery principle
(1) The Cisco router saves several different configuration parameters and stores in different memory modules. The memory of the Cisco series router is: ROM, flash memory, RAM, non-variable RAM, and Dynamic Memory (DRAM), etc., see table 1). In general, when the router starts, first run the program in the ROM, perform system self-test and boot, run the ISO in the flash, and look for router configuration in NVRAM and loaded into the DRAM.
(2) The key to password recovery is to modify the configuration registration code (see Table 2), allowing the router to start different parameter tables from different memory. The effective password is stored in NVRAM, so the essence of the modification of the password is to make the registration code does not work, so that the direct boot can be started, and the registration code is restored (if forgot to recover, the router is restarted). .
Memory role
The boot program of the ROM storage system, the BIOS similar to the PC is a read-only memory. The system power-down program does not lose flash memory to install Cisco IOS, similar to the hard disk of the PC, is an erasive, programmable ROM, system power-down data does not lose NVRAM storage profile (startup -config) RAM storage Current System Using Configuration Mainly included routing table, ARP cache, fastswitch cache, packet cache, etc., also included being executed Profile, system power-down this memory data will lose table 2CISCO series router configuration login code
Configuration Register Value Meaning
0x2102 default setting
Bit13 = 0x2000flash guides fails 5 times, automatically boot from ROM
Bit8 = 0x0100 Close the Break button
Boot Field = 0x20x2101 Guide normal operating mode from Flash
Bit13 = 0x2000flash guides fails 5 times, automatically boot from ROM
Bit8 = 0x0100 Close the Break button
Boot Field = 0x10x142 Enter Boot ROM Operation Mode Router (Boot)>
Bit8 = 0x0040 Enter Boot Monitor Runtime> or Rommon>
Boot Field = 0x2 Guide normal mode of operation from Flash
2 Preparation
The vendor reserved a console (console) when designing router products, an important interface for the router configuring, is also the first step of password recovery: using DB25 transfers and cross wires, the terminal or PC with a super terminal software is connected to the console port of the router. The terminal parameter is set as follows: Speed: 9 600 bps; Data Bits: 8; Parity Location: None; Stop Bit: 1; Flow Control: None. As shown in Figure 1.
3800 Series Router (Take 801 as an Example) Specific Operation Method
(1) Press the interrupt key Ctrl Break in the start-up 60 S, if Break is blocked, the method that can be turned on can enable the device to enter the ROM Monitor status, and the prompt symbol is ">".
(2) Enter the set command in the ROM Monitor: Make a current IOS-CONF value, here is 0x2102.
Boot # set
......
Set proMpt = "boot"
Set ios-conf = 0x2102
(3) Enter SET IOS-CONF 142 as follows: boot # set iOS-Conf 142.
(4) Enter the boot boot system, if the device requires initialization configuration during the restart, the "NO" is repressed, as shown below:
Boot # boot
......
8kBytes of Non -Volatile Configuration
Memory
8MBYTES OF FLASH On Board (4M from Flash Card)
--System configuration dialog -
WOULD you like to enter the initial configuration dialog? [YES / NO]: N
Press Reture To Get Started! (Press Enter)
(5) Enter Enter, Enable, return to the car, enter the Enable status, the command sequence is as follows:
Router> EN
Router #
(6) Enter the Config Mem to transfer the original configuration file, and enter the configuration mode (note: Do not confrge), the command sequence is as follows:
Router # conf MEM
801 (config) #
(7) Restore the original configuration register value and activate all ports:
801 # Configure Terminal
801 (config) # configregister0x2102
801 (config) #interface xx
801 (config) #NO Shutdow
(8) query and record the lost password:
801 # Show configuration (show startupconfig)
(9) Modify the password:
801 # Configure Terminal
801 (config) Line Console 0
801 (ConfigLine) #login
801 (ConfigLine) #password xxxxxxxxx
801 (ConfigLine) #
801 (CONFIGTLINE) #Write Memory (Copy Running-Config Startupconfig)
4CISCO2500 Series Router (Take 2509 as an Example) Specific Operation Method
(1) Press the interrupt key Ctrl Break in the start-up 60 S, and if Break is blocked, the device can use the loop boot, enters the ROM Monitor status.
