Need help? Send Email To Us leo.zhao@ccitel.com

How to restore the console port password on huawei switch

This document describes how to restore the console port passwords for the huawei switch. It is applicable to Huawei S1700, S2700, S37000, and S5700 switches.

Restore the password of the console port

The device provides the following methods to restore the password of the console port.

  • Method 1: Log in to the device through STelnet or Telnet to change the password of the console port.
  • Method 2: After the password of the console port is cleared in the BootROM, change the password of the console port.
  • Method 3: Unset the next startup configuration file in the BootROM menu. After the device starts up in an empty configuration, change the password of the console port.

Description:

1, please use method one first. If the STelnet/Telnet password is forgotten, use the other two methods. There is a security risk in the Telnet protocol. You are recommended to log in to the device using STelnet V2.

2. Method 2 is preferred when Method 1 is not available.

3, S1720GFR, S2720, S2750, S5700LI, S5700S-LI, S5720S-12TP-PWR-LI-AC, and S5700S-28P-PWR-LI-AC are BootROM menus, S5710-X-LI, S5700S-28X- The LI-AC, S5700S-52X-LI-AC, S5720SI, S5720S-SI, S5720EI, S5720HI, S5720LI, S5720S-LI, S6720EI, and S6720S-EI are BootLoad menus.

4. The following devices are displayed only as examples. Different devices and different versions may display slightly different echoes. Please refer to the actual display of the device.

 

Log in to the device through STelnet or Telnet to change the password of the console port.

The following command line and the command output are used to change the password of the console port.
If you have the STelnet account and have the rights of Level 3 or higher, you can use the STelnet to log in to the device and change the password of the console port. Then save the configuration.

1. Log in to the device using the STelnet account and confirm that the current account has Level 3 or higher.
Use the display users command to view all login users of the current device. The current user is marked with a "+" mark, and the corresponding number VTY1 is recorded.

<HUAWEI> display users
  User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
  129 VTY 0   00:23:36  TEL    10.135.18.67          ;     pass           no           Username  ;: Unspecified+ 130 VTY 1   01:20:36  TEL    10.135.18.91        ;       pass           no        ; Username : Unspecified

  131 VTY 2   00:00:00  TEL    10.135.18.54          ;     pass           no           Username  ;: Unspecified

Use the display user-interface command to display the permissions of all users. The level of the corresponding VTY1 is 15.

<HUAWEI> display user-interface
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int
  0    CON 0    9600       -     15   ;  -           P     -
+ 129  VTY 0               -         15    15          P     -
+ 130  VTY 1               -         15    15          P     -
+ 131  VTY 2               -   &      15    -           P     -
  132  VTY 3               -         ;15    15          P     -
......

2. Change the password of the console user to the password authentication. The password is huawei@123.

<HUAWEI> system-view[HUAWEI] user-interface console 0[HUAWEI-ui-console0] authentication-mode  ;password[HUAWEI-ui-console0] set authentication password cipher huawei@123[HUAWEI-ui-console0] return

3. To prevent configuration loss after reboot, save the configuration.

<HUAWEI> saveThe current configuration will be written to the device.
Are you sure to continue?[Y/N]yNow saving the current configuration to the slot 0.
Save the configuration successfully.

 

After clearing the console port password in BootROM, change the console port password

The BootROM of the device provides the function of clearing the password of the console port. You can skip the password check when you log in using the console port. In this way, except for the normal startup, all configuration loads will be completed except that the console password is not required. After the device is started, re-configure the authentication mode and the console port password, and then save the configuration.

Note:

  • If you need to restart the device to enter the BootROM menu, the service will be interrupted. Please backup the device as appropriate and try to select a less time operation.
  • Clear the password of the console port. Please log in to the new password immediately.
  • Do not power off the device during this operation.

1. Connect the device with a serial cable and restart. When "Press Ctrl+B to enter BootROM menu..." (V200R002 and V200R003 versions) or "Press Ctrl+B or Ctrl+E to enter BootROM menu ..." (V200R005 and later versions) print information Press Ctrl+B or Ctrl+E and type the password (Admin@huawei.com is the default. The previous version of V100R006C03 is huawei). The BootROM main menu is displayed.

