思科WS-C2960X序列交换机恢复密码

思科WS-C2960X序列交换机恢复密码

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_7_e/b_1527e_consolidated_2960x_cg.pdf

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_7_e/b_1527e_consolidated_2960x_cg/controlling_switch_access_with_passwords_and_privilege_levels.pdf

1-21052120040W19.pdf

Password Recovery
By default, any end user with physical access to the switch can recover from a lost password by interrupting the boot process while the switch is powering on and then by entering a new password.
The password-recovery disable feature protects access to the switch password by disabling part of this functionality. When this feature is enabled, the end user can interrupt the boot process only by agreeing to set the system back to the default configuration. With password recovery disabled, you can still interrupt the boot process and change the password, but the configuration file (config.text) and the VLAN database file (vlan.dat) are deleted.
密码恢复
缺省情况下，任何物理访问交换机的最终用户都可以通过在交换机上电时中断启动过程，然后输入新密码来恢复丢失的密码。
密码恢复禁用特性通过禁用部分功能来保护对交换机密码的访问。当启用此特性时，最终用户只能通过同意将系统设置为默认配置来中断引导过程。禁用密码恢复功能后，仍然可以中断启动过程并修改密码，但配置文件(config.text)和VLAN数据库文件(VLAN .dat)将被删除。

If you disable password recovery, we recommend that you keep a backup copy of the configuration file on a secure server in case the end user interrupts the boot process and sets the system back to default values. Do not keep a backup copy of the configuration file on the switch. If the switch is operating in VTP transparent mode, we recommend that you also keep a backup copy of the VLAN database file on a secure server. When the switch is returned to the default system configuration, you can download the saved files to the switch by using the Xmodem protocol.
To re-enable password recovery, use the service password-recovery global configuration command.
如果您禁用了密码恢复，我们建议您在一个安全的服务器上保留配置文件的备份副本，以防最终用户中断启动过程并将系统设置为默认值。请勿在交换机上保留配置文件的备份。如果交换机运行在VTP透明模式下，建议您也在安全服务器上备份VLAN数据库文件。当交换机恢复到系统默认配置时，可以通过Xmodem协议将保存的文件下载到交换机。
如果需要重新启用密码恢复功能，请使用service password-recovery global configuration命令。

Switch#
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#
Switch(config)#

Switch#
Switch#
Switch#show flash
Directory of flash:/
    2  -rwx         314  Aug 29 2018 06:39:08 +00:00  express_setup.debug
    3  -rwx         736  Aug 29 2018 06:32:33 +00:00  vlan.dat.renamed
    4  -rwx        1915  Aug 29 2018 05:19:21 +00:00  private-config.text.renamed
    5  -rwx        4850  Aug 29 2018 05:19:21 +00:00  config.text.renamed
    6  drwx         512  Aug 19 2017 19:00:52 +00:00  c2960x-universalk9-mz.152-2.E6
  671  drwx         512  Aug 19 2017 19:00:53 +00:00  dc_profile_dir
  673  -rwx        1048  Aug 29 2018 06:47:42 +00:00  multiple-fs

122185728 bytes total (95043072 bytes free)
Switch#
Switch#

Switch#copy flash:config.text.renamed running-config
Destination filename [running-config]?
4850 bytes copied in 0.356 secs (13624 bytes/sec)
switch#
switch#

switch#show config
startup-config is not present
switch#show run
Building configuration...

Current configuration : 4783 bytes
!
! Last configuration change at 08:56:06 CST Thu Aug 30 2018
!
version 15.2
!
省略余下配置。


switch(config)#line vty 0 4
switch(config-line)#exec-timeout 60 0
switch(config-line)#privilege level 15
switch(config-line)#length ?
  <0-512>  Number of lines on screen (0 for no pausing)
switch(config-line)#length 0
switch(config-line)#


line vty 0 4
 exec-timeout 60 0
 privilege level 15
 password 7 9903434F4D09
 length 0
line vty 5 15
!

switch#show flash
Directory of flash:/
    2  -rwx         470  Aug 29 2018 14:39:08 +08:00  express_setup.debug
    3  -rwx         736  Aug 29 2018 14:32:33 +08:00  vlan.dat.renamed
    4  -rwx        1915  Aug 29 2018 13:19:21 +08:00  private-config.text.renamed
  674  -rwx        1048  Aug 30 2018 08:52:46 +08:00  multiple-fs
    5  -rwx        4850  Aug 29 2018 13:19:21 +08:00  config.text.renamed
    6  drwx         512  Aug 20 2017 03:00:52 +08:00  c2960x-universalk9-mz.152-2.E6
  671  drwx         512  Aug 20 2017 03:00:53 +08:00  dc_profile_dir
  673  -rwx         736  Aug 30 2018 08:56:06 +08:00  vlan.dat
122185728 bytes total (95041536 bytes free)
switch#

switch#write
Building configuration...
[OK]
switch#


switch#show flash
Directory of flash:/
    2  -rwx         470  Aug 29 2018 14:39:08 +08:00  express_setup.debug
    3  -rwx         736  Aug 29 2018 14:32:33 +08:00  vlan.dat.renamed
    4  -rwx        1915  Aug 29 2018 13:19:21 +08:00  private-config.text.renamed
    5  -rwx        4850  Aug 29 2018 13:19:21 +08:00  config.text.renamed
    6  drwx         512  Aug 20 2017 03:00:52 +08:00  c2960x-universalk9-mz.152-2.E6
  671  drwx         512  Aug 20 2017 03:00:53 +08:00  dc_profile_dir
  673  -rwx         736  Aug 30 2018 08:56:06 +08:00  vlan.dat
  675  -rwx        4906  Aug 30 2018 09:14:57 +08:00  config.text
  676  -rwx           5  Aug 30 2018 09:14:57 +08:00  private-config.text
  677  -rwx        2072  Aug 30 2018 09:14:57 +08:00  multiple-fs
122185728 bytes total (95033856 bytes free)
switch#