H3C Series Ethernet Switches Login Password Recovery Manual(V1.01)-Book

7/27/2019 H3C Series Ethernet Switches Login Password Recovery Manual(V1.01)-Book

http://slidepdf.com/reader/full/h3c-series-ethernet-switches-login-password-recovery-manualv101-book 1/17

i

Table of Contents

1 Introduction to H3C Switch Login Passwords ·······················································································1-1

Console Login Password ························································································································1-1

Telnet Login Password····························································································································1-2

User Level Switching Password··············································································································1-3

Boot ROM Password·······························································································································1-4

Web NMS Login Password·····················································································································1-5

2 H3C Switch Login Password Recovery ···································································································2-1

Console Login Password Recovery ········································································································2-1

Telnet Login Password Recovery ···········································································································2-5

User Level Switching Password Recovery ·····························································································2-7

Boot ROM Password Recovery ··············································································································2-8

Web NMS Login Password Recovery·····································································································2-9



1-1

1 Introduction to H3C Switch Login Passwords

This document describes how to recover or change login passwords for the H3C switches listed in the

table below.

Appl icable products

S5820X series S5810 series S5800 series S5600 series

S5510 series S5500-EI series S5500-SI series S5120-SI series

S5120-EI series S5100-EI series S5100-SI series S3610 series

S3600-EI series S3600-SI series S3100-EI series S3100-SI series

S3100-52P

For how to recover passwords for other H3C switches, refer to the corresponding installation

manuals or contact your H3C agent.

Support for the methods of recovering passwords depends on the device model.

The application scope of this document is subject to change without notice.

Console Login Password

Console login is the most basic method to log in to a switch locally, and is also the prerequisite for other

login methods. Connect the serial port of your PC to the console port of the H3C switch, and then you

can use the terminal emulation program on your PC to configure and manage the switch.

By default, you can log in to the H3C switch locally through the console port only.

To protect the switch from unauthorized accesses through the console port, you can set a console login

username and password.

The H3C switch supports three console login authentication methods:

none: No authentication.

password: Password authentication.

scheme: Username and password authentication.



1-2

The scheme authentication method comprises local authentication and RADIUS authentication.

For details, refer to the AAA section in the corresponding operation manual.

For details about the three authentication methods, refer to the operation manual and command

manual of the specific device model.

With the password or scheme authentication method configured, the switch prompts you to enter the

login authentication information when you log in through the console port.

Login interface of the password authentication method

****************************************************************************

* Copyri ght ( c) 2004- 2010 Hangzhou H3C Tech. Co. , Lt d. Al l r i ght s r eser ved. *

* Wi t hout t he owner' s pr i or wr i t t en consent , *

* no decompi l i ng or r everse- engi neeri ng shal l be al l owed. *

****************************************************************************

User i nt er f ace aux0 i s avai l abl e.

Press ENTER t o get st art ed.

Logi n aut hent i cat i on

Password:

Login interface of the scheme authentication method (with the username admin)

****************************************************************************




****************************************************************************




User name: admi n

Password:

Telnet Login Password

Telnet offers a common method of remote login and management. You can telnet to a network device

from any PC or terminal that can reach the device.

H3C switches support telnet. You can remotely manage an H3C switch via telnet, and prevent

unauthorized accesses by setting the telnet username and password.

The H3C switch supports three telnet login authentication methods:

none: No authentication.

password: Password authentication.

scheme: Username and password authentication.



1-3

The scheme authentication method comprises local authentication and RADIUS authentication.

For details, refer to the AAA section in the corresponding operation manual.

For details about the three authentication methods, refer to the operation manual and command

manual of the specific device model.

With the password or scheme authentication method configured, the switch prompts you to enter the

login authentication information when you log in via telnet.

Login interface of the password authentication method

******************************************************************************



* no decompi l i ng or r everse- engi neeri ng shal l be al l owed. *******************************************************************************


Password:

Login interface of the scheme authentication method (with the username admin)

******************************************************************************




******************************************************************************


User name: admi n

Password:

User Level Switching Password

You can temporarily change the current login user level with the user level switching password provided,

thus to flexibly control the privileges of the current user. The change is effective for the current loginonly.

To prevent inadvertent operations, you are recommended to log in as a low-level user, and switch

to a higher user level for device maintenance.

To protect the switch configuration, you can switch to a lower user level when you have the switch

to be managed by someone else.

