S1720&S2700&S3700&S5700&S6700 Series Switches Product Troubleshooting - Preliminary-2 Forgetting Passwords

Latest reply: Sep 26, 2017 11:26:54 1480 1 0 0

2  Forgetting Passwords

2.1  Recovering the Console Port Login Password

Three methods are provided to recover the console port login password.
  • Method 1: Log in to the device using STelnet/Telnet and change the console port login password.
  • Method 2: Clear the console port login password in BootROM and change the console port login password.
  • Method 3: Clear the startup configuration file in BootROM, start the device with no configuration, and change the console port login password.
95bf29155ff24631af0ba9739ab4704f NOTE:
  1. Method 1 is recommended. You are recommended to use method 2 if method 1 cannot be used.
  2. If you forget the STelnet/Telnet password, use method 2 or 3. You are advised to log in to the device using STelnet V2 because using Telnet poses security risks.

  3. Enter the BootROM menu on the S1720GFR, S2720, S2750, S5700LI, S5700S-LI, S5720S-12TP-PWR-LI-AC and S5700S-28P-PWR-LI-AC, and enter the BootLoad menu on the S5710-X-LI, S5700S-28X-LI-AC, S5700S-52X-LI-AC, S5720SI, S5720S-SI, S5720EI, S5720HI, S6720EI, S5720LI, S5720S-LI and S6720S-EI. The following command outputs are used as an example.
  4. The command outputs for different versions of different device models may differ. Therefore, the command outputs on your device may differ from those provided in this document.

Logging In to the Device Using STelnet/Telnet and Changing the Console Port Login Password

The following uses the command lines and outputs of logging in to the device using STelnet as an example.

If you have an STelnet account and your user right is level 3 or higher, log in to the device using STelnet, change the console port login password, and save the configuration.

  1. Log in to the device using STelnet. Ensure that your user right is level 3 or higher.

    Run the display users command to display all the users who have logged in to the device. The item with a "+" mark indicates your user account on user interface VTY1.

    <HUAWEI> display users
      User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
      129 VTY 0   00:23:36  TEL    10.135.18.67              pass           no        Username : Unspecified
    
    + 130 VTY 1   01:20:36  TEL    10.135.18.91              pass           no        Username : Unspecified
    
      131 VTY 2   00:00:00  TEL    10.135.18.54              pass           no        Username : Unspecified

    Run the display user-interface command to display the user rights of all users. The output shows that VTY1 has user right 15. Therefore, you have the right to change the console port login password.

    <HUAWEI> display user-interface
      Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int
      0    CON 0    9600       -     15    -           P     -
    + 129  VTY 0               -     15    15          P     -
    + 130  VTY 1               -     15    15          P     -
    + 131  VTY 2               -     15    -           P     -
      132  VTY 3               -     15    15          P     -
    ......
  2. Change the console port login password. In this example, set the authentication mode to password authentication and the password to huawei@123.

    <HUAWEI> system-view
    [HUAWEI] user-interface console 0
    [HUAWEI-ui-console0] authentication-mode password
    [HUAWEI-ui-console0] set authentication password cipher huawei@123
    [HUAWEI-ui-console0] return
  3. Save the configuration.

    <HUAWEI> save
    The current configuration will be written to the device.
    Are you sure to continue?[Y/N]y
    Now saving the current configuration to the slot 0.
    Save the configuration successfully.

Clearing the Console Port Login Password in BootROM and Changing the Console Port Login Password

The BootROM allows you to clear the console port login password so that the device does not check the password when you log in through the console port. When the device starts, you do not need to enter the console port login password and all configurations are loaded normally. After the device starts, reconfigure the authentication mode and console port login password, and save the configuration.

294e5b72fed841c3a50a01faf1a39a44 NOTICE:
  • You must restart the device to display the BootROM menu, which results in service interruptions. Migrate services to a backup device and perform this operation during off-peak hours.

  • Set a new password immediately after clearing the console port login password in BootROM and logging in to the device.

  • Do not power off the device during the operation.

  1. Connect a PC to the device through a serial cable and restart the device. When the message "Press Ctrl+B to enter BootROM menu..." (V200R002 and V200R003) or "Press Ctrl+B or Ctrl+E to enter BootROM menu..." (V200R005 and later versions)is displayed, press Ctrl+Bor Ctrl+E in later versions, and enter the password (Admin@huawei.com by default and possibly huawei on a device running versions earlier than V100R006C03). The BootROM main menu is displayed.

