h3c series ethernet switches - login password recovery

Login Password Recovery H3C Series Ethernet Switches Table of Contents

i

Table of Contents

Chapter 1 Login Password Overview.......................................................................................... 1-1 1.1 Console Port Login Password ........................................................................................... 1-1 1.2 Telnet Login Password ...................................................................................................... 1-2

Chapter 2 Login Password Recovery.......................................................................................... 2-1 2.1 Console Port Login Password Recovery ........................................................................... 2-1 2.2 Telnet Login Password Recovery...................................................................................... 2-4

Login Password Recovery H3C Series Ethernet Switches Chapter 1 Login Password Overview

1-1

Chapter 1 Login Password Overview

Note:

The login password recovery methods introduced in this chapter are applicable to the following H3C series switches:

S3100 S3100-52P S3600 S3610 S5100 S5500 S5510 S5600

For password recovery methods of other models of H3C switches, refer to their installation manuals or contact H3C agents.

1.1 Console Port Login Password

To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods. After connecting the serial port of a PC to the Console port of a Switch using a configuration cable, you can configure and manage the switch on the PC through a terminal emulator. Normally, you can only log into an H3C Ethernet switch through its Console port.

To prevent unauthorized users from logging into a switch through the Console port, you can set the login password for the Console port.

Following three authentication modes are available for users logging into H3C Ethernet switches through the Console ports.

None Password Scheme

Note:

For information about the authentication modes listed above, refer to the operation manual and command manual of your products.


1-2

With the login password for the Console port configured, the following information appears when a user attempts to log into a switch through the Console port.

**************************************************************************

* Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

**************************************************************************

User interface aux0 is available.

Press ENTER to get started.

Login authentication

Password:

1.2 Telnet Login Password

Telnet is a common way to log into/manage a device. Through Telnet, you can log into/manage any device if the IP address of the device and the Login password for Telnet are available.

You can Telnet to an H3C Ethernet switch. You can also set the login password for Telnet to prevent unauthorized users from logging into an H3C Ethernet switch.

Following three authentication modes are available for users logging into H3C Ethernet switches through Telnet.

None Password Scheme

Note:

For information about the authentication modes listed above, refer to the operation manual and command manual of your products.

With the login password for Telnet configured, the following information appears when a user attempts to log into a switch through Telnet.

**************************************************************************


1-3

* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*



**************************************************************************

Login authentication

Password:

Login Password Recovery H3C Series Ethernet Switches Chapter 2 Login Password Recovery

2-1

Chapter 2 Login Password Recovery

2.1 Console Port Login Password Recovery

If the login password for the Console port gets lost, you can fetch it by selecting the Skip current configuration file item form the BOOT menu, as described below.

1) Connect the serial port of the PC to the Console port of the switch using a configuration cable, configure the terminal emulator according to the current configuration, and then restart the switch.

2) When the following information appears, press <Ctrl + B> to enter the BOOT menu.

Board checking.......................................LSA1LTSG

SDRAM fast selftest.......................................OK!

Flash fast selftest.......................................OK!

CPLD selftest.............................................OK!

Switch chip selftest......................................OK!

Slot 1/1/1 has no module or get slot type error




PHY selftest..............................................OK!

Please check port leds..............................finished!

The switch Mac is: 000f-e200-3900

Press Ctrl-B to enter Boot Menu... 5

password:

Note:

By default, entering the BOOT menu requires no password. If the system prompts for the password and the password gets lost, contact the dealer.

3) Press 7 in the BOOT menu to select the Skip current configuration file item. BOOT MENU

1. Download application file to flash


2-2

2. Select application file to boot

3. Display all files in flash

4. Delete file from flash

5. Modify bootrom password

6. Enter bootrom upgrade menu

7. Skip current configuration file

8. Set bootrom password recovery

9. Set switch startup mode

0. Reboot

Enter your choice(0-9): 7

The current setting is running configuration file when reboot.

Are you sure to skip current configuration file when reboot? Yes or No(Y/N)

y

Setting......done!