Local or RADIUS authentication of the scheme authentication method can be used for switching

between user levels. Thus, you must set the user level switching password in the local device or

RADIUS server.

For example, a user with the level 0 can use the following commands only:<H3C> ?

User vi ew commands:

cl ust er Run cl ust er command



1-4

di spl ay Di spl ay cur r ent syst em i nf or mat i on

pi ng Pi ng f unct i on

qui t Exi t f r omcur r ent command vi ew

ssh2 Est abl i sh a secur e shel l cl i ent connect i on

super Set t he cur r ent user pr i or i t y l evel

t el net Est abl i sh one TELNET connect i on

t r acer t Tr ace r out e f unct i on

Use the super command and enter the password to switch the current user level to 2.<H3C> super 2

Password:

User pri vi l ege l evel i s 2, and onl y t hose commands can be used

whose l evel i s equal or l ess t han t hi s.

Pr i vi l ege not e: 0- VI SI T, 1- MONI TOR, 2- SYSTEM, 3- MANAGE

Then you can use all commands except the management level commands.

<H3C> ?

User vi ew commands:

backup Backup next st art up- conf i gur ati on f i l e t o TFTP server

cl ust er Run cl ust er commanddebuggi ng Enabl e syst emdebuggi ng f unct i ons

di spl ay Di spl ay cur r ent syst em i nf or mat i on

f r ee Cl ear user t er mi nal i nt er f ace

mt r acer t Trace r out e t o mul t i cast sour ce

nt dp Run NTDP commands

pi ng Pi ng f unct i on

qui t Exi t f r omcur r ent command vi ew

r ef r esh Do sof t r eset

r eset Reset operat i on

save Save cur r ent conf i gur at i on

scr een- l engt h Speci f y t he l i nes di spl ayed on one scr een

send Send i nf ormati on t o other user t er mi nal i nt er f ace

ssh2 Est abl i sh a secur e shel l cl i ent connect i on

st ack Swi t ch st ack syst em

super Set t he cur r ent user pr i or i t y l evel

syst emvi ew Ent er t he Syst emVi ew

t el net Establ i sh one TELNET connect i on

t er mi nal Set t he t ermi nal l i ne char acteri st i cs

t r acer t Trace r out e f unct i on

undo Cancel cur r ent set t i ng

<H3C>

Boot ROM Password

Boot ROM is a power-on self test (POST) program that initializes hardware and displays hardware

information. The Boot ROM menu is the interface for human-computer interactions. It provides

functions such as software loading and file management.

Press Ctrl + B when the following displays, and then you are prompted to enter the Boot ROM

password.



1-5

St ar t i ng. . . . . .

***********************************************************

* *

* H3C S5500- 28C- PWR-EI BOOTROM, Versi on 509 *

* *

***********************************************************

Copyr i ght ( c) 2004- 2009 Hangzhou H3C Tech. Co. , Lt d.Cr eat i on dat e : J an 9 2009, 10: 44: 09

CPU Cl ock Speed : 533MHz

BUS Cl ock Speed : 133MHz

Memor y Si ze : 256MB

Mac Address : 002389294f 70

Press Ct r l - B t o ent er Boot Menu. . . 1

Password:

By default, there is no Boot ROM password. After the correct password is provided, the Boot ROM

menu is displayed as follows:

BOOT MENU

1. Downl oad appl i cat i on f i l e t o f l ash

2. Sel ect appl i cat i on f i l e to boot

3. Di spl ay al l f i l es i n f l ash

4. Del et e f i l e f rom f l ash

5. Modi f y bootr ompassword

6. Ent er boot r om upgrade menu

7. Ski p cur rent conf i gur at i on f i l e

8. Set boot r ompassword r ecover y9. Set swi t ch st art up mode

0. Reboot

Ent er your choi ce( 0- 9) :

You can select 5 to set the Boot ROM password.

Web NMS Login Password

The H3C switch has a built-in Web server. It enables you to log in to the switch from a web network

management system (NMS) terminal (PC) to manage and maintain the switch through the webinterface.

To control accesses to the switch, you are recommended to configure a login username and password.

Figure 1-1 shows the web NMS login page.



1-6

Figure 1-1 Web NMS login page

The web NMS login page varies with the device model.



