各路由器密碼找回方法

1、各路由器密碼找回方法適用于所有的2000系列、2500系列、3000系列，以680x0為基準(zhǔn)的4000系列，在ROM中運行10.0或更高版本的IOS以后的7000系列，在ROM中運行9.1或更高版本的軟件的IGS系列。這里假定您的路由器的名字為 “router”。 -1、將一臺終端或?qū)C以終端仿真的方式連到路由器的CONSOLE口上。2、啟動路由器到 “router”狀態(tài)下，鍵入 “show version”命令，此時記錄下該命令的輸出信息中的configration register的值（改值通常在該命令輸出的最后一行），這個值通常應(yīng)為0x2102或0x102。例如：configratio

2、n register is 0x2102。3、將路由器的電源關(guān)掉，然后又重新開啟。4、在路由器啟動后的60秒內(nèi)請在終端上鍵入中斷鍵（Break鍵或Ctrl_C鍵），您會看到一個前面沒有路由器名字的大于號）提示符。如果沒有出現(xiàn)，說明您沒有給出正確的Break信號，在這種情況下，請您檢查終端仿真的設(shè)置。5、在號提示符下鍵入 “o/r0x42”以便從Flash啟動，注意第一個字母 “o”不是十進(jìn)制數(shù) “0”6、在號提示符下鍵入 “i”，路由器便會忽視存儲的配置文件進(jìn)行重新啟動。7、路由器啟動后，對所有的setup的問題回答 “no”。8、在router 提示符下鍵入 “enable”，您就不需要口令

3、就進(jìn)入到enable模式，并且看到router# 提示符。9、有兩種方法可以改變enable口令：a. 刪除所有的配置，鍵入 “write erase”。b. 不刪除所有的配置，只刪除enable的口令.在router# 提示符下鍵入 “config mem”。.在router# 提示符下鍵入 “write term”。.在router# 提示符下鍵入 “config term”，出現(xiàn)提示符router（config）#。.在router（config）#提示符下鍵入 “enable secret xxxxxx”，其中 “xxxxxx”為您想所設(shè)定的口令。.鍵入 “Ctrl_z”或 “exit

4、”，退出到router# 狀態(tài)下。.在router# 提示符下鍵入 “write mem”。10、在router# 提示符下鍵入 “config term，進(jìn)入到router（config）# 提示符下。11、在route（config）# 提示符下鍵入 “config-register 0x2102”，或者您在第二步所記錄下來的值。12、在router（config）# 提示符下鍵入 “Ctrl_z”或 “exit”，退出到router# 狀態(tài)下。13、在router# 提示符下鍵入 “write mem”（這一步也可省略）。14、在router# 提示符下鍵入 “reload”。15、在問

5、您是否確認(rèn)重新啟動，鍵入回車鍵即可。Cisco 2500系列的口令恢復(fù)Cisco的系列訪問服務(wù)器（Access Server）由于其穩(wěn)定的性能在人民銀行金融網(wǎng)絡(luò)中使用十分普遍。由于網(wǎng)絡(luò)設(shè)備相對而言價格昂貴，使得一般人很少有機會像操作PC一樣，可以經(jīng)常使用和練習(xí)，因此當(dāng)出現(xiàn)一些問題時很難解決。下面是一個Cisco 2509訪問服務(wù)器口令丟失，導(dǎo)致無法進(jìn)行參數(shù)恢復(fù)處理的例子。本文通過剖析Cisco 2500系列訪問服務(wù)器的內(nèi)存模式、配置管理，并以Cisco 2509為例給出口令恢復(fù)的方法。 1.口令類別Cisco路由器包含以下幾種類別的口令： 有效密碼口令（enabled secret passw

6、ord）：是一種安全級別最高的加密口令，適用于CiscoIOS10.3(2)以后的版本，在路由器的配置表中以密碼的形式出現(xiàn)。 有效口令（enabled password）：安全級別次高的非加密口令。當(dāng)有效密碼口令沒設(shè)置時，使用該口令。 終端口令（console password）：用于防止非法或未授權(quán)用戶修改路由器配置，在用戶通過主控終端對路由器進(jìn)行設(shè)置時，使用該口令。2.口令恢復(fù)原理Cisco路由器保存了幾種不同的配置參數(shù)，并存放在不同的內(nèi)存模塊中，介紹如下：內(nèi)部內(nèi)存種類Cisco2500系列路由器有幾種類別的內(nèi)存：ROM、閃存（flash memory）、不可變RAM（NVRAM）、RAM

