H3C Series Ethernet Switches Login Password Recovery Manual (V1.01) - Book

i
Table of Contents
1 Introduction to H3C Switch Login Passwords 1-1
Console Login Password1-1
Telnet Login Password1-2
User Level Switching Password1-3
Boot ROM Password1-4
Web NMS Login Password1-5
2 H3C Switch Login Password Recovery2-1
Console Login Password Recovery2-1
Telnet Login Password Recovery2-5
User Level Switching Password Recovery2-7
Boot ROM Password Recovery2-8
Web NMS Login Password Recovery2-9

1-1
1 Introduction to H3C Switch Login Passwords
This document describes how to recover or change login passwords for the H3C switches listed in the
table below.

Applicable products
S5820X series S5810 series S5800 series S5600 series
S5510 series S5500-EI series S5500-SI series S5120-SI series
S5120-EI series S5100-EI series S5100-SI series S3610 series
S3600-EI series S3600-SI series S3100-EI series S3100-SI series
S3100-52P

For how to recover passwords for other H3C switches, refer to the corresponding installation
manuals or contact your H3C agent.
Support for the methods of recovering passwords depends on the device model.
The application scope of this document is subject to change without notice.

Console Login Password
Console login is the most basic method to log in to a switch locally, and is also the prerequisite for other
login methods. Connect the serial port of your PC to the console port of the H3C switch, and then you
can use the terminal emulation program on your PC to configure and manage the switch.
By default, you can log in to the H3C switch locally through the console port only.
To protect the switch from unauthorized accesses through the console port, you can set a console login
username and password.
The H3C switch supports three console login authentication methods:
none: No authentication.
password: Password authentication.
scheme: Username and password authentication.

1-2

The scheme authentication method comprises local authentication and RADIUS authentication.
For details, refer to the AAA section in the corresponding operation manual.
For details about the three authentication methods, refer to the operation manual and command
manual of the specific device model.

With the password or scheme authentication method configured, the switch prompts you to enter the
login authentication information when you log in through the console port.
Login interface of the password authentication method
****************************************************************************
* Copyr i ght ( c) 2004- 2010 Hangzhou H3C Tech. Co. , Lt d. Al l r i ght s r eser ved. *
* Wi t hout t he owner ' s pr i or wr i t t en consent , *
* no decompi l i ng or r ever se- engi neer i ng shal l be al l owed. *
****************************************************************************

User i nt er f ace aux0 i s avai l abl e.

Pr ess ENTER t o get st ar t ed.

Logi n aut hent i cat i on

Passwor d:
Login interface of the scheme authentication method (with the username admin)
****************************************************************************
****************************************************************************




User name: admi n
Passwor d:
Telnet Login Password
Telnet offers a common method of remote login and management. You can telnet to a network device
from any PC or terminal that can reach the device.
H3C switches support telnet. You can remotely manage an H3C switch via telnet, and prevent
unauthorized accesses by setting the telnet username and password.
The H3C switch supports three telnet login authentication methods:
none: No authentication.
password: Password authentication.
scheme: Username and password authentication.

1-3

The scheme authentication method comprises local authentication and RADIUS authentication.
For details, refer to the AAA section in the corresponding operation manual.
For details about the three authentication methods, refer to the operation manual and command
manual of the specific device model.

With the password or scheme authentication method configured, the switch prompts you to enter the
login authentication information when you log in via telnet.
Login interface of the password authentication method
******************************************************************************
******************************************************************************


Passwor d:
Login interface of the scheme authentication method (with the username admin)
******************************************************************************
******************************************************************************


User name: admi n
Passwor d:
User Level Switching Password
You can temporarily change the current login user level with the user level switching password provided,
thus to flexibly control the privileges of the current user. The change is effective for the current login
only.
To prevent inadvertent operations, you are recommended to log in as a low-level user, and switch
to a higher user level for device maintenance.
To protect the switch configuration, you can switch to a lower user level when you have the switch
to be managed by someone else.
Local or RADIUS authentication of the scheme authentication method can be used for switching
between user levels. Thus, you must set the user level switching password in the local device or
RADIUS server.
For example, a user with the level 0 can use the following commands only:
<H3C> ?
User vi ew commands:
cl ust er Run cl ust er command

