Cisco3845路由器登陆问题

cisco3845

Cisco3845路由器,一般使用在大中型分支机构中,路由器出厂默认安装了Cisco SDM模块(路由器及安全配置工具),这样,在登陆时就会出现如下提示:

———————————————————————–
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username “cisco”
with the password “cisco”. The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
———————————————————————–
User Access Verification

Username:

使用用户名和密码都为cisco来登陆路由器,然后再添加用户,再使用no username cisco命令将默认用户cisco删除,如果你没有创建用户,而直接将cisco用户删除再保存了配置,下次进入后使用cisco路由器就不能登陆了。

经过查看路由器配置,con和vty口的配置如下:

line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet

发现是在con和vty口上使用了login local认证,这样就会使用cisco sdm来认证,所以,这里只需将login local修改为login,就可以跳过cisco sdm的认证,如下:

enable password 15 cisco
!
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
transport input telnet
line vty 5 15
password cisco
login
transport input telnet

现在进不去路由器,只能通过修改enable密码的方法来进入路由器,再进行以下的修改:

1、将电脑与路由器的console口相连,启动路由器,按下[ctrl]+[break],如下,出现rommon命令提示符:

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.

System Bootstrap, Version 12.4(13r)T11, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2008 by cisco Systems, Inc.

Total memory size = 256 MB – DIMM0 = 256 MB, DIMM1 = 0 MB
c3845 platform with 262144 Kbytes of main memory
Main memory is configured to 72/0(dimm 0/1) bit mode with ECC enabled
Upgrade ROMMON initialized

monitor: command “boot” aborted d
monitor: command “boot” aborted due to user interrupt
rommon 1 >

2、输入confreg,如下,记录下0x2102,do you wish处选择no

rommon 1 > confreg
Configuration Summary
(Virtual Configuration Register: 0x2102)
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-c3845

do you wish to change the configuration? y/n [n]:

3、通过confreg命令来修改配置寄存器的值,使路由器忽略NVRAM中的启动配置文件。输入confreg 0x2142来修改寄存器值,再输入i重启路同器,如下:

rommon 2 > confreg 0x2142
rommon 3 > i

4、启动后会进入用户exec模式,出现系统配置对话柜时输入no跳过,如下:

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!

5、使用enable命令进入配置模式,再使用sh run命令查看,这时会发现配置全部消失,因为这里是跳过NVRAM来启动路由器的,使用copy命令将NVRAM中的配置文件复制到现在的启动(running-config)配置文件中,

Router>en
Router#copy startup-config running-config

6、接下来对running-config配置文件进行修改,按照上面分析的,修改为:

enable password 15 cisco
!
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
transport input telnet
line vty 5 15
password cisco
login
transport input telnet

这样,下次就可以直接使用cisco密码来进行认证了。

7、接下来做配置的保存工作,首先恢复配置寄存器的值0x2102,再保存配置,这里需使用write memory,完成后重启路由器,就可以使用cisco来登陆了。

Router#copy running-config startup-config
Router#configure terminal
Router(config)#config-register 0x2102
Router(config)#end
Router#write memory
Router#reload

Leave a Reply