Cisco 2900XL Catalyst switch password recovery Procedure
Just did the password break for a 2924 (Cisco 2900XL Catalyst switch) switch yesrterday as usual i keep on forgetting it :).
Heres how i did it :
Step 1 .
How to connect to the Switch :
Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch. Use the following terminal settings:
9600 baud rate
No parity
8 data bits
1 stop bit
No flow control
Step 2 .
Unplug the power cable.
Hold down the mode button located on the left side of the front panel, while reconnecting the power cord to the switch. You can release the mode button a second or two after the LED above port 1x is no longer illuminated.
You would get the output below on the Hyperterminal window :
The system has been interrupted prior to initializing the flash file system.
The following commands will initialize the flash file system, and finish loading
the operating system software:
flash_init
load_helper
boot
Step 3 .
Type
flash_init.
Type
load_helper.
Type
dir flash:.
!--- Make sure to type a colon ":" after the dir flash
You would get the output below on the Hyperterminal window :
Directory of flash:
2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA
4 drwx 3776 Mar 01 1993 01:23:24 html
66 -rwx 130 Jan 01 1970 00:01:19 env_vars
68 -rwx 1296 Mar 01 1993 06:55:51 config.text
1728000 bytes total (456704 bytes free)
config.text is the startup-configuration file which is stored in the flash and loaded when the switch loads.
Step 4 .
Type rename
flash:config.text flash:config.old to rename the configuration file.
This file contains the password definition.
Type
boot to boot the system
Step 5 .
This would load the IOS on the switch and get you to the configuration script as it cannot find a copy of the normal start-configuration.
Enter N at the prompt to start the Setup program,
Continue with the configuration dialog? [yes/no] : N
Step 6 .
At the switch prompt type
en to turn on enable mode.
Type
rename flash:config.old flash:config.text to rename the configuration file with its original name.
Copy the configuration file into memory:
Switch# copy flash:config.text system:running-config
Source filename [config.text]? (press Return)
Destination filename [running-config]? (press Return)
Step 7 .
myswitch#configure terminal
myswitch(config)#no enable secret
!-- This step is necessary if the switch had an enable secret password
myswitch(config)#enable password Cisco
myswitch#(config)#^Z
!--Control/Z
Remove any console and line vty (telnet / emulation) passwords if set.
Step 8 .
Write the running configuration to the configuration file:
switch#write memory
The Catalyst 2955 series switches do not use an external mode button for password recovery
The switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm running on Windows 2000 uses Ctrl + Break. On a workstation running UNIX, Ctrl-C is the break key
The example below uses Hyperterm to break into switch: mode on a 2955.
C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO DEVELOPMENT TEST
VERSION
Compiled Fri 13-Dec-02 17:38 by madison
WS-C2955T-12 starting...
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 19 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4510720
flashfs[0]: Bytes available: 3230720
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
*** The system will autoboot in 15 seconds ***
Send break character to prevent autobooting.
After this folow the same steps as for 2900XL switch.
.... Nitin .... :)
Microsoft to give source code for Office 2003 to Governments
Microsoft Corp. said on Sunday that it would share the underlying software code for its Office program as part of its efforts to make governments more confident in the security and compatibility of the world's largest software maker's products.
The new initiative is an extension of Microsoft's Government Security Program, which allows the governments of more than 30 countries to examine most of Microsoft's underlying source code, or software blueprint for its flagship Windows operating system.
The source code for Office 2003 will be made available so that governments can conduct in-depth testing and examination to make sure that the document, spreadsheet, presentation and scheduling program works with other information technology systems, Microsoft said.
Redmond, Washington-based Microsoft keeps its source code closely guarded, and requires any governments or companies to sign agreements not to divulge the data that is used to create its software programs.
You can read more of this here
Till then take Care.
.... nitin .... :)
Cisco Port channeling
soon will be jotting down on Port chanelling commands and a few things to keep in mind before you do that.
and hopefully this will be by tomm i.e Sunday if no urgent work pops up.
Web portal Yahoo is planning to launch its own online music service later this year, despite its $160 million purchase of Musicmatch announced this week, according to music industry sources.
You can find it here
Before i have late dinner and hit the sacks this is what i found while surfing the security sites.
A venurability in the Open Office.
A lill description is as below.
StarOffice and OpenOffice are reported prone to a local file disclosure vulnerability. This issue presents itself because the application creates insecure temporary files. Each time a user saves a file, a compressed copy of the file is saved in a temporary direcotry. This can allow a local attacker to disclose files of other users.
Click Here for more info on it
Some More news on the Cisco IOS front
The much needed weekend moves off too fast and swisssh and here goes off saturday.
Just need to relax more on a Sunday.
Here some new on the Cisco Switching and routing front.
Many of us know that Cisco is coming out with a new version for its IOS called HRF Huge fast Router.
Cisco Systems this summer plans to release a major overhaul of its Internetwork operating system, a move that is expected to bring long overdue improvements--and some possible complications--to software that runs most of the world's routers.