  2. Clear console port login password.

              BootROM  MENU
    
        1. Boot with default mode
        2. Enter serial submenu
        3. Enter startup submenu
        4. Enter ethernet submenu
        5. Enter filesystem submenu
        6. Modify BootROM password   //V200R006 and earlier versions: Modify BootROM password; V200R007 and later versions: Enter password submenu
        7. Clear password for console user
        8. Reboot
        (Press Ctrl+E to enter diag menu) 
    
    Enter your choice(1-8): 7
    
    Note: Clear password for console user? Yes or No(Y/N): y
    
    Clear password for console user successfully. Choose "1" to boot, then set a new password.
    Note: Do not choose "8. Reboot" or power off the device, otherwise this operation will not take effect.
  3. Enter 1 in the BootROM main menu to start the device.
  4. Log in to the device through the console port. Authentication is not required when you log in. Change the console port login password. In this example, set the authentication mode to password authentication and the password to huawei@123.

    <HUAWEI> system-view
    [HUAWEI] user-interface console 0
    [HUAWEI-ui-console0] authentication-mode password
    [HUAWEI-ui-console0] set authentication password cipher huawei@123
    [HUAWEI-ui-console0] return
  5. Save the configuration.

    <HUAWEI> save
    The current configuration will be written to the device.
    Are you sure to continue?[Y/N]y
    Now saving the current configuration to the slot 0.
    Save the configuration successfully.

Clearing the Startup Configuration File in BootROM, Starting the Device with No Configuration, and Changing the Console Port Login Password

If you clear the startup configuration file in BootROM, the device restarts with no configurations (factory settings). After the device starts, export the configuration file and change the console port login configuration. Upload the changed configuration to the device and specify the new configuration file as the next startup configuration file. After the device restarts, you do not need to enter the console port login password.

In the following example, the authentication mode for console port login is password authentication. In other authentication modes, the output varies according to the device model and configuration.

294e5b72fed841c3a50a01faf1a39a44 NOTICE:
  • You must restart the device to display the BootROM menu, which results in service interruptions. Migrate services to a backup device and perform this operation during off-peak hours.

  • Do not power off the device during the operation.

  • In V200R010 and later versions, the default authentication mode for console port login is AAA authentication. If the authentication mode is not changed after the device starts with no configurations, and the device is configured to start with the configuration file from which the authentication mode is deleted, you must enter the default user name admin and password admin@huawei.com after the device restarts. The output varies according to the device model and configuration.

  1. Connect a PC to the device through a serial cable and restart the device. When the message "Press Ctrl+B to enter BootROM menu..." (V200R002 and V200R003) or "Press Ctrl+B or Ctrl+E to enter BootROM menu..." (V200R005 and later versions)is displayed, press Ctrl+B or Ctrl+E and enter the password (Admin@huawei.com by default and possibly huawei on a device running versions earlier than V100R006C03). The BootROM main menu is displayed.

  2. Clear the startup configuration file so that the device starts with no configurations.
    95bf29155ff24631af0ba9739ab4704f NOTE:

    Record the name of the current configuration file so that you can restore the previous configuration.

              BootROM  MENU
    
        1. Boot with default mode
        2. Enter serial submenu
        3. Enter startup submenu
        4. Enter ethernet submenu
        5. Enter filesystem submenu
        6. Modify BootROM password   //V200R006 and earlier versions: Modify BootROM password; V200R007 and later versions: Enter password submenu
        7. Clear password for console user
        8. Reboot
        (Press Ctrl+E to enter diag menu) 
    
    Enter your choice(1-8): 3
    
           Startup Configuration Submenu
    
        1. Display startup configuration
        2. Modify startup configuration
        3. Return to main menu
    
    
    Enter your choice(1-3): 2
    
    Note: startup file field can not be cleared
    '.'=clear field; 'Ctrl+D'=quit; Enter=use current configuration
    
    startup type(1: Flash)
      current: 1
      new    :
    
    Flash startup file (can not be cleared)
      current: HUAWEI-v200r008c00.cc
      new    :
    
    saved-configuration file
      current: vrpcfg.zip
      new    : .          //Clear the current value.
    
    patch package
      current:
      new    :
    
           Startup Configuration Submenu
    
        1. Display startup configuration
        2. Modify startup configuration
        3. Return to main menu
    
    Enter your choice(1-3): 3                                                       
  3. Enter 1 in the BootROM main menu to start the device.
  4. After the device starts, factory settings are restored. When you log in to a device running V200R009 or an earlier version through the console port, the system asks you to set the console port login password. The following uses the password huawei@123 as an example.

    An initial password is required for the first login via the console.
    Continue to set it? [Y/N]:y
    Set a password and keep it safe. Otherwise you will not be able to login via the console.
    
    Please configure the login password (8-16)
    Enter Password:     //Enter huawei@123.
    Confirm Password:     //Enter huawei@123 again.
    

    When you log in to a device running V200R010 or a later version through the console port, the system asks you to enter the default user name and password for console port login, and then asks you to change the password. You must change the password. The following uses the password huawei@123 as an example.