7、和包共享內(nèi)存等五種。作用如下： 內(nèi)存類別 作用 ROM 存放系統(tǒng)的引導(dǎo)程序 閃存 存放Cisco IOS的鏡像 NVRAM 存放配置文件（即startup-config） RAM 存放當(dāng)前系統(tǒng)使用配置 包共享內(nèi)存 進(jìn)出包緩沖區(qū) 配置文件及相關(guān)存放內(nèi)存操作環(huán)境（PA3）及對應(yīng)的配置登記碼路由器的正常啟動，應(yīng)依次引導(dǎo)以下程序：口令恢復(fù)的關(guān)鍵在于對配置登記碼進(jìn)行修改，從而讓路由器從不同的內(nèi)存中調(diào)用不同的參數(shù)表進(jìn)行啟動。有效口令存放在NVRAM中，因此修改口令的實質(zhì)是將登記碼進(jìn)行修改，從而讓路由器跳過NVRAM中的配置表，直接進(jìn)入ROM模式，然后對有效口令和終端口令進(jìn)行修改或者重新設(shè)置有效加密口令（因

8、為有效加密口令為加密亂碼，無法進(jìn)行恢復(fù)，只可以改寫），完成后再將登記碼恢復(fù)。3.口令恢復(fù)步驟將Cisco2509的主控口連接到PC機的串口上（如COM 1）； 啟動Win95/98的超級終端，并配置為9600波特率、8個數(shù)據(jù)位、無奇偶校驗、2位停止位； 用show version命令查看登記碼； 如果中斷屏蔽（即登記碼的第4位為1），則重啟路由器，并在開機后60秒內(nèi)按Break鍵；如果中斷未屏蔽，則發(fā)送中斷； 執(zhí)行以下命令，將登記碼設(shè)置為0x042，使路由器跳過NVRAM模式，從ROM模式啟動；o/r 0x042 進(jìn)行初始化；i 路由器重啟，并將登記碼設(shè)為0x142； 當(dāng)提示是否進(jìn)入對話配置時

9、，回答“否”，出現(xiàn)；Press RETURN to get started! 按回車，進(jìn)入ROM模式：Router 鍵入enable命令進(jìn)入EXEC狀態(tài)，并鍵入命令configure memory，將NVRAM模式中的參數(shù)表裝入內(nèi)存； 鍵入configureter minal命令進(jìn)行配置；從配置表中找出忘記的有效口令（或改寫），并重新改寫有效密碼口令；Router configure terminal 將登記碼還原為0x2102（即從閃存正常啟動，并屏蔽中斷）。 i=s 本帖最后由 xuexiaoning 于 2008-12-23 15:37 編輯 Cisco路由器口令的恢復(fù)(1020)Des

10、criptionThis document describes how to recover a password on a Cisco 1020 router. Since the Cisco 1020 router is often not physically secured, to perform a password recovery you must call Cisco Systems or your distribution channel and provide a Cisco 1020 router generated challenge. Using the overri

11、de program, the support representative can provide a one-time password you can use to enter enable mode. Notes: Overrides can be done only from the console. Press Return at the password prompt if the enable password is not set. Step-by-Step Procedure1.From the console, log in to the Cisco 1020 route

12、r with username enable and password override. The 1020 prints a challenge.2.Provide the support representative with the challenge. The challenge is used to provide the response. 3.On the 1020 console, log in with username enable and use the response as the password. Youre now in enable mode. 4.Type

13、wr t to see the existing password or type conf t to change the password.Cisco路由器口令的恢復(fù)(7000)DescriptionThis document describes the password recovery procedure for the Cisco 7000.Step-by-Step ProcedureUse the show version command to determine if the processor in your router is an RP or an RSP7000. If

14、the processor is an RP, use the password recovery procedure for the Cisco 2500. If the processor is an RSP7000, use the password recovery procedure for the Cisco 1600.Sample Output of a show version Command on a 7000 With an RP Module Router#sh versCisco Internetwork Operating System Software IOS (t

15、m) 7000 Software (C7000-JS-M), Version 11.2(21), RELEASE SOFTWARE (fc1)Copyright (c) 1986-1999 by cisco Systems, Inc.Compiled Wed 15-Dec-99 23:44 by ccaiImage text-base: 0x00001000, data-base: 0x008F86E8ROM: System Bootstrap, Version 11.2(3), SOFTWAREROM: 7000 Software (C7000-AJSV-M), Version 11.2(3

16、), RELEASE SOFTWARE (fc2)Router uptime is 1 hour, 38 minutesSystem restarted by power-on at 15:19:36 MEST Tue Apr 25 2000System image file is c7000-js-mz_112-21.bin, booted via tftp from 50cisco RP1 (68040) processor (revision C0) with 65536K bytes of memory.Processor board ID 0025A50AG.

