取消
显示结果 
搜索替代 
您的意思是: 
cancel
6096
查看次数
136
有帮助
8
评论
yinba
Cisco Employee
Cisco Employee
大家一般都会遇到忘记密码的时候也都会破解,但如果设备不巧在VSS模式下? 嘿嘿 如果你还按照之前的解法妥妥死定了!!
Let me show you!
背景资料
在运行模式VSS的Cisco Catalyst 4500系列交换机的密码恢复需要将其转换开关,以独立模式,必须以绕过启动配置来完成。如果不转换开关,您收到此错误信息:

********************* CAUTION ************************
* *
* Switch is booting up in VSS mode but *
* startup-config is being ignored. Autoboot is *
* disabled and now dropping into ROMMON. *
* *
* Please configure the switch for not ignoring *
* startup-config if it is needed to work in VSS Mode *
* OR *
* clear VS_SWITCH_NUMBER rommon variable to boot *
* the switch in standalone mode. *
******************************************************
*Jul 29 12:25:59.403: %RF-5-RF_RELOAD: Self Reload.
Reason: Startup-config ignore not allowed in VSS mode
*Jul 29 12:25:59.568: %SYS-5-RELOAD:
Reload requested by Platform redundancy manager. Reload Reason:
Startup-config ignore not allowed in VSS mode.Please stand by while

密码恢复
先切换到独立模式下,所以要执行密码恢复在两台单独的switch上,步骤:

1.保存运行配置到TFTP服务器或外部文件。

2.reload,break 键进入到ROMMON:



4k_vss#reload



System configuration has been modified. Save? [yes/no]: yes

Building configuration...

Compressed configuration from 1587 bytes to 1061 bytes[OK]

Proceed with reload? [confirm]



*Jul 29 12:20:28.301: %SYS-5-RELOAD:

Reload requested by console. Reload Reason: Reload command.

Please stand by while rebooting the system...

Restarting system.



Type control-C to prevent autobooting.

. .

Autoboot cancelled......... please wait!!!



rommon 1 > [interrupt]



rommon 1 >set

PS1=rommon ! >

RommonVer=15.0(1r)SG1

BOOT=bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin,12;

ConfigReg=0x2102

DiagMonitorAction=Normal

BootedFileName=bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin

VS_SWITCH_NUMBER=1

ConsecPostPassedCnt=7

RET_2_RTS=12:20:28 UTC Mon Jul 29 2013

RET_2_RCALTS=1375100428

rommon 2 >


3.配置交换机,以便忽略启动配置:


rommon 2 >confreg
Configuration Summary :
=> load rom after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n : y
enable "diagnostic mode"? y/n : n
enable "use net in IP bcast address"? y/n :
disable "load rom after netboot fails"? y/n :
enable "use all zero broadcast"? y/n :
enable "break/abort has effect"? y/n :
enable "ignore system config info"? y/n : y
change console baud rate? y/n :
change the boot characteristics? y/n :
Configuration Summary :
=> load rom after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n : y
You must reset or power cycle for new configuration to take effect


4.验证配置寄存器
rommon 3 >set
PS1=rommon ! >
RommonVer=15.0(1r)SG1
BOOT=bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin,12;
DiagMonitorAction=Normal
BootedFileName=bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin
VS_SWITCH_NUMBER=1
ConsecPostPassedCnt=7
RET_2_RTS=12:20:28 UTC Mon Jul 29 2013
RET_2_RCALTS=1375100428
ConfigReg=0x2142
rommon 4 >

5.配置VS_SWITCH_NUMBER = 0,切换到独立模式:
rommon 4 >VS_SWITCH_NUMBER=0
rommon 5 >
rommon 5 >set
PS1=rommon ! >
RommonVer=15.0(1r)SG1
BOOT=bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin,12;
DiagMonitorAction=Normal
BootedFileName=bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin
BootStatus=Failure
ConsecPostPassedCnt=8
ConfigReg=0x2142
RET_2_RTS=12:25:59 UTC Mon Jul 29 2013
RET_2_RCALTS=1375100759
VS_SWITCH_NUMBER=0

6.引导IOS,使交换机忽略启动配置,并创建一个空白的配置:
>rommon 6 >boot bootflash:cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin
loading image
Checking digital signature
flash1:/USER/cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin:
Digitally Signed Release Software with key version A
Rommon reg: 0x00004F80
Reset2Reg: 0x00000F00
Image load status: 0x00000000
#####
Snowtrooper 220 controller 0x04328B30..0x0450A0DF Size:0x0057B4C5 Program Done!
##############
Linux version 2.6.24.4.96.70.k10 (susingh@build-lnx-036)
(gcc version 4.2.1 p7 (Cisco c4.2.1-p7)) #1 SMP Wed Dec 5 03:42:58 PST 2012
Starting System Services
diagsk10-post version 5.1.4.0

7.配置交换机的新密码。改变配置寄存器 ,以避免的启动时再次bypass启动文件:
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#username xxxx password xxxx
Switch(config)#enable secret xxxx
4k_vss(config)#config-register 0x2102
4k_vss(config)#
4k_vss(config)#switch virtual domain 100
4k_vss(config-vs-domain)#switch 1
4k_vss(config-vs-domain)#end
4k_vss#wr
Building configuration...
Compressed configuration from 2988 bytes to 1385 bytes

8.重新建立VSS:

4k_vss#switch convert mode virtual
******************* CAUTION ******************
* No VSL port is configured or all VSL ports *
* are put in shutdown state. *
* This may cause Dual-Active mode of VSS. *
**********************************************
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
Compressed configuration from 3113 bytes to 1424 bytes[OK]
Saving converted configuration to bootflash: ...
Destination filename [startup-config.converted_vs-20130729-130331]?
Please stand by while rebooting the system...

9.重复以上步骤在switch2上。



评论
zhongguo2008
Level 1
Level 1
非常好的提醒,赞一个!
sxsure001
Spotlight
Spotlight
lollollol
magw00001
Level 1
Level 1
学习了VSS密码的恢复,很好的文档
one-time
Level 13
Level 13
感谢楼主分享~
Luke Huang
Cisco Employee
Cisco Employee
谢谢楼主分享
764963038cisco
Level 1
Level 1
点个赞
!!!!!!!!!!!!!!!!!!!!!
bowji
Cisco Employee
Cisco Employee
好东西,赞一个。
linlinwa
Cisco Employee
Cisco Employee
感谢楼主分享~
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接