    Login authentication                                                            
                                                                                    
                                                                               
    Username:admin                                                                  
    Password:     //Enter admin@huawei.com.                                                                       
    Warning: The default password poses security risks.                             
    The password needs to be changed. Change now? [Y/N]: y                          
    Please enter old password:     //Enter admin@huawei.com.                                                      
    Please enter new password:     //Enter huawei@123.                                                      
    Please confirm new password:     //Enter huawei@123 again.                                                    
    The password has been changed successfully. 
  5. Restore the original configuration. To restore the original configuration without retaining the console port login password from the original configuration file, download the original configuration file to the PC and delete the console configuration. Then upload this configuration file to the device and specify it as the startup configuration file. Restart the device to make this configuration file take effect.
    1. Configure the device as the FTP server.
      <HUAWEI> system-view
      [HUAWEI] ftp server enable
      Info: The FTP server is already enabled.
      [HUAWEI] vlan 10
      [HUAWEI-vlan10]  interface vlanif 10   //Configure VLANIF 10 as the management interface.
      [HUAWEI-Vlanif10] ip address 10.110.24.254 24
      [HUAWEI-Vlanif10] quit
      [HUAWEI] interface gigabitethernet 0/0/10   //GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
      [HUAWEI-GigabitEthernet0/0/10] port link-type access
      [HUAWEI-GigabitEthernet0/0/10] port default vlan 10
      [HUAWEI-GigabitEthernet0/0/10] quit
      [HUAWEI] aaa
      [HUAWEI-aaa] local-user huawei password irreversible-cipher huawei@123
      [HUAWEI-aaa] local-user huawei ftp-directory flash:
      [HUAWEI-aaa] local-user huawei service-type ftp
      [HUAWEI-aaa] local-user huawei privilege level 15
    2. Download the original configuration file vrpcfg.zip to the PC.

      C:\Documents and Setting\Administrator> ftp 10.110.24.254
      Connected to 10.110.24.254.
      220 FTP service ready.
      User (10.110.24.254:(none)): huawei
      331 Password required for huawei.
      Password:
      230 User logged in.
      ftp> get vrpcfg.zip
      200 Port command okay.
      150 Opening ASCII mode data connection for directory list.
      226 Transfer complete.
      ftp: receive 981 bytes in 0.01 seconds 981000.00Kbytes/sec
    3. Decompress the downloaded file on the PC and open it using a text editing tool (a system-provided text editing tool is recommended). Delete the console authentication configuration and compress the file into the file vrpcfg.zip. The following configuration needs to be deleted:

      #
      user-interface maximum-vty 15
      user-interface con 0
       authentication-mode password         // Manual deletion is required.
       set authentication password cipher %@%@:*IB+w7j~""GlU$0-;\#m@Jw%@%@      // Manual deletion is required.
      #
      user-interface con 0
       authentication-mode aaa     // Manual deletion is required.
       user privilege level 15     // Manual deletion is required.
      
  6. Save the modified configuration file and upload it to the device to replace the original configuration file.

    ftp> put vrpcfg.zip
    200 Port command okay.
    150 Opening ASCII mode data connection for directory list.
    226 Transfer complete.
    ftp: 981 bytes are sent and the transmission time is 0.00 Seconds. The speed is 978000.00Kbytes/sec.
    
  7. Configure the uploaded configuration file as the startup configuration file. Restart the device without saving the configuration.

    <HUAWEI> startup saved-configuration vrpcfg.zip
    Info: Succeeded in setting the configuration for booting system.
    <HUAWEI> reboot fast
    System will reboot! Continue ? [y/n]:y
  8. After the device restarts, you are prompted to enter the console port login password. Enter a password and press Enter to display the command line interface.

2.2  Recovering the Telnet Login Password

You can use Telnet to remotely maintain and manage a device. If you forget the Telnet login password, log in to the device using another method, such as the Console port, and set a new password.

  • AAA authentication: To log in to the device, you must have a user name and a password.
  • Password authentication: To log in to the device, you must have a password.

In this example, the configurations for VTY0 to VTY4 are the same.

Configuring AAA Authentication

If the user remembers the original login user name, a new password can be configured. For example, if the user name is huawei, configure a new password huawei@123 and set the user level to level 2.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] protocol inbound telnet   //By default, Telnet is configured on devices running V200R006 and earlier versions. SSH is configured by default on devices running V200R007 and later versions, in which case this command is mandatory. 
[HUAWEI-ui-vty0-4] authentication-mode aaa
[HUAWEI-ui-vty0-4] quit
[HUAWEI] aaa
[HUAWEI-aaa] local-user huawei password irreversible-cipher huawei@123
[HUAWEI-aaa] local-user huawei service-type telnet
[HUAWEI-aaa] local-user huawei privilege level 2

After the configuration is complete, you can use the user name huawei and password huawei@123 to log in to the device.

