Switch password recovery 說明

不管是誰都會有忘記的時候。在交換器上面最怕就是設定帳號密碼忘記無法登入交換器不管是 telnet / console 存取

下列是 HP comware 作業系統 password recovery 的方式

最快速的方式使用Console cable 連線到交換器重開機!!! 開機過程出現下列畫面請按 Ctrl+B，

出現 Password: 時直接按 enter 就好不要輸入任何文字

然後選擇 7 , 避開 startup.cfg 重新開機。然後透過 display 命令先了解一下設定資訊修改一下。

重開就好

過程中會重複開機兩次。

祝各位網路暢行無阻

3) When the following output appears, press Ctrl + B and enter the Boot ROM password as prompted to enter the Boot ROM menu.

Starting......

***********************************************************

* *

* H3C S5500-28C-PWR-EI BOOTROM, Version 509 *

* *

***********************************************************

Creation date : Jan 9 2009, 10:44:09

CPU Clock Speed : 533MHz

BUS Clock Speed : 133MHz

Memory Size : 256MB

Mac Address : 002389294f70

Press Ctrl-B to enter Boot Menu... 1

Password:

By default, the H3C switch does not have a Boot ROM password. If you have lost your Boot ROM password, recover the password as described in Boot ROM Password Recovery.

4) Select 7 in the Boot ROM menu and type y to confirm your operation.

BOOT MENU

1. Download application file to flash

2. Select application file to boot

3. Display all files in flash

4. Delete file from flash

5. Modify bootrom password

6. Enter bootrom upgrade menu

7. Skip current configuration file

8. Set bootrom password recovery

9. Set switch startup mode

0. Reboot

Enter your choice(0-9): 7

The current setting is running configuration file when reboot.

Are you sure to skip current configuration file when reboot? Yes or No(Y/N) y

Setting......done!

5) When you return to the Boot ROM menu, select 0 to restart the switch.

BOOT MENU

1. Download application file to flash

2. Select application file to boot

3. Display all files in flash

4. Delete file from flash

5. Modify bootrom password

6. Enter bootrom upgrade menu

7. Skip current configuration file

8. Set bootrom password recovery

9. Set switch startup mode

0. Reboot

Enter your choice(0-9): 0

^@System rebooting...

6) The switch skips the configuration file at the next startup and allows you to log in without providing the password.

****************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

****************************************************************************

Configuration file is skipped.

User interface aux0 is available.

Press ENTER to get started.

<H3C>

7) At the command line interface (CLI), use the display startup command to view the startup configuration file, and use themore command to view the console login password in the configuration file.

<H3C> display startup

Current startup saved-configuration file: NULL

Next startup saved-configuration file: flash:/startup.cfg

<H3C> more startup.cfg

l If the password authentication method is used, pay attention to the console login password configuration commands, which are gray highlighted.

The password is displayed in plain text:

user-interface aux 0

authentication-mode password

set authentication password simple test

The password is displayed in cipher text:

user-interface aux 0

authentication-mode password

set authentication password cipher .]@USE=B,53Q=^Q`MAF4<1!!

A plain text password is directly displayed in the set authentication password simple command, and you can use or change it. A cipher text password is converted into cipher text characters, and you are recommended to change it.

l If the scheme authentication method is used, pay attention to the local username and password configuration commands, which are gray highlighted. The username is admin in this example.

The password is displayed in plain text:

local-user admin

password simple 123

service-type terminal

The password is displayed in cipher text:

local-user admin

password cipher 7-CZB#/YX]KQ=^Q`MAF4<1!!

service-type terminal

l If the switch has multiple local users, view the configuration of the terminal user configured with the service-type terminal command.

l A plain text password is directly displayed in the password simple command, and you can use or change it. A cipher text password is converted into cipher text characters, and you are recommended to change it.

8) Use the copy command to back up the configuration file. In this example, the backup file is named startup_bak.cfg.

<H3C> copy startup.cfg startup_bak.cfg

Copy flash:/startup.cfg to flash:/startup_bak.cfg?[Y/N]:y

.......

%Copy file flash:/startup.cfg to flash:/startup_bak.cfg...Done.

9) You can use File Transfer Protocol (FTP) or Trivial File Transfer Protocol(TFTP) to transfer the configuration file to your PC, and edit the file in the text editor software such as Windows Notepad and WordPad by using any of the following methods:

l Change the keyword of the authentication-mode command to none.

l Change keyword cipher of the set authentication password command to simple, and type a new password (for thepassword authentication method).

l Change keyword cipher of the password command to simple, and type a new password (for the schemeauthentication method).

The none authentication method is for temporary login only. To ensure device security, change the authentication method as soon as possible.

10) Upload the configuration file to the switch to replace the existing configuration file. Then the switch uses the new configuration file at the next startup, and allows you to log in with the new password. Meanwhile, other configurations are retained.

Telnet Login Password Recovery

l The password recovery method described in this section applies to the password authentication method and local authentication of the scheme authentication method. In RADIUS authentication of the scheme authentication method, login passwords are configured on the RADIUS server. If you fail to log in to the RADIUS server due to password loss or RADIUS server failure, you are recommended to contact the administrator to obtain a new login password.

l If the switch is enabled with the password control function, the telnet login password is not displayed in the configuration file. Disable this function before performing the following operations.

If the telnet login password is lost, you can log in to the console through the console port to display and change the telnet login password.

1) Use a configuration cable to connect the serial port of your PC to the console port of the H3C switch, configure the terminal emulation program, and log in to the console. For the settings of the terminal emulation program, refer to Table 2-1.

2) Use the display current-configuration command to view the telnet authentication configuration.

l If the password authentication method is used, pay attention to the telnet password configuration command, which is gray highlighted.

<H3C> display current-configuration | begin user-interface

user-interface aux 0

set authentication password simple test

user-interface vty 0 4

user privilege level 3

set authentication password simple h3c

idle-timeout 0 0

解決方案原URL轉貼

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_5820X_Series_Switches/Maintenance/Maintenance/H3C_Login_Password_Recovery_Manual(V1.01)/