2. Clear the login password of the console port.

          BootROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BootROM password   //V200R006 and previous versions: Modify BootROM password V200R007 and later: Enter password submenu
    7. Clear password for console user
    8. Reboot
    (Press Ctrl+E to enter diag menu) 

Enter your choice(1-8): 7Note: Clear password for console user? Yes or No(Y/N): yClear password for console  User successfully. Choose "1" to boot, then set a new password.
Note: Do not choose "8. Reboot" or power off the device, otherwise this operation will not take effect.

3. According to the device's prompt, select "1" to start the device under the BootROM main menu.

4. After the system is started, you do not need to perform authentication when you log in through the console port. After you log in to the console port, you can change the password to password authentication and change the password to huawei@123.

<HUAWEI> system-view[HUAWEI] user-interface console 0[HUAWEI-ui-console0] authentication-mode  ;password[HUAWEI-ui-console0] set authentication password cipher huawei@123[HUAWEI-ui-console0] return

5. To prevent configuration loss after reboot, save the configuration.

<HUAWEI> saveThe current configuration will be written to the device.
Are you sure to continue?[Y/N]yNow saving the current configuration to the slot 0.
Save the configuration successfully.

 

Unset the next startup configuration file in the BootROM menu, and modify the console port password after the device starts with an empty configuration

Unset the next startup configuration file under BootROM and the device will start up in an empty configuration (factory configuration). After the startup, export the original configuration file and manually modify the configuration of the console port login. You can re-upload the modified configuration file to the device and configure the device to start with the modified configuration file. You do not need to enter the console port login password for the device after the restart. (For example, the password authentication is configured on the console port. The other authentication methods are based on the actual device.)

Note:

  • To enter the BootROM menu, you need to restart the device, which will cause business interruption. Please backup the device as appropriate and try to choose less time. operating.
  • Do not power off the device during this operation.
  • V200R010 and later versions of the console port are AAA-authenticated by default. If the configuration mode is not changed after the configuration is started, the device after the device is deleted and the authentication mode is deleted. The device after the restart needs to enter the default user name admin and The password is admin@huawei.com. In this case, the actual display is subject to the actual display.

1. Connect the device with a serial cable and reboot. When "Press Ctrl+B to enter BootROM menu... (V200R002 and V200R003) or Press Ctrl+B or Ctrl+E to enter BootROM menu ..."(V200R005 and later)When printing information, press "Ctrl+B" or "Ctrl+E" and type the password (default is "Admin@huawei.com",V100R006C03The previous version may be "huawei") and enter BootROM main menu.

2. Clear the boot configuration file to have the device boot in an empty configuration.

Description:

Note the current configuration file name of the device to restore the original configuration.

          BootROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BootROM password   //V200R006 and previous versions: Modify BootROM password V200R007 and later: Enter password submenu
    7. Clear password for console user
    8. Reboot
    (Press Ctrl+E to enter diag menu) 

Enter your choice(1-8): 3

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu


Enter your choice(1-3): 2Note: startup file field can not be cleared
'.'=clear field; 'Ctrl+D'=quit; Enter=use current configuration

Startup type(1: Flash)
  current: 1
  new    :

Flash startup file (can not be cleared)
  current: HUAWEI-v200r008c00.cc
  new    :

Saved-configuration file
  current: vrpcfg.zip
  new    : .          //Clear the current value patch package
  current:
  new    :

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 3

3. Select "1" to start the device under the BootROM main menu.

4. After the system is booted, the device will be restored to the factory configuration. When the V200R009 and the previous version are logged in through the console port, you are prompted to set the password of the console port. The password is huawei@123.

An initial password is required for the first login via the console.
Continue to set it? [Y/N]:ySet a password and keep it safe. Otherwise you will not be able to login via  The console.

Please configure the login password (8-16)
Enter Password:     //Enter huawei@123Confirm Password:     //Enter huawei@123

again

When the V200R010 and later versions are logged in through the console port, you are prompted to enter the default user name and password for the console port. You will be prompted to change the password. The password is huawei@123.

