과제 C형
advertisement
과제 E형 - 글자크기 : 최대 10~12pt - 분량 : A4 2매 이상 Cisco 라우터에서 관리자가 패스워드를 잊어 버렸을 경우 패스워드를 복구해야 한 다. 패스워드 복구 방법에 대하여 기술하라. GSR12000/C7500/C7200 Series Routers 1. Console 사용을 위한 Terminal setup (terminal/ terminal emulation) - 9600 baud rate, No parity, 8 data bits, 1 stop bit, No flow control 2. User mode ¡Router>show version¡ 을 통해 register 값을 확인 ¡ 0x2102¡ - Radius/TACACS 등에 연동 되어있어 확인 불가하면 아래로 이동 3. System Power Off / On 을 통해 Reboot 4. Ctrl+Break 또는 Break를 할 수 있는 Key 를 통해 Router booting 과정을 멈춤 5. ¡rommon 1> ¡ prompt 에서 ¡confreg 0x2142¡ 입력 후 ¡reset¡ - rommon 1> confreg 0x2142 rommon 2> reset . Register 0x2142는 Startup-config 를 무시하고 Booting 하는 값 6. 'Would you like to enter the initial configuration dialog?[yes/no]' 에서 ¡no¡ 입력 7. ¡Router>¡prompt 상에서 ¡Enable¡을 통해 ¡Router#¡ prompt 로 이동 8. ¡copy startup-config running-config¡를 통해 NVRAM의 config 를 불러옴. 9. ¡config terminal¡ 을 통해 config mode 에서 Eanble / Secret password 변경 - Router(config)#enable secret hanaro 10. ¡config-register 0x2102 ¡ 로 기 변경한 register 값 원복 11. Startup-config를 불러와도 모든 Interface는 shutdown상태 유지 shutdown¡ 실행 12. Write / copy running-config startup-config 를 통해 변경사항 저장. Example of Password Recovery Procedure Router>enable Password: Password: Password: % Bad secret !======= Password recovery 요망 하므로 ¡ no Router>show version Cisco Internetwork Operating System Software Configuration register is 0x2102 !======== Register 값 확인 !======== System Power Off/On 후 Break Key *** System received an abort due to Break Key *** rommon 1 > confreg 0x2142 !======== Register 값 변경 You must reset or power cycle for new config to take effect rommon 2 > reset !========== System reboot System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n !======= configuration dialog 취소 (¡no¡ 입력) Press RETURN to get started! Router>enable Router#copy startup-config running-config Destination filename [running-config]? !========= NVRAM 의 startup config 불러옴 Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret cisco !========= Loading 된 configuration 상에 password 복구(변경) Router#show ip interface brief !========= system restart 후 loading 된 configuration 은 Interface shutdown 상태로 되 어있음 Interface IP-Address OK? Method Status Protocol Ethernet0/0 10.200.40.37 YES TFTP administratively down down Serial0/0 unassigned YES TFTP administratively down down Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface Ethernet0/0 Router(config-if)#no shutdown !========== Shutdown 되어 있는 Interface no shutdown 수행 Router# 00:02:35: %SYS-5-CONFIG_I: Configured from console by console Router#copy running-config startup-config !========== 변경된 password 및 shutdown 정보 저장 Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#config-register 0x2102 Router(config)#^Z !========== 기 변경된 register 값 변경 Router#show version Cisco Internetwork Operating System Software Configuration register is 0x2142 (will be 0x2102 at next reload) !====== register 값 변경 여부 확인 (0x2102로 바뀌었고 system reboot 후에도 0x2102로 됨) 꼭 이를 위해 reboot 할 필요는 없음 Router# . GSR12000 Series Routers . Cisco7500 Series Routers . Cisco7200 Series Routers . Cisco2500 Series Routers . Catalyst6500 Series Switches (with Native IOS) . Catalyst4000/4500 Series Switches . Catalyst2900/3500 Series Switches Agenda Cisco2500 Series Routers 1. Console 사용을 위한 Terminal setup (terminal/ terminal emulation) - 9600 baud rate, No parity, 8 data bits, 1 stop bit, No flow control 2. User mode ¡Router>show version¡ 을 통해 register 값을 확인 ¡ 0x2102¡ - Radius/TACACS 등에 연동 되어있어 확인 불가하면 아래로 이동 3. System Power Off / On 을 통해 Reboot 4. Ctrl+Break 또는 Break를 할 수 있는 Key 를 통해 Router booting 과정을 멈춤 5. ¡rommon 1> ¡ prompt 에서 o/r 0x2142¡ 입력 후 ¡i¡를 통해 system reboot - rommon 1> o/r 0x2142 rommon 2> i . Register 0x2142는 Startup-config 를 무시하고 Booting 하는 값 6. 