2-1

2 H3C Switch Login Password Recovery

Console Login Password Recovery

The password recovery method described in this section applies to the password authentication

method and local authentication of the scheme authentication method. In RADIUS authentication

of the scheme authentication method, login passwords are configured on the RADIUS server. If

you fail to log in to the RADIUS server due to password loss or RADIUS server failure, you are

recommended to contact the administrator to obtain a new login password.

If the switch is enabled with the password control function, the console login password is not

displayed in the configuration file. Disable this function before performing the following operations.

If the console login password is lost, you can select Skip current configuration file in the Boot ROM

menu to recover the password. To do that, follow these steps:

1) Use a configuration cable to connect the serial port of your PC to the console port of the H3C switch,

and then you can display the login interface through the terminal emulation program. Table 2-1

shows the default settings of the console port.

Table 2-1 Default setting of the console port

Item Default setting

Baud rate 9600 bps

Flow control None

Parity None

Stop bits 1

Data bits 8

2) Restart the switch.

3) When the following output appears, press Ctrl + B and enter the Boot ROM password as prompted

to enter the Boot ROM menu.

St ar t i ng. . . . . .

***********************************************************

* *

* H3C S5500- 28C- PWR-EI BOOTROM, Versi on 509 *

* *

***********************************************************Copyr i ght ( c) 2004- 2009 Hangzhou H3C Tech. Co. , Lt d.

Cr eat i on dat e : J an 9 2009, 10: 44: 09




2-2

BUS Cl ock Speed : 133MHz

Memor y Si ze : 256MB

Mac Address : 002389294f 70

Press Ct r l - B t o ent er Boot Menu. . . 1

Password:

By default, the H3C switch does not have a Boot ROM password. If you have lost your Boot ROM

password, recover the password as described in Boot ROM Password Recovery.

4) Select 7 in the Boot ROM menu and type y to confirm your operation.

BOOT MENU








8. Set boot r ompassword r ecover y

9. Set swi t ch st art up mode

0. Reboot

Ent er your choi ce( 0- 9) : 7

The cur r ent set t i ng i s r unni ng conf i gurat i on f i l e when r eboot .

Ar e you sur e to ski p cur r ent conf i gur ati on f i l e when r eboot ? Yes or No(Y/ N) y

Sett i ng. . . . . . done!

5) When you return to the Boot ROM menu, select 0 to restart the switch.

BOOT MENU



3. Di spl ay al l f i l es i n f l ash4. Del et e f i l e f rom f l ash






0. Reboot


@̂Syst emr eboot i ng. . .

6) The switch skips the configuration file at the next startup and allows you to log in without providing

the password.



2-3

****************************************************************************




****************************************************************************

Conf i gurati on f i l e i s ski pped.



<H3C>

7) At the command line interface (CLI), use the display startup command to view the startup

configuration file, and use the more command to view the console login password in the

configuration file.

<H3C> di spl ay st ar t up

Cur r ent st ar t up saved- conf i gur at i on f i l e: NULLNext st ar t up saved- conf i gur at i on f i l e: f l ash: / st art up. cf g

<H3C> mor e st ar t up. cf g

If the password authentication method is used, pay attention to the console login password

configuration commands, which are gray highlighted.

The password is displayed in plain text:

#

user- i nt er f ace aux 0

aut hent i cat i on- mode password

set aut hent i cat i on password si mpl e test

The password is displayed in cipher text:#


aut hent i cat i on- mode password

set aut hent i cat i on passwor d ci pher . ] @USE=B, 53Q=̂ Q̀ MAF4<1!!

A plain text password is directly displayed in the set authentication password s imple command, and

you can use or change it. A cipher text password is converted into cipher text characters, and you arerecommended to change it.

If the scheme authentication method is used, pay attention to the local username and password

configuration commands, which are gray highlighted. The username is admin in this example.


#

l ocal - user admi n

passwor d si mpl e 123

ser vi ce- t ype t er mi nal

The password is displayed in cipher text:

#



2-4


passwor d ci pher 7- CZB#/ YX]KQ=̂ Q̀ MAF4<1! !

ser vi ce- t ype t er mi nal

If the switch has multiple local users, view the configuration of the terminal user configured with the

service-type terminal command.

A plain text password is directly displayed in the password simple command, and you can use or

change it. A cipher text password is converted into cipher text characters, and you are

recommended to change it.

8) Use the copy command to back up the configuration file. In this example, the backup file is named

startup_bak.cfg.

<H3C> copy st art up. cf g st art up_bak. cf g

Copy f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g?[ Y/ N] : y

. . . . . . .