4) After returning to the BOOT menu, press 0 to restart the switch. BOOT MENU










0. Reboot


^@System rebooting...

5) After the switch the second time, the configuration file as well as the login password for the Console port will be skipped, and you can log into the switch without providing the password.

**************************************************************************

* Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*



**************************************************************************

Configuration file is skipped.


2-3

User interface aux0 is available.

Press ENTER to get started.

<H3C>

6) After logging into the switch, you can check the content of the configuration file by using the display startup command and use the more command to fetch the login password for the Console port in the configuration file.

<H3C> display startup

Current startup saved-configuration file: NULL

Next startup saved-configuration file: flash:/vrpcfg.cfg

<H3C> more vrpcfg.cfg

……

#

user-interface aux 0

authentication-mode password

set authentication password simple test

user-interface vty 0 4

authentication-mode none

user privilege level 3

idle-timeout 0 0

#

return

<H3C>

Note:

If the password is set in plain text, it is displayed as is in the configuration file. If the password is set in cipher text, you need to convert it to the plain text form.

7) You can also transfer the configuration file to a PC using FTP or TFTP, change the authentication password or the authentication mode setting of the configuration file to None in a text editor (such as wordpad or notepad in Windows series operating systems), save the configuration file, and then upload the configuration file to the switch. When the switch reboots, the modified configuration file will be used. You can set a new password for the Console port without affecting other configurations.


2-4

Note:

The above mentioned method takes effect if the Password mode or the Scheme mode is set to local. If the Scheme mode is set to Radius, the password is set on the Radius server. In this case, a user cannot log into a switch if the login password gets lost or the Radius server is unavailable. You can solve this problem by changing the Authentication mode setting in the configuration file to None (as described above). But for the password, you need to fetch it on the Radius server.

8) Note that if you perform the operation described in step 3, that is, select the Skip current configuration file item in the BOOT menu and press y, the setting will be stored in the BootROM, which means the configuration file will be skipped when the device starts the next time. To validate the configuration file again, you need to restart the device manually, select the Skip current configuration file item in the BOOT menu, and then press n when prompted by the message Are you sure to skip current configuration file when reboot? Yes or No(Y/N), as shown below.

BOOT MENU










0. Reboot


The current setting is running configuration file when reboot.

Are you sure to skip current configuration file when reboot? Yes or No(Y/N)

n

Setting......done!

2.2 Telnet Login Password Recovery

If the login password for Telnet gets lost, you can log into the switch through the Console port and then check or modify the password, as described below.

1) Connect the serial port of the PC to the Console port of the switch using a configuration cable, configure the terminal emulator according to the current configuration, and then log into the switch through the Console port.


2-5

2) Check the configuration file for the user interface authentication setting by using the display current-configuration command.

<H3C> display current-configuration | begin user-interface

user-interface aux 0

set authentication password simple test

user-interface vty 0 4

user privilege level 3

set authentication password simple h3c

idle-timeout 0 0

#

Note:

| begin user-interface in the display current-configuration command specifies a regular expression. It displays the content of the configuration file from the first line beginning with the string user-interface, it helps to locate the user interface-related settings in the configuration file quickly. Refer to the corresponding operation manual for information about the use of regular expression.

If the configuration file does not contain the Authentication-mode setting, the current authentication mode of user interface is password, the default.

3) Modify the authentication mode and the password through CLI.

In the above example, the output information of the display current-configuration command indicates that the authentication mode is password, the password is h3c.

To use the existing password for logging in, you can terminate the current session, log in through Telnet, and enter h3c when the system prompts for the password.

To use another password, you can execute the set authentication password command in user view, as shown below.

<H3C> system-view

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] set authentication password simple new

To change the Telnet authentication mode, you can execute the authentication-mode command in user view. The following changes the Telnet authentication mode to none.

<H3C> system-view

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode none

After the above configuration, the new settings take effect when a user logs in through Telnet.


2-6

Note:

Save your modifications timely using the save command to make sure they can take effect when the switch starts the next time.

h3c series ethernet switches - login password recovery

Documents