1-4
di spl ay Di spl ay cur r ent syst emi nf or mat i on
pi ng Pi ng f unct i on
qui t Exi t f r omcur r ent command vi ew
ssh2 Est abl i sh a secur e shel l cl i ent connect i on
super Set t he cur r ent user pr i or i t y l evel
t el net Est abl i sh one TELNET connect i on
t r acer t Tr ace r out e f unct i on
Use the super command and enter the password to switch the current user level to 2.
<H3C> super 2
Passwor d:
User pr i vi l ege l evel i s 2, and onl y t hose commands can be used
whose l evel i s equal or l ess t han t hi s.
Pr i vi l ege not e: 0- VI SI T, 1- MONI TOR, 2- SYSTEM, 3- MANAGE
Then you can use all commands except the management level commands.
<H3C> ?
User vi ew commands:
backup Backup next st ar t up- conf i gur at i on f i l e t o TFTP ser ver
cl ust er Run cl ust er command
debuggi ng Enabl e syst emdebuggi ng f unct i ons
di spl ay Di spl ay cur r ent syst emi nf or mat i on
f r ee Cl ear user t er mi nal i nt er f ace
mt r acer t Tr ace r out e t o mul t i cast sour ce
nt dp Run NTDP commands
pi ng Pi ng f unct i on
qui t Exi t f r omcur r ent command vi ew
r ef r esh Do sof t r eset
r eset Reset oper at i on
save Save cur r ent conf i gur at i on
scr een- l engt h Speci f y t he l i nes di spl ayed on one scr een
send Send i nf or mat i on t o ot her user t er mi nal i nt er f ace
ssh2 Est abl i sh a secur e shel l cl i ent connect i on
st ack Swi t ch st ack syst em
super Set t he cur r ent user pr i or i t y l evel
syst emvi ew Ent er t he Syst emVi ew
t el net Est abl i sh one TELNET connect i on
t er mi nal Set t he t er mi nal l i ne char act er i st i cs
t r acer t Tr ace r out e f unct i on
undo Cancel cur r ent set t i ng
<H3C>
Boot ROM Password
Boot ROM is a power-on self test (POST) program that initializes hardware and displays hardware
information. The Boot ROM menu is the interface for human-computer interactions. It provides
functions such as software loading and file management.
Press Ctrl +B when the following displays, and then you are prompted to enter the Boot ROM
password.

1-5
St ar t i ng. . . . . .

***********************************************************
* *
* H3C S5500- 28C- PWR- EI BOOTROM, Ver si on 509 *
* *
***********************************************************
Copyr i ght ( c) 2004- 2009 Hangzhou H3C Tech. Co. , Lt d.
Cr eat i on dat e : J an 9 2009, 10: 44: 09
CPU Cl ock Speed : 533MHz
BUS Cl ock Speed : 133MHz
Memor y Si ze : 256MB
Mac Addr ess : 002389294f 70

Pr ess Ct r l - B t o ent er Boot Menu. . . 1
Passwor d:
By default, there is no Boot ROM password. After the correct password is provided, the Boot ROM
menu is displayed as follows:
BOOT MENU

1. Downl oad appl i cat i on f i l e t o f l ash
2. Sel ect appl i cat i on f i l e t o boot
3. Di spl ay al l f i l es i n f l ash
4. Del et e f i l e f r omf l ash
5. Modi f y boot r ompasswor d
6. Ent er boot r omupgr ade menu
7. Ski p cur r ent conf i gur at i on f i l e
8. Set boot r ompasswor d r ecover y
9. Set swi t ch st ar t up mode
0. Reboot

Ent er your choi ce( 0- 9) :
You can select 5 to set the Boot ROM password.
Web NMS Login Password
The H3C switch has a built-in Web server. It enables you to log in to the switch from a web network
management system (NMS) terminal (PC) to manage and maintain the switch through the web
interface.
To control accesses to the switch, you are recommended to configure a login username and password.
Figure 1-1 shows the web NMS login page.

1-6
Figure 1-1 Web NMS login page

The web NMS login page varies with the device model.

2-1
2 H3C Switch Login Password Recovery
Console Login Password Recovery

The password recovery method described in this section applies to the password authentication
method and local authentication of the scheme authentication method. In RADIUS authentication
of the scheme authentication method, login passwords are configured on the RADIUS server. If
you fail to log in to the RADIUS server due to password loss or RADIUS server failure, you are
recommended to contact the administrator to obtain a new login password.
If the switch is enabled with the password control function, the console login password is not
displayed in the configuration file. Disable this function before performing the following operations.