%Copy f i l e f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g. . . Done.

9) You can use File Transfer Protocol (FTP) or Trivial File Transfer Protocol(TFTP) to transfer the

configuration file to your PC, and edit the file in the text editor software such as Windows Notepad

and WordPad by using any of the following methods:

Change the keyword of the authentication-mode command to none.

Change keyword cipher of the set authentication password command to simple, and type a

new password (for the password authentication method).

Change keyword cipher of the password command to simple, and type a new password (for the

scheme authentication method).

The none authentication method is for temporary login only. To ensure device security, change the

authentication method as soon as possible.

10) Upload the configuration file to the switch to replace the existing configuration file. Then the switch

uses the new configuration file at the next startup, and allows you to log in with the new password.

Meanwhile, other configurations are retained.



2-5

Telnet Login Password Recovery

The password recovery method described in this section applies to the password authentication

method and local authentication of the scheme authentication method. In RADIUS authentication

of the scheme authentication method, login passwords are configured on the RADIUS server. If

you fail to log in to the RADIUS server due to password loss or RADIUS server failure, you are

recommended to contact the administrator to obtain a new login password.

If the switch is enabled with the password control function, the telnet login password is not

displayed in the configuration file. Disable this function before performing the following operations.

If the telnet login password is lost, you can log in to the console through the console port to display and

change the telnet login password.1) Use a configuration cable to connect the serial port of your PC to the console port of the H3C switch,

configure the terminal emulation program, and log in to the console. For the settings of the terminal

emulation program, refer to Table 2-1.

2) Use the display current-configuration command to view the telnet authentication configuration.

If the password authentication method is used, pay attention to the telnet password configuration

command, which is gray highlighted.

<H3C> di spl ay cur r ent - conf i gur at i on | begi n user- i nt er f ace


set aut hent i cat i on password si mpl e test

user - i nt er f ace vty 0 4

user pri vi l ege l evel 3

set aut hent i cat i on password si mpl e h3c

i dl e- t i meout 0 0

#

With the | begin user-interface parameter specified, the display current-configuration

command displays the line that matches the user-interface character string and all the

subsequent lines. This parameter helps you quickly locate the user interface configuration in the

configuration file. For detailed information about the regular expression in display commands, refer

to the operation manuals of the switches.

If the configuration file contains no authentication-mode information, the authentication method is

password, which is the default authentication method of the telnet (VTY) user interface.

For a plain text password, you can use or change it. For a cipher text password, you are




2-6

If the scheme authentication method is used, pay attention to the telnet password configuration

commands, which are gray highlighted.

<H3C> di spl ay cur r ent - conf i gur at i on | begi n l ocal - user

l ocal - user abc


ser vi ce- t ype t el net



ser vi ce- t ype t el net t er mi nal

…



If the switch has multiple local users, view the configuration of the telnet user configured with the

service-type telnet or service-type telnet terminal command.

3) Change the authentication method and password.

If the password is displayed in plain text, you can telnet to the device by entering the password (for

the password authentication method) or username and password (for the scheme authentication

method).

If you want to change the telnet login authentication method, use the authentication-mode

command in user view. For example, change the telnet authentication method to none as follows:

<H3C> syst emvi ew[ H3C] user- i nt erf ace vty 0 4

[ H3C- ui - vt y0- 4] aut hent i cat i on- mode none

If you want to change the login password for the password authentication method, use the set

authentication password command to change the password. For example, change the password

to new as follows:

<H3C> syst emvi ew

[ H3C] user- i nt erf ace vty 0 4

[ H3C- ui - vt y0- 4] set aut hent i cat i on password si mpl e new

If you want to change the login password of a user in the scheme authentication method, use the

password command in the user view. For example, change the password of the user admin to

new as follows:


[ H3C] l ocal - user admi n

[ H3C- l user- admi n] password si mpl e new

When the preceding configuration is complete, you can use the new password and authentication

method for the next telnet login.



2-7

The none authentication method is for temporary login only. To ensure device security, change the

authentication method as soon as possible.

After the preceding configuration is complete, save the configuration with the save command.

Otherwise, the switch may require you to use the former password and authentication method for

login.

User Level Switching Password Recovery

If the switch is enabled with the password control function, the user level switching password is notdisplayed in the configuration file. Disable this function before performing the following operations.