17、703/E1 software, Version 1.0.SuperLAT software copyright 1990 by Meridian Technology Corp).Bridging software.X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.TN3270 Emulation software.1 Switch Processor1 EIP controller (6 Ethernet).1 TRIP controller (4 Token Ring).1 AIP controller (1 ATM).6

18、 Ethernet/IEEE 802.3 interface(s)4 Token Ring/IEEE 802.5 interface(s)1 ATM network interface(s)128K bytes of non-volatile configuration memory.4096K bytes of flash memory sized on embedded flash.Configuration register is 0x2102Sample Output of a show version Command on a 7000 With an RSP7000 Module

19、Router#sh versCisco Internetwork Operating System SoftwareIOS (tm) RSP Software (RSP-DSV-M), Version 12.0(8.0.1)T,MAINTENANCEINTERIM SOFTWARECopyright (c) 1986-1999 by cisco Systems, Inc.Compiled Sat 13-Nov-99 13:54 by ccaiImage text-base: 0x60010908, data-base: 0x61090000 ROM: System Bootstrap, Ver

20、sion 5.3(9) mkamson 9, RELEASE SOFTWARE (fc2)BOOTFLASH: RSP Software (RSP-BOOT-M), Version 12.0(3), RELEASE SOFTWARE(fc1)Router uptime is 5 days, 10 minutesSystem returned to ROM by reload at 14:17:10 MEST Tue Apr 18 2000System image file is cisco RSP7000 (R4700) processor with 65536K/2072K bytes of

21、 memory.R4700 CPU at 100Mhz, Implementation 33, Rev 1.0Last reset from power-onG.703/E1 software, Version 1.0.G.703/JT2 software, Version 1.0.X.25 software, Version 3.0.0.Bridging software.1 EIP controller (4 Ethernet).1 FSIP controller (8 Serial).4 Ethernet/IEEE 802.3 interface(s)8 Serial network i

22、nterface(s)125K bytes of non-volatile configuration memory.16384K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).8192K bytes of Flash internal SIMM (Sector size 256K).Configuration register is 0x2102 Cisco路由器口令的恢復(fù)(cs500)DescriptionThis document describes how to recover a password on a Cisco

23、 cs500 communication server.The Cisco cs500 does not have a console port so to recover a password you must erase the configuration then configure the server again. Step-by-Step Procedure1.Unplug the Cisco cs500 server. 2.Press and hold the DEFAULT button on the front of the chassis. 3.Turn on the se

24、rver. The OK and LAN LEDs blink on and off.4.When the OK and LAN LEDs blink off (after about 15 seconds), release the DEFAULT button. The 500-CS enters setup mode in about two to ten minutes. 5.Configure the server. Cisco路由器口令的恢復(fù)(800)DescriptionThis document describes the password recovery procedure

25、 for the Cisco 800. Step-by-Step ProcedureAttach a terminal or PC with terminal emulation to the console port of the router. Use the following terminal settings: 9600 baud rate No parity 8 data bits 1 stop bitThe required console cable specifications are described in Cabling Guide for RJ-45 Console

26、and AUX Ports (Ciscos 1000 series, 2500 series, and AS5100).Type show version and record the setting of the configuration register. Click here to see output of a show version command. The configuration register setting is usually 0x2102 or 0x102.Using the switch, turn off the router and then turn it

27、 on. Press Break on the terminal keyboard within 60 seconds of the powerup to put the router into ROMMON. If the break sequence doesnt work, see Possible Key Combinations for Break Sequence During Password Recovery for other key combinations.Type set ios-conf = 142 at the boot# prompt. If Flash is i

28、ntact, the best setting is 0x42.If the Flash is not installed or is erased, use the 0x41 setting. Note that with this setting you can view or erase the configuration but cannot change the password.Type boot at the boot# prompt to initialize the router. The router reboots but ignores its saved config

29、uration.Type no after each setup question or press Ctrl-C to skip the initial setup procedure. Type enable at the Router prompt. Youll be in enable mode and see the Router# prompt.Important Type config mem or copy start running to copy the nonvolatile RAM (NVRAM) into memory. Do not type config term

30、. Type wr term or show running. The show running and wr term commands show the configuration of the router. In this configuration you see under all the interfaces the shutdown command, which means all interfaces are currently shutdown. Also, you can see the passwords either in encrypted or unencrypt

31、ed format. Type config term and make the changes. The prompt is now hostname(config)#.Type enable secret . Issue the no shutdown command on every interface that is used. If you issue a show ip interface brief command, every interface that you want to use should be up up. Type config-register 0x2102,

32、 or the value you recorded in step 2. Press Ctrl-z to leave the configuration mode. The prompt is now hostname#. 16.Type write mem or copy running startup to commit the changes.Routershow versionCisco Internetwork Operating System SoftwareIOS (tm) C800 Software(C800-Y6-MW), Version 12.1(1), RELEASE

33、SOFTWARE (fc1)Copyright (c) 1986-2000 by cisco Systems, Inc.Compiled Tue 14-Mar-00 16:01 by cmongImage text-base: 0x000EA000, data-base: 0x005D3000 ROM: TinyROM version 1.0(3)Router uptime is 2 days, 3 hours, 8 minutesSystem returned to ROM by power-onSystem image file is flash:c800-y6-mw.121-1Cisco

