パスワードリカバリの流れ
Cat2960Xとか普通のCatalystと比べるとちょっと面倒です。
① ROMMONモードに入る
② Configを読まないように設定変更
③ bootして、特権モード移行してからConfigを読み込み
④ パスワードを再設定
⑤ 自動起動停止
⑥ write memory → reload
⑦ Configを読み込むように設定変更→boot
⑧ 自動起動停止の解除
普通なら②でファイル名変更したいんですが、Read-onlyだって怒られるんですよ。。。
わかってる人用コマンドメモ
console
■起動時にNVRAMを読まない。(config-register 0x2142相当)
switch: SWITCH_IGNORE_STARTUP_CFG=1
■起動時にNVRAMを読む。(config-register 0x2102相当)
switch: SWITCH_IGNORE_STARTUP_CFG=0
■自動起動停止(再起動時にROMMONで起動する)
Switch(config)#boot manual
■自動起動停止の解除
Switch(config)#no boot manual
検証時の使用機器
show version
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
Base Ethernet MAC Address : 84:b8:02:58:43:80
Motherboard Assembly Number : 73-15127-05
Motherboard Serial Number : FDO19070E28
Model Revision Number : D0
Motherboard Revision Number : A0
Model Number : WS-C3650-24TS
System Serial Number : FDO1907E0JD
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 28 WS-C3650-24TS 03.03.04SE cat3k_caa-universalk9 INSTALL
show flash
-#- --length-- ---------date/time--------- path
2 2097152 Aug 27 2022 15:35:47.0000000000 +00:00 nvram_config
3 79110340 Feb 25 2015 05:46:54.0000000000 +00:00 cat3k_caa-base.SPA.03.03.04SE.pkg
4 6521532 Feb 25 2015 05:46:55.0000000000 +00:00 cat3k_caa-drivers.SPA.03.03.04SE.pkg
5 34530288 Feb 25 2015 05:46:55.0000000000 +00:00 cat3k_caa-infra.SPA.03.03.04SE.pkg
6 34856268 Feb 25 2015 05:46:55.0000000000 +00:00 cat3k_caa-iosd-universalk9.SPA.150-1.EZ4.pkg
7 25172880 Feb 25 2015 05:46:55.0000000000 +00:00 cat3k_caa-platform.SPA.03.03.04SE.pkg
8 77445952 Feb 25 2015 05:46:55.0000000000 +00:00 cat3k_caa-wcm.SPA.10.1.140.0.pkg
9 1247 Feb 25 2015 05:47:07.0000000000 +00:00 packages.conf
10 1276 Aug 27 2022 15:35:41.0000000000 +00:00 vlan.dat
11 9106 Oct 19 2016 04:48:02.0000000000 +00:00 10.35.165.72
1277083648 bytes available (262492160 bytes used)
実際にパスワードリカバリした際の手順
① Rommonモードに入る
・ConsoleポートにConsoleケーブルを挿し、ターミナルを起動
・電源ON→Modeボタン押し続ける
・Consoleに[switch: ]が表示されたらModeボタンを離す。
[Catalyst3650]
Console(成功)
Booting...Initializing RAM +++++++@@@@@@@@...++++++++++++++++++++++++++++++++
Base ethernet MAC Address: 84:b8:02:58:43:80
Interface GE 0 link down***ERROR: PHY link is down
Initializing Flash...
flashfs[7]: 0 files, 1 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 6784000
flashfs[7]: Bytes used: 1024
flashfs[7]: Bytes available: 6782976
flashfs[7]: flashfs fsck took 1 seconds....done Initializing Flash.
The system is not configured to boot automatically. The
following command will finish loading the operating system
software:
boot
switch:
一応失敗パターンも載せておく。
失敗した場合は電源ケーブル抜いてやり直し。
Console(失敗)
Booting...Initializing RAM +++++++@@@@@@@@...++++++++++++++++++++++++++++++++
Base ethernet MAC Address: 84:b8:02:58:43:80
Interface GE 0 link down***ERROR: PHY link is down
Initializing Flash...
flashfs[7]: 0 files, 1 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 6784000
flashfs[7]: Bytes used: 1024
flashfs[7]: Bytes available: 6782976
flashfs[7]: flashfs fsck took 1 seconds....done Initializing Flash.
Getting rest of image ←これが表示されたら失敗
Reading full image into memory....done
Reading full base package into memory...: done = 79110340
Nova Bundle Image
--------------------------------------
Kernel Address : 0x6042d350
Kernel Size : 0x402ecf/4206287
Initramfs Address : 0x60830220
Initramfs Size : 0xdb86a3/14386851
Compression Format: .mzip
~(後略)~
② Configを読まないように設定変更
Console
switch: SWITCH_IGNORE_STARTUP_CFG=1
③ bootして、特権モード移行してからConfigを読み込み
Console [boot]
switch: boot
Getting rest of image
Reading full image into memory....done
Reading full base package into memory...: done = 79110340
Nova Bundle Image
~中略~
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no ←Config読んでないので出る。noで。
Press RETURN to get started!
Console [Config読込]
Switch>enable
Switch#copy startup-config running-config
Destination filename [running-config]? % Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
Failed to generate persistent self-signed certificate.
Secure server will use temporary self-signed certificate.
XXX_Cat3650#
④ パスワードを再設定
Console
XXX_Cat3650#configure terminal
XXX_Cat3650(config)#username admin secret ********
XXX_Cat3650(config)#enable secret ********
⑤ 自動起動停止
Console
XXX_Cat3650(config)#boot manual
⑥ write memory → reload
Console
XXX_Cat3650(config)#end
XXX_Cat3650#write memory
Building configuration...
*Aug 27 15:41:06.357: %SYS-5-CONFIG_I: Configured from console by consoleCompressed configuration from 2398 bytes to 1212 bytes[OK]
XXX_Cat3650#reload
Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]
⑦ Configを読み込むように設定変更→boot
Console
switch: SWITCH_IGNORE_STARTUP_CFG=0
switch: boot
⑧ 自動起動停止の解除
Console
Press RETURN to get started!
XXX_Cat3650>
XXX_Cat3650>enable
XXX_Cat3650#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
XXX_Cat3650(config)#
XXX_Cat3650(config)#no boot manual
XXX_Cat3650(config)#end
XXX_Cat3650#write memory
Building configuration...
*Aug 27 16:47:21.808: %SYS-5-CONFIG_I: Configured from console by consoleCompressed configuration from 2437 bytes to 1239 bytes[OK]
XXX_Cat3650#