(2) Enter the O command in the ROM Monitor:
> O
Configuration register = 0x2102
AT Last Boot
......
Make a record of the current Configuration Register value, here is 0x2102, usually 0x2102 or 0x102. If you cannot get the prompt with a command, you can view a similar router to get the value of the configuration register or try using 0x2102.
(3) Enter "> O / R 0x0142", update the Configuration Register value, and make the router to start the configuration file directly, so that the original password does not work, the specific operation is as follows:> O / R 0x0142
(4) Restart the router:
> I
Rommon 2> Reset
(5) In the "Setup" mode, answer "no" for all issues
(6) Enter privilege mode:
Router> enable
(7) Download NVRAM
Router> Configure Memory
(8) Restore the original configuration register value and activate all ports:
2509 # Configure Terminal
2509 (Config) # configregister 0x2102
2509 (config) #interface xx
2509 (Config) #No Shutdown
(9) query and record the lost password:
2509 # Show configuration (show startupconfig)
(10) Modify the password:
2509 # Configure Terminal
2509 (Config) Line Console 0
2509 (ConfigLine) #login
2509 (ConfigLine) #password xxxxxxx
2509 (ConfigLine) #
2509 (CONFIGLINE) #Write Memory (CopyRunning-ConfigStartupconfig)
5CISCO2600 Series Router (Take 2611 as an Example) Specific Operation Method
(1) Connect the port and computer serial port of the router, start the computer hyper terminal, turn on the router power, press the router to enter the status, prompt: rommon1>
(2) Enter: conf REG 0x42 in Rommon, as shown below:
ROMMON 1> conf 0x42
(3) Enter the reset, the command is as follows:
Rommon 2> Reset
(4) Answer "NO" when prompted to enter the conversation configuration (if you enter "Yes", immediately press Ctrl C to exit, "press Return TO GET STARTED!" Press Enter to enter the ROM mode Router>.
(5) Type the enable command to enter the Exec status, type the Router # show config View the original router configuration and undated code password, it is recommended to make a text backup file immediately to transfer the original router to the original router.
(6) Download NVRAM, load the parameter table in the NVRAM mode into memory:
Router # Configuration Memory
(7) Changed, be sure to write to NVRAM, otherwise the router original configuration will be lost and the password is invalid:
Router # write memory
(8) Restore the registration code to step 3, generally 0x2102 (ie, start from flash, and block interrupt), and activate all ports (all ports automatically shutdown):
Router # configregister 0x2102
ROUTER? (Config) #interface xx
Router (config i) #no shutdownrouter (config) # Ctrl-z
(9) Restart the router: Router # reload.
63600 Series Router (Take 3640 as an Example) Specific Operation Method
3640 The password recovery and 26 series are basically similar, all enter the monitoring mode, run the conf reg command, and ignore the configuration file when starting, and start directly. This method also applies to 4500, 7500, 12000 series routers.
Several methods of 7CI series routers into the ROM status
The method for the various routers of Cisco enters the ROM state, but generally can enter the ROM state by the following three methods, and can be trial, respectively, during use.
(1) If Break is not blocked, you can press the CTRL BREAK button to interrupt the startup process in the boot 60 S, enter the ROM state.
(2) If the Break button is shielded, the ROM state can be entered through the method of looping, the method is: After the router is turned on, turn the power supply to the power supply, and the interval is 5 s, and the ROM state will generally enter the ROM state. This method applies to 7500, 12000 routers.
(3) Set the Super Terminal Communication Potivity to 1200, data bit 8, parity bit 1, and stop bit. Turn on the router power, after startup, turn it back after 5 S, and press and hold the space button 12 S and then re-change the hyper terminal bit default, the communication baud rate is set to 9600, data bit 8, parity 1, stop bit 1. After reconnection, you can see the ROM state from the terminal. Note: When the baud rate is 1200, there is no content display on the terminal. This method is applicable to a series of routers such as 2500, 2600, 4500.
8 concluded
As a 3-storey device, the router is a network device with high technical content, involving various agreements, widely technical. Proficiency in various routers, timely handling various bursts, and has important significance for the normal operation of the maintenance network. This article only provides only a password recovery method in the Cisco series router, but similar issues in solving the Cisco series routers, the specific operation is similar.