34、 C801 (MPC850) processor (revision 0) with 51428K bytes of virtual memory.Processor board ID JAD03050229CPU part number 33Bridging software.Basic Rate ISDN software, Version 1.1.1 Ethernet/IEEE 802.3 interface(s)1 ISDN Basic Rate interface(s)12M bytes of physical memory (DRAM)8K bytes of non-volatil

35、e configuration memory8M bytes of flash on board (4M from flash card)Configuration register is 0x2102!- The router was just powercycled and during bootup a break sequence was sent to the router.TinyROM version 1.0(3)Fri Apr 30 18:22:12 1999Copyright (c) 1998-1999 by cisco Systems, Inc.All rights res

36、erved.POST . OK. 12MB DRAM, 8MB Flash.boot# set ios-conf = 142boot# bootBooting c800-y6-mw.121-1 .,Restricted Rights LegendUse, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR

37、 sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.cisco Systems, Inc.170 West Tasman DriveSan Jose, California 95134-1706Cisco Internetwork Operating System SoftwareIOS (tm) C800 Software (C800-Y6-MW), Version12.1(1),

38、RELEASE SOFTWARE (fc1)Copyright (c) 1986-2000 by cisco Systems, Inc.Compiled Tue 14-Mar-00 16:01 by cmongImage text-base: 0x000EA000, data-base: 0x005D3000Cisco C801 (MPC850) processor (revision 0) with 51428K bytes of virtual memory.Processor board ID JAD03050229CPU part number 33Bridging software.

39、Basic Rate ISDN software, Version 1.1.1 Ethernet/IEEE 802.3 interface(s)1 ISDN Basic Rate interface(s)12M bytes of physical memory (DRAM)8K bytes of non-volatile configuration memory8M bytes of flash on board (4M from flash card)- System Configuration Dialog -Would you like to enter the initial conf

40、iguration dialog? yes/no: nPress RETURN to get started! (press Enter)00:01:45: %SYS-5-RESTART: System restarted -Cisco Internetwork Operating System SoftwareIOS (tm) C800 Software (C800-Y6-MW), Version 12.1(1), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2000 by cisco Systems, Inc.Compiled Tue 14-Mar-0

41、0 16:01 cmong00:01:45: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down 00:01:45: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 00:01:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state to down 00:01:46: %LINEPROTO-5-UPDOWN: L

42、ine protocol on Interface Ethernet0, changed state to down RouterenRouter#copy start runDestination filename running-config? (press Enter)2010 bytes copied in 32.120 secs (62 bytes/sec)Router#Router#00:02:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down00:02:53: %LIN

43、EPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to downRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#enable secret ciscoRouter(config)#00:03:39: %SYS-5-CONFIG_I: Configured from console by console Router#sh ip int brief Interface IP-Address

44、 OK? Method Status ProtocolBRI0 unassigned YES TFTP administratively downdownBRI0:1 unassigned YES unset administratively downdownBRI0:2 unassigned YES unset administratively downdownDialer0 unassigned YES TFTP up up Dialer1 YES TFTP up upEthernet0 5 YES TFTP administratively

45、 downdownRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#int e 0Router(config-if)#no shutRouter(config-if)#00:04:02: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up00:04:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to u

46、pRouter(config)#config-reg 0x2102Router(config)#ZRouter#00:04:36: %SYS-5-CONFIG_I: Configured from console by consoleRouter#write mem Cisco路由器口令的恢復(fù)(700)This document describes the procedure for performing password recovery on Cisco 750/760 series routers using the NVRAM erase code (750erase.hex or 7

47、60erase.hex). Choose the appropriate Terminal Emulation Package (Windows95 and Windows3.1x instruction are included). Power cycle the router. While it is booting up, press the ESC key a couple of times. This will put the unit into a software load mode. The unit will respond with the following prompt

48、s: Ready to upload new firmware into flash. Baud (1=19.2K, 2=2400, 3=38.4K, 9=9600)? Select the baud rate for the transfer (in this example 9600 is chosen). The unit will respond with the following prompt. Begin ascii upload at 8n1/9600 baud. Start the ascii file transfer of the image, 750erase.hex

49、for the 750 series or 760erase.hex for the 760 series. These files are not interchangeable. This file must be treated as a text file for loading into the unit via the console port. At 9600, the transfer takes approximately 12 minutes. While the transfer is occuring, the LINE LED will be flashing rapidly. When the transfer is complete the unit will respond with the following prompts and then reboot itself: Firmware transfer successful.Now writing firmware into FLASH, standby .Firmware upload complete.Erase Version of 750/760 firmware This will erase all configure