1) The configuration procedure is similar to that of recovering the console login password. Configure

the device to skip the configuration file at startup. For detailed procedure, refer to Console Login

Password Recovery.

2) After the configuration file is skipped, view the user level switching configuration in the startup

configuration file.

If local authentication is used for switching between user levels, pay attention to the commands for

setting the user level switching password.


#

super password l evel 2 si mpl e 123

super password l evel 3 si mpl e 123

The password is displayed in cipher text:

#

super passwor d l evel 2 ci pher 7- CZB#/ YX] KQ=̂ Q̀ MAF4<1! !

super passwor d l evel 3 ci pher AN$TBB7' VF3Q=̂ Q̀ MAF4<1! !

A plain text password is directly displayed the super password command, and you can use or change

it. A cipher text password is converted into cipher text characters, and you are recommended to change

it.

If the scheme authentication method is used, you are recommended to contact the RADIUS server

administrator to obtain a new login password.



2-8

3) Use the copy command to back up the configuration file. In this example, the backup file is named

startup_bak.cfg.

<H3C> copy st art up. cf g st art up_bak. cf g

Copy f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g?[ Y/ N] : y

…

%Copy f i l e f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g. . . Done.

4) You can use FTP or TFTP to transfer the configuration file to your PC, and edit the file in the text

editor software such as Windows Notepad and WordPad by using any of the following methods:

Change keyword cipher of the password command to simple, and type a new password (for the

password authentication method).

Delete the super authentication-mode scheme command to set local authentication for user

level switching, and set a new password with the super password command (for the scheme

authentication method, not recommended).

5) Upload the configuration file to the switch to replace the existing configuration file. Then the switch

uses the new configuration file at the next startup, and allows you to switch between user levels

with the new password. Meanwhile, other configurations are retained.

Boot ROM Password Recovery

Before performing the following operations, make sure that the Boot ROM password recovery function

is enabled (default status). If you have disabled this function by selecting 8 in the Boot ROM menu,

contact your H3C agent for password recovery.

Follow these steps to recover the Boot ROM password:

1) Use any of the following methods to obtain the MAC address of the switch:

Use the display device manuinfo command.

<H3C> di spl ay devi ce manui nf o

DEVI CE_NAME : S5500- 28C- PWR- EI

DEVI CE_SERI AL_NUMBER : 210235A254H096000016

MAC_ADDRESS : 0023- 8929- 4F70

MANUFACTURI NG_DATE : 2009- 10- 07

VENDOR_NAME : H3C

Reboot the switch and view its MAC address in the POST information.

***********************************************************

* *

* H3C S5500- 28C- EI BOOTROM, Ver si on 510 *

* *

***********************************************************

Copyr i ght ( c) 2004- 2009 Hangzhou H3C Tech. Co. , Lt d.

Cr eat i on dat e : May 18 2009, 17: 01: 57


BUS Cl ock Speed : 133MHzMemor y Si ze : 256MB

Mac Addr ess : 002389294F70

Check the MAC address label on the chassis.



2-9

2) Contact the H3C customer service staff and provide the MAC address. Then you can obtain a Boot

ROM super password.

3) Use this password to enter the Boot ROM menu, select 5 in the menu, and change the Boot ROM

password.

BOOT MENU










0. Reboot


Ol d password: ** ** ** (Type the super password.)

New password: ** ** **

Conf i r m passwor d: **** **

Curr ent password has been changed successf ul l y!

Web NMS Login Password Recovery

If the switch is enabled with the password control function, the local user password is not displayed in

the configuration file. Disable this function before performing the following operations.

Log in to the switch through the console port or telnet and then follow these steps to recover the web

NMS login password:

1) Use the display current-configuration command to view the local username and password.

<H3C> di spl ay cur r ent - conf i gur at i on | begi n l ocal - userl ocal - user abc


ser vi ce- t ype t el net



ser vi ce- t ype t ermi nal t el net





If the switch has multiple local users, view the configuration of the telnet user configured with the

service-type telnet or service-type terminal telnet command.

2) Change the password. In this example, the password of the user admin is changed to new .


[ H3C] l ocal - user admi n

[ H3C- l user- admi n] password si mpl e new

Save the configuration. Then you can use the username admin and password new to log in to the

switch through the web NMS.

Copyright © 2007-2010 Hangzhou H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies

Co., Ltd.

The information in this document is subject to change without notice.

Documents

H3C Series Ethernet Switches Login Password Recovery Manual(V1.01)-Book