If the console login password is lost, you can select Skip current configuration file in the Boot ROM
menu to recover the password. To do that, follow these steps:
1) Use a configuration cable to connect the serial port of your PC to the console port of the H3C switch,
and then you can display the login interface through the terminal emulation program. Table 2-1
shows the default settings of the console port.
Table 2-1 Default setting of the console port
Item Default setting
Baud rate 9600 bps
Flow control None
Parity None
Stop bits 1
Data bits 8

2) Restart the switch.
3) When the following output appears, press Ctrl +B and enter the Boot ROM password as prompted
to enter the Boot ROM menu.
St ar t i ng. . . . . .

***********************************************************
* *
* H3C S5500- 28C- PWR- EI BOOTROM, Ver si on 509 *
* *
***********************************************************
Cr eat i on dat e : J an 9 2009, 10: 44: 09

2-2
Mac Addr ess : 002389294f 70

Pr ess Ct r l - B t o ent er Boot Menu. . . 1
Passwor d:

By default, the H3C switch does not have a Boot ROM password. If you have lost your Boot ROM
password, recover the password as described in Boot ROM Password Recovery.

4) Select 7 in the Boot ROM menu and type y to confirm your operation.
BOOT MENU

0. Reboot

Ent er your choi ce( 0- 9) : 7
The cur r ent set t i ng i s r unni ng conf i gur at i on f i l e when r eboot .
Ar e you sur e t o ski p cur r ent conf i gur at i on f i l e when r eboot ? Yes or No( Y/ N) y
Set t i ng. . . . . . done!
5) When you return to the Boot ROM menu, select 0 to restart the switch.
BOOT MENU

0. Reboot

^@Syst emr eboot i ng. . .
6) The switch skips the configuration file at the next startup and allows you to log in without providing
the password.

2-3
****************************************************************************
****************************************************************************

Conf i gur at i on f i l e i s ski pped.

<H3C>
7) At the command line interface (CLI), use the display startup command to view the startup
configuration file, and use the more command to view the console login password in the
configuration file.
<H3C> di spl ay st ar t up
Cur r ent st ar t up saved- conf i gur at i on f i l e: NULL
Next st ar t up saved- conf i gur at i on f i l e: f l ash: / st ar t up. cf g
<H3C> mor e st ar t up. cf g
If the password authentication method is used, pay attention to the console login password
configuration commands, which are gray highlighted.
The password is displayed in plain text:
#
user - i nt er f ace aux 0
aut hent i cat i on- mode passwor d
set aut hent i cat i on passwor d si mpl e t est
The password is displayed in cipher text:
#
aut hent i cat i on- mode passwor d
set aut hent i cat i on passwor d ci pher . ] @USE=B, 53Q=^Q`MAF4<1! !

A plain text password is directly displayed in the set authentication password simple command, and
you can use or change it. A cipher text password is converted into cipher text characters, and you are
recommended to change it.

If the scheme authentication method is used, pay attention to the local username and password
configuration commands, which are gray highlighted. The username is admin in this example.
#
l ocal - user admi n
passwor d si mpl e 123
ser vi ce- t ype t er mi nal
#

2-4
passwor d ci pher 7- CZB#/ YX] KQ=^Q`MAF4<1! !
ser vi ce- t ype t er mi nal

If the switch has multiple local users, view the configuration of the terminal user configured with the
service-type terminal command.
A plain text password is directly displayed in the password simple command, and you can use or
change it. A cipher text password is converted into cipher text characters, and you are

8) Use the copy command to back up the configuration file. In this example, the backup file is named
startup_bak.cfg.
<H3C> copy st ar t up. cf g st ar t up_bak. cf g
Copy f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g?[ Y/ N] : y
. . . . . . .
%Copy f i l e f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g. . . Done.
9) You can use File Transfer Protocol (FTP) or Trivial File Transfer Protocol(TFTP) to transfer the
configuration file to your PC, and edit the file in the text editor software such as Windows Notepad
and WordPad by using any of the following methods:
Change the keyword of the authentication-mode command to none.
Change keyword cipher of the set authentication password command to simple, and type a
new password (for the password authentication method).
Change keyword cipher of the password command to simple, and type a new password (for the
scheme authentication method).

The none authentication method is for temporary login only. To ensure device security, change the
authentication method as soon as possible.

10) Upload the configuration file to the switch to replace the existing configuration file. Then the switch
uses the new configuration file at the next startup, and allows you to log in with the new password.
Meanwhile, other configurations are retained.