Login authentication                 ;                          ;                   
                                                                                                                                                  
                                                                                                                                            
Username:admin                                                                                         Password:     //Enter admin @huawei.com                         ;                          ;                      Warning: The  ;default password poses security risks.   &n Bsp;                          
The password needs to be changed. Change now? [Y/N]: y                           Please enter old password:     // Enter admin@huawei.com                        ;                          ;      Please enter new password:     //Enter huawei@123                                                              &nb Sp;              Please confirm new password:     // Enter huawei@123                                                                           The password has been changed successfully.

5. Restore the original configuration. The current device is the default factory configuration. If you want to restore the original configuration of the device and do not want to keep the configuration of the console password in the original configuration file, you can download the original configuration file to the PC, manually delete the configuration of the console, upload it to the device, and specify it as Start the file next time and restart the device.

a. Configure the device as an FTP server.

<HUAWEI> system-view[HUAWEI] ftp server enableInfo: The FTP server is already enabled [HUAWEI] vlan 10[HUAWEI-vlan10]  interface vlanif 10   //Configure VLANIF10 as the management interface. [HUAWEI-Vlanif10] ip address 10.110.24.254 24[HUAWEI-Vlanif10] quit[HUAWEI] interface gigabitethernet 0/0/10   //GE0/0/ 10 is the physical interface number of the PC connected to the Switch using the Web system and the Switch. [HUAWEI-GigabitEthernet0/0/10] port link-type access[HUAWEI-GigabitEthernet0/0/10] port default vlan 10[HUAWEI-GigabitEthernet0/0/10] quit[HUAWEI ] aaa[HUAWEI-aaa] local-user huawei password irreversible-cipher huawei@123[HUAWEI-aaa] local-user huawei ftp-directory flash:[HUAWEI-aaa]  local-user huawei service-type ftp[HUAWEI-aaa] local-user huawei privilege level 15

b. Download the original configuration file vrpcfg.zip to your PC.

C:\Documents and Setting\Administrator> ftp 10.110.24.254 is connected to  10.110.24.254.
220 FTP service ready.
User (10.110.24.254:(none)): huawei331 Password required for huawei.
password:
230 User logged in.
Ftp> get vrpcfg.zip200 Port command okay.
150 Opening ASCII mode data connection for directory list.
226 Transfer complete.
Ftp: received 981 bytes, when used 0.01 seconds 981000.00 kilobytes/second.

c. After decompressing on the PC, use the text editing tool (recommended to use the system's own text editing tool) to open and delete the console port authentication configuration, and then re-compress it into vrpcfg .zip file. The configuration to be deleted is as follows:

#
User-interface maximum-vty 15
User-interface con 0 authentication-mode password         //requires manual deletion
 set authentication password cipher %@%@:*IB+w7j~""GlU$0-;\#m@Jw%@%@      / / need to manually delete #
User-interface con 0 authentication-mode aaa     //requires manual deletion
 user privilege level 15     //Remove manually

6. After saving the modified configuration file, upload it to the device and replace the original configuration file.

ftp> put vrpcfg.zip200 Port command okay.
150 Opening ASCII mode data connection for directory list.
226 Transfer complete.
Ftp: Send 981 bytes, when used 0.00Seconds 978000.00 kilobytes/second.

7. Set the modified configuration file to start the configuration file for the next time, and choose to restart the device without saving the configuration.

<HUAWEI> startup saved-configuration vrpcfg.zipInfo: Succeeded in setting the configuration for booting system .
<HUAWEI> reboot fastSystem will reboot! Continue ? [y/n]:y

8. After rebooting, it will remind you to set the console login password again, enter a password that is safe and convenient for you to remember, and press Enter to enter the command line interface.

Related FAQ

What are the characteristics of low jitter differential oscillator used in network optical switch?

What are the characteristics of low jitter differential oscillator used in network optical switch?

Optical module of HUAWEI ET1BS12712S0 switch

Optical module of HUAWEI ET1BS12712S0 switch

HUAWEI MA5800 Series Frequently Asked Questions

HUAWEI MA5800 Series Frequently Asked Questions