IOS Backup & Password Breaking

Technique of Routers & Switches

Chapter 17

powered by DJ 1

Chapter ObjectivesAt the end of this Chapter you will be

able to:Manage system image Configure device configuration filesPerform Disaster RecoveryRecover Cisco IOS from tftpdnld and xmodem commandsBreak password of 2500, 2600, 2800 series Routers and also 1900 & 2950 series switches

powered by DJ 2

The Cisco IOS File System

NOTE: The Cisco IOS File System (IFS) provides a single interface to all the file systems available on a routing device, including the flash memory file system; network file systems such as TFTP, Remote Copy Protocol (RCP), and File Transfer Protocol (FTP); and any other endpoint for reading and writing data, such as NVRAM, or the running configuration.

powered by DJ 3

Commands

Cisco IOS Software Commands IFS Commands

copy tftp running-config copy tftp: system:running-config

copy tftp startup-config copy tftp: nvram:startup-config

show startup-config more nvram:startup-config

erase startup-config erase nvram:

copy running-config startup-configcopy system:running-config nvram:startup-config

copy running-config tftp copy system:running-config tftp:

show running-config more system:running-config

powered by DJ 4

Backing Up Configurations to a TFTP Server

#copy running-config startup-config

Saves the running configuration from DRAM to NVRAM (locally).

#copy running-config tftpCopies the running configuration to the remote TFTP server.

Address or name of remote host[ ]?192.168.119.20

The IP address of the TFTP server.

Destination Filename [Denver-confg]? Enter

The name to use for the file saved on the TFTP server.

!!!!!!!!!!!!!!!Each bang symbol (!) = 1 datagram of data.

624 bytes copied in 7.05 secs

#File has been transferred successfully.

powered by DJ 5

Restoring Configurations from a TFTP Server

#copy tftp running-configCopies the configuration file from the TFTP server to DRAM.

Address or name of remote host[ ]?192.168.119.20

The IP address of the TFTP server.

Source filename [ ]?Denver-confgEnter the name of the file you want to retrieve.

Destination filename [running-config]? RAccessing tftp://192.168.119.20/Denverconfg…Loading Denver-confg from 192.168.119.02(via Fast Ethernet 0/0):[OK-624 bytes]624 bytes copied in 9.45 secs!!!!!!!!!!!!!!

# File has been transferred successfully.powered by DJ 6

Configuration Register & Password Recovery Procedure

router#show versionThe last line of output tells you what the configuration register is set to.

router#configure terminalMoves to global configuration mode.

router(config)#config-register0x2142

Changes the configuration registerto 2142.

powered by DJ 7

Register Value

Bit NumberHexadecimal Meaning

00–030x0000–0x000F Boot field

060x0040 Ignore NVRAM contents

070x0080 OEM bit enabled

080x0100 Break disabled

090x0200

Causes system to use secondary bootstrap (typically not used).

100x0400 IP broadcast with all 0s

5, 11, 120x0020, 0x0800,0x1000

Console line speed

13 0x2000Boots default ROM software if network boot fails.

14 0x4000 IP broadcasts do not have net numbers.

15 0x8000Enables diagnostic messages and ignores NVRAM

powered by DJ 8

Password-Recovery Procedures for Cisco Routers

Step 2500 Series Commands 1700/2600/ISR SeriesCommands

Step 1: Boot the routerand interrupt the bootsequence as soon as textappears on the screen.

Press Ctrl-Break>

Press Ctrl-Breakrommon 1>

Step 2: Change theconfiguration register toignore contents ofNVRAM.

>o/r 0x2142>

rommon 1>confreg0x2142rommon 2>

Step 3: Reload the router >i rommon 2>resetStep 4: Enter privilegedmode. (Do not enter setup mode.)

Router>enableRouter#

Router>enableRouter#

Step 5: Copy the startupconfiguration into therunning configuration.

Router#copy startupconfigrunning-config…<output cut>…#

Router#copy startupconfigrunning-config…<output cut>…#

powered by DJ 9

Conti…Step 6: Change thepassword.

#configureTerminal(config)#enablesecret new(config)#

#configureTerminal(config)#enablesecret new(config)#

Step 7: Reset the configuration register back to its default value.

(config)#configregister0x2102(config)#

(config)#configregister0x2102(config)#

Step 8: Save theconfiguration.

(config)#exit#copy runningconfigstartup-config#

(config)#exit#copy runningconfigstartup-config#

Step 9: Verify theconfiguration register.

#show version…<output cut>…Configuration registeris 0x2142 (will be0x2102 at next reload)#

#show version…<output cut>…Configuration registeris 0x2142 (will be0x2102 at next reload)#

Step 10: Reload the router. #reload #reload

powered by DJ 10

Password Recovery for 2960 Series SwitchesUnplug the power supply from the

back of the switch.Press and hold the Mode button on the front of the switch.Plug the switch back in.Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.Issue the following commands:switch: flash_init Initializes the flash memory.switch: load_helperswitch: dir flash: Do not forget the colon. This displays

which files are in flash memory.switch: rename flash:config.text flash:config.old

You are renaming the configuration file. Theconfig.text file contains the password.

switch: boot Boots the switch.

powered by DJ 11

Conti..When asked whether you want to enter theconfiguration dialog, enter n to exit out to the switch prompt.

Takes you to user mode.

switch>enable Enters privileged mode.switch#rename flash:config.old flash:config.text

Renames the configuration file back to the original name.

Destination filename [config.text] Press Enterswitch#copy flash:config.textsystem:running-config

Copies the configuration file into memory.

768 bytes copied in 0.624 seconds2960Switch# The configuration file is now reloaded.

Notice the new prompt.2960Switch#configure terminal Enters global configuration mode.2960Switch(config)#Proceed to change the passwords as needed2900Switch(config)#exit2900Switch#copy running-config startupconfig

Saves the configuration into NVRAM with new passwords.

powered by DJ 12

THANK YOU

powered by DJ 13