If the user forgets the original login user name, configure a new user named huawei and password huawei@123 using the same method.

Configuring Password Authentication

Configure password authentication for VTYs 0-4 and configure a password huawei@123.

<HUAWEI> system-view
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] protocol inbound telnet   //By default, switches in V200R006 and earlier versions support Telnet, and switches in V200R007 and later versions support SSH.
[HUAWEI-ui-vty0-4] authentication-mode password
[HUAWEI-ui-vty0-4] set authentication password cipher huawei@123
[HUAWEI-ui-vty0-4] return

After the configuration is complete, you can use the password huawei@123 to log in to the device.

95bf29155ff24631af0ba9739ab4704f NOTE:

After you log in to the device through VTY0 to 4, you can run the display current-configuration configuration user-interfacecommand to view the authentication mode of the VTY user.

2.3  Recovering the BootROM Password

The BootROM is the basis for device security and maintenance, and provides functions such as configuration recovery and system software upgrade. You must keep the BootROM password secure. If the BootROM password is lost, you can run the reset boot password command to restore the default password and reset the password.

To reset the BootROM password through the BootROM menu, you must connect to the console port and log in to the device through the console port.

  1. In any view, restore the default BootROM password Admin@huawei.com.

    <HUAWEI> reset boot password
    The password used to enter the boot menu by clicking Ctrl+B or Ctrl+E will be restored to the default password, continue? [Y/N]y
    Info: Succeeded in setting password of boot to "Admin@huawei.com".
    95bf29155ff24631af0ba9739ab4704f NOTE:

    The reset boot password command is only supported after V100R006C03. The default password for versions earlier than V100R006C03 is huawei, and the default password for V100R006C03 and later versions is Admin@huawei.com.

  2. For security, change the default password.

    Change the BootROM password using the following methods:
    • Run the bootrom password change command in the system view and change the BootROM password.
      <HUAWEI> system-view
      [HUAWEI] bootrom password change
      Old Password:                       //Enter the old password.
      New Password(6 to 79 chars):        //Enter the new password.
      Confirm Password(6 to 79 chars):    //Confirm the new password.
      294e5b72fed841c3a50a01faf1a39a44 NOTICE:

      To downgrade the system software to V200R008 or an earlier version, you must run the reset boot password command to restore the default BootROM password first and then specify the system software. Otherwise, the BootROM password may not be used or a fault occurs on the switch. If the BootROM password cannot be used after the downgrade, run the reset boot password command to restore the default BootROMpassword again.

    • Change the BootROM password in the BootROM menu. Run the reboot command to restart the device. When the message "Press Ctrl+B to enter BootROM menu..." (in V200R002 and V200R003) or "Press Ctrl+B or Ctrl+E to enter BootROM menu..." (in V200R005 and later versions)is displayed, press Ctrl+B or Ctrl+E and enter the default password to enter the BootROM main menu.

      In V200R006 and earlier versions, select 6 in the BootROM main menu and change the BootROM password. The display is as follows:

                BOOTROM  MENU
      
          1. Boot with default mode
          2. Enter serial submenu
          3. Enter startup submenu
          4. Enter ethernet submenu
          5. Enter filesystem submenu
          6. Modify BOOTROM password
          7. Clear password for console user
          8. Reboot
      Enter your choice(1-8):6       //Select 6 and change the BootROM password.
      
      Old password:                             //Enter the old BootROM password. The default password is Admin@huawei.com.
      New password:                             //Enter the new BootROM password.
      Verify:                                   //Confirm the new BootROM password.
      Save password to Flash...OK!
      Save backup password to Flash...OK!  

      In V200R007 and later versions, select 1 in the password submenu and change the BootROM password. The display is as follows:

                BootROM  MENU
      
          1. Boot with default mode
          2. Enter serial submenu
          3. Enter startup submenu
          4. Enter ethernet submenu
          5. Enter filesystem submenu
          6. Enter password submenu
          7. Clear password for console user
          8. Reboot
          (Press Ctrl+E to enter diag menu) 
      
      Enter your choice(1-8): 6       //Select 6 to enter the password submenu.
      
              PASSWORD  SUBMENU
          1. Modify BootROM password
          2. Reset BootROM password
          3. Return to main menu
      
      Enter your choice(1-3): 1   //Select 1 and change the BootROM password.
      
      Old password:                             //Enter the old BootROM password. The default password is Admin@huawei.com.
      New password:                             //Enter the new BootROM password.
      Verify:                                   //Confirm the new BootROM password.
      Save password to Flash...OK!
      Save backup password to Flash...OK!  
From group: Switch
  • x
  • convention:

WoodWood Created Sep 26, 2017 11:26:54 Helpful(0) Helpful(0)

S1720&S2700&S3700&S5700&S6700 Series Switches Product Troubleshooting - Preliminary-2 Forgetting Passwords
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top