You can get it here
Some more news that British police arrest suspect in Cisco code theft
More on it can be found here
....Nitin....sed 's/grammer/grammar/' my-message
Coming soon Chanelling ports to get more bandwidth between 2 Cisco switches and / or router(s)
It hellped me sove a lot of problems to tackle the high network traffic , please don't ask me where ;).
I will surely write it soon on how i went about doing it.
Till then take Care and have a nice time.
Please pray for me that i propose my girl this week or soon and off the tech topic shes the girl i am getting serious on for the first time :)
....Nitin (sed 's/grammar/grammer/' my-blogging)
HSRP Continued
Continuing with my HSRP post decided to finish it off b4 i hit the sacks today.
Gateway1(config-if)# standby delay minimum [min-delay] reload [reload-delay]
Configures the delay period before the initialization of Hot Standby Router Protocol (HSRP) groups.
I dunn use this and would like to see the changes immediately.
If i do not use the preempt in the interface configuration then the HSRP does not shift to a router when i make its priority higher than the regular one. In that case if will only shift if there is a router failure.
Generally it is a good idea to have preempt so that you have better control over how the traffic flows in the network.
Enabling HSRP MIB Traps
MIB traps will help you poll the router through a snmp agent like snmpwalk , mrtg , rrdool and any other that you may write or get.
Enabling HSRP MIB trap support is done from the command-line interface (CLI), and the MIB is used for getting the reports. A trap notifies the network management station when a router leaves or enters the active or standby state. When an entry is configured from the CLI, the RowStatus for that group in the MIB immediately goes to the active state.
The Cisco IOS software supports a read-only version of the MIB, and set operations are not supported.
Step 1
Gateway1(config)# snmp-server enable traps hsrp
Enables the router to send SNMP traps and informs, and HSRP notifications.
Step 2
Gateway1(config)# snmp-server host host community-string hsrp
Specifies the recipient of an SNMP notification operation, and that HSRP notifications be sent to the host.
My configration has only been for only one router but you have to replicate to the other router as well.
Well thats all for now. Next post may have information on how to channel ports to save on High network usage .... It helped me a lot though.
....Nitin....:)
Configuring the Hot Standby Router Protocol
Hey friends,
A cool friday after hectic weeks. So lets see a little more on HSRP and how you can tweak it to your own benefit.
Some Theory for HSRP is below :
The Hot Standby Router Protocol (HSRP) provides high network availability because it routes IP traffic from hosts on Ethernet, FDDI, or Token Ring networks without relying on the availability of any single router. HSRP is used in a group of routers for selecting an active router and a standby router. (An active router is the router of choice for routing packets; a standby router is a router that takes over the routing duties when an active router fails, or when preset conditions are met.)
HSRP is useful for hosts that do not support a router discovery protocol (such as ICMP Router Discovery Protocol [IRDP]) and cannot switch to a new router when their selected router reloads or loses power. Because existing TCP sessions can survive the failover, this protocol also provides a more transparent recovery for hosts that dynamically choose a next hop for routing IP traffic.
When the HSRP is configured on a network segment, it provides a virtual MAC address and an IP address that is shared among a group of routers running HSRP. The address of this HSRP group is referred to as the virtual IP address. One of these devices is selected by the protocol to be the active router. The active router receives and routes packets destined for the MAC address of the group. For n routers running HSRP, n + 1 IP and MAC addresses are assigned.
HSRP detects when the designated active router fails, at which point a selected standby router assumes control of the MAC and IP addresses of the Hot Standby group. A new standby router is also selected at that time.
Devices that are running HSRP send and receive multicast UDP-based hello packets to detect router failure and to designate active and standby routers.
Now coming to the real commands :
Step 1. Enable HSRP
Gateway1(config-if)# standby [group-number] ip [ip-address [secondary]]
Gateway1(config-if)# standby 5 ip 10.10.10.1
Above 5 is my HSRP group ID and 10.10.10.1 is my HSRP ip.
Step 2. Configuring HSRP Group Attributes
A.
Gateway1(config-if)# standby [group-number] timers [msec] hellotime [msec] holdtime
Configures the time between hello packets and the hold time before other routers declare the active router to be down.
Gateway1(config-if)# standby 5 timers 7 30
Hello Packets would be sent after every 30 msecs and after 7 unsuccessful attempts the backup router would take over as the active HSRP router.
B.
Gateway1(config-if)# standby [group-number] priority priority
Set the Hot Standby priority used in choosing the active router. The priority value range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. Specify that, if the local router has priority over the current active router, the local router should attempt to take its place as the active router.
Gateway1(config-if)# standby 5 priority 50
C.
Gateway1(config-if)# standby [group-number] preempt [delay {minimum delay | reload delay | sync delay}]
Gateway1(config-if)# standby 5 preempt
D.
Gateway1(config-if)# standby [group-number] track type number [interface-priority]
Configures the interface to track other interfaces, so that if one of the other interfaces goes down, the Hot Standby priority of the device is lowered.