'Would you like to enter the initial configuration dialog?[yes/no]' 에서 ¡no¡ 입력 7. ¡Router>¡prompt 상에서 ¡Enable¡을 통해 ¡Router#¡ prompt 로 이동 8. ¡copy startup-config running-config¡를 통해 NVRAM의 config 를 불러옴. 9. ¡config terminal¡ 을 통해 config mode 에서 Eanble / Secret password 변경 - Router(config)#enable secret hanaro 10. ¡config-register 0x2102 ¡ 로 기 변경한 register 값 원복 11. Startup-config를 불러와도 모든 Interface는 shutdown상태 유지 하므로 ¡ no shutdown¡ 실행 12. Write / copy running-config startup-config 를 통해 변경사항 저장. . GSR12000 Series Routers . Cisco7500 Series Routers . Cisco7200 Series Routers . Cisco2500 Series Routers . Catalyst6000/7600 Series Switches (with Native IOS) . Catalyst4000/4500 Series Switches . Catalyst2900/3500 Series Switches Agenda Catalyst 6500/7600 series Switches with Native IOS . Catalyst 6500/7600 Native IOS 는 SP side 와 RP side booting 이 따로 이루어짐. . IOS는 SP bootflash 에 저장되어 있으며 Booting 순서는 SP boot 후 RP boot로 이루어짐. - First : SP (switch process) - Second : RP (Router process) . 일반적인 configuration 및 기타 동작은 RP 에서 이루어 지며 password 또는 RP configuration 상에 동작하고 있음. . Routers password recovery 와 동일한 복구방법 사용함. . Password recovery 시 Register 값 변경은 RP boot 시 break 를 통해 변경 해야 함 Example of Password Recovery Procedure Router>enable Password: Password: Password: % Bad secret !======= Password recovery 요망 Router>show version Cisco Internetwork Operating System Software Configuration register is 0x2102 !======== Register 값 확인 !======== System Power Off/On 후 RP booting 시 Break Key System Bootstrap, Version 8.4(2) Release Copyright (c) 1994-2005 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory !========= First boot SP processor booting 0:00:07: %OIR-SP-6-CONSOLE: Changing console ownership to route processor !========= console ownership RP 로 변경 / Break key & Ctrl + Break key System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1) Cat6k-Sup720/RP platform with 1048576 Kbytes of main memory rommon 1 > confreg 0x2142 !======== Register 값 변경 You must reset or power cycle for new config to take effect rommon 2 > reset !========== System reboot System Bootstrap, Version 8.4(2) Release Copyright (c) 1994-2005 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory 0:00:07: %OIR-SP-6-CONSOLE: Changing console ownership to route processor System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1) Cat6k-Sup720/RP platform with 1048576 Kbytes of main memory --- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]: n !======= configuration dialog 취소 (¡no¡ 입력) Press RETURN to get started! Router>enable Router#copy startup-config running-config Destination filename [running-config]? !========= NVRAM 의 startup config 불러옴 Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret cisco !========= Loading 된 configuration 상에 password 복구(변경) Router#show ip interface brief !========= system restart 후 loading 된 configuration 은 Interface shutdown 상태로 되 어있음 Interface IP-Address OK? Method Status Protocol Ethernet0/0 10.200.40.37 YES TFTP administratively down down Serial0/0 unassigned YES TFTP administratively down down Example of Password Recovery Procedure (3) Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface Ethernet0/0 Router(config-if)#no shutdown !========== Shutdown 되어 있는 Interface no shutdown 수행 Router# 00:02:35: %SYS-5-CONFIG_I: Configured from console by console Router#copy running-config startup-config !========== 변경된 password 및 shutdown 정보 저장 Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#config-register 0x2102 Router(config)#^Z !========== 기 변경된 register 값 변경 Router#show version Cisco Internetwork Operating System Software Configuration register is 0x2142 (will be 0x2102 at next reload) !====== register 값 변경 여부 확인 (0x2102로 바뀌었고 system reboot 후에도 0x2102로 됨) 꼭 이를 위해 reboot 할 필요는 없음 Router#