This has some analogy to the route dampening policy in BGP routing protocol to prevent CPU over loads.I generally dunn use it so not putting it here.
E.
Gateway1(config-if)# standby [group-number] authentication text string
Selects an authentication string to be carried in all HSRP messages.
This is something like my a password authentication between the two (or a group) of routers.
Gateway1(config-if)# standby 5 authentication my_personal-string
Well looks like i have written a lot till the next time .
Nitin
[OT]Firefox ---- Half a million downloads in two days!
Firefox web browser for mozilla has crossed half a million downlaods thats what they say.
I too downloaded it ;) but nothing much changes from IE6.
Its a small 4.5 MB file download it and try it for yourself.
You can get it at http://www.spreadfirefox.com/
HSRP
More on using HSPR prempt advanced stuff in the next post and hopefully DNS and qmail.
Nitin :)
Hot Standby Routing Protocol (HSRP).
Sorry for not posting since a loong time .... been tied up with a lot of things at the same time and having sleepless nights.
HSRP is used to provide very high uptime by 2 or more routers to have a failover and its transparent ot the user.
Various methods to do this is :
Run a routing process on the host
Static default route(s)
Proxy ARP
GDP and IRDP
HSRP
We would only be speaking on HSRP here
The idea behind HRSP is to establish a virtual router (with its own IP address) as the default router for the hosts on a LAN. The virtual router also gets its own MAC address. One or more routers then pool as the standby group for this virtual router. One of the routers in the pool is active at any time, actually forwarding packets sent to the virtual router's MAC address. If that active router disappears, another router in the pool takes over. The advantage is that the host computer never knows that different routers are involved. It just sends packets to the virtual router, oblivious to the actual router that forwards the packets. And it only has to ARP once, to get the MAC address associated with the virtual router's IP address. So this saves all the ARP traffic that comes with proxy ARP. It also accomodates host implementations that ignore ARP table changes, a problem with moving a MAC address from one IP address to another (one real router's address to another's).
Configuring HSRP is easy.
All we configure is interface ethernet
ip address 131.108.1.1 255.255.255.0
standby 2 ip 131.108.1.3
On the second router attached to the Ethernet LAN: interface ethernet
ip address 131.108.1.2 255.255.255.0
standby 2 ip 131.108.1.3
This puts both routers interfaces in the same subnet, with a common standby group of 2 on that link. So both routers are responsible for acting together as the virtual router 131.108.1.3. Hosts are configured with a static default gateway, IP address that of the virtual router, 131.108.1.3.
And that's all it takes!
Point half of the LAN hosts at one virtual router, half at the other. Use different priorities (see below) so one actual router is active as the first virtual router, the other as the second virtual router. This load balances, and if either router dies, the other one takes over for it.
Once you've got this basic idea, the other HSRP commands are nerd knobs allowing you to tweak the settings. By the way, the HSRP commands are all interface commands.
The command
standby 2 timers 1 3
sets the hello and hold timers for standby group 2. These are the default values of 1 second between hellos and 3 seconds before assuming a router is down.
To control which router is active, configure standby 2 priority 90The default priority is 100, higher priority wins.
To allow a router to resume being the active router for group 2, add standby 2 preempt
There is also a command that lets you track interfaces and lower the priority if any of the interfaces is down (making the router less desirable as a default gateway). The default priority increment is 10, but you can configure other increments. Increments other than 10 are cumulative. So if several interfaces are down, the configured increments are all subtracted from the priority level of the router.
Here's what the command looks like:
standby 2 track ethernet 0 25
To monitor standby, we can use the commands we'd expect:
show standby
and
debug standby
It's that easy!
[OT]Novell Linux Day in India
Onward Novell India is Launching its operation in India in a big way.
They are offering free training on Suse Linux. Ppl Interested can register at :
http://www.novell.com/offices/asiapac/india/suse_training.html
Also more international events started by them keeping india in focus are :
http://www.zdnetindia.com/novell/
.... Nitin ....
[OT]Cyber Safety week 2004
Hi Folks,
Apologies once again for not posting on Named (DNS) we have been very short of time.
But a promise to put DNS implementation and sendmail or qmail configuration positively by the week end (I hope :))
Well last week was celebrated by the Mumbai Police and Nasscom joint venture called Mumbai Cyber labs as the Cyber Safety week 2004.
You can reach them on :
http://www.mumbaicyberlab.org/
Looks to be a good initative but its for the time to test how good they are and how well will they be able to perform.
.... Nitin ....
[OT]Gnome 2.8 RC1 Released
Some light topic today .
Sorry for the delay in the DNS postings. BTW Gnome 2.8 RC1 has been released and the looks are cool. Many ppl found it like Windows but i some what don't aggree.
You can have a look at the screen shots at :
http://www.gnome.org/~davyd/gnome-2-8/
Wanna try and use it .... Here's the link for it :
http://www.gnome.org/start/2.7/
.... Nitin Batta ....