2-5
Telnet Login Password Recovery

The password recovery method described in this section applies to the password authentication
method and local authentication of the scheme authentication method. In RADIUS authentication
of the scheme authentication method, login passwords are configured on the RADIUS server. If
you fail to log in to the RADIUS server due to password loss or RADIUS server failure, you are
recommended to contact the administrator to obtain a new login password.
If the switch is enabled with the password control function, the telnet login password is not

If the telnet login password is lost, you can log in to the console through the console port to display and
change the telnet login password.
1) Use a configuration cable to connect the serial port of your PC to the console port of the H3C switch,
configure the terminal emulation program, and log in to the console. For the settings of the terminal
emulation program, refer to Table 2-1.
2) Use the display current-configuration command to view the telnet authentication configuration.
If the password authentication method is used, pay attention to the telnet password configuration
command, which is gray highlighted.
<H3C> di spl ay cur r ent - conf i gur at i on | begi n user - i nt er f ace
set aut hent i cat i on passwor d si mpl e t est
user - i nt er f ace vt y 0 4
user pr i vi l ege l evel 3
set aut hent i cat i on passwor d si mpl e h3c
i dl e- t i meout 0 0
#

With the | begin user-interface parameter specified, the display current-configuration
command displays the line that matches the user-interface character string and all the
subsequent lines. This parameter helps you quickly locate the user interface configuration in the
configuration file. For detailed information about the regular expression in display commands, refer
to the operation manuals of the switches.
If the configuration file contains no authentication-mode information, the authentication method is
password, which is the default authentication method of the telnet (VTY) user interface.
For a plain text password, you can use or change it. For a cipher text password, you are

2-6
If the scheme authentication method is used, pay attention to the telnet password configuration
commands, which are gray highlighted.
<H3C> di spl ay cur r ent - conf i gur at i on | begi n l ocal - user
l ocal - user abc
ser vi ce- t ype t el net
ser vi ce- t ype t el net t er mi nal

If the switch has multiple local users, view the configuration of the telnet user configured with the
service-type telnet or service-type telnet terminal command.

3) Change the authentication method and password.
If the password is displayed in plain text, you can telnet to the device by entering the password (for
the password authentication method) or username and password (for the scheme authentication
method).
If you want to change the telnet login authentication method, use the authentication-mode
command in user view. For example, change the telnet authentication method to none as follows:
<H3C> syst emvi ew
[ H3C] user - i nt er f ace vt y 0 4
[ H3C- ui - vt y0- 4] aut hent i cat i on- mode none
If you want to change the login password for the password authentication method, use the set
authentication password command to change the password. For example, change the password
to new as follows:
[ H3C] user - i nt er f ace vt y 0 4
[ H3C- ui - vt y0- 4] set aut hent i cat i on passwor d si mpl e new
If you want to change the login password of a user in the scheme authentication method, use the
password command in the user view. For example, change the password of the user admin to
new as follows:
[ H3C] l ocal - user admi n
[ H3C- l user - admi n] passwor d si mpl e new
When the preceding configuration is complete, you can use the new password and authentication
method for the next telnet login.

2-7

The none authentication method is for temporary login only. To ensure device security, change the
authentication method as soon as possible.
After the preceding configuration is complete, save the configuration with the save command.
Otherwise, the switch may require you to use the former password and authentication method for
login.

User Level Switching Password Recovery

If the switch is enabled with the password control function, the user level switching password is not

1) The configuration procedure is similar to that of recovering the console login password. Configure
the device to skip the configuration file at startup. For detailed procedure, refer to Console Login
Password Recovery.
2) After the configuration file is skipped, view the user level switching configuration in the startup
configuration file.
If local authentication is used for switching between user levels, pay attention to the commands for
setting the user level switching password.
#
super passwor d l evel 2 si mpl e 123
super passwor d l evel 3 si mpl e 123
#
super passwor d l evel 2 ci pher 7- CZB#/ YX] KQ=^Q`MAF4<1! !
super passwor d l evel 3 ci pher AN$TBB7' VF3Q=^Q`MAF4<1! !

A plain text password is directly displayed the super password command, and you can use or change
it. A cipher text password is converted into cipher text characters, and you are recommended to change
it.

If the scheme authentication method is used, you are recommended to contact the RADIUS server
administrator to obtain a new login password.

2-8
3) Use the copy command to back up the configuration file. In this example, the backup file is named
startup_bak.cfg.
<H3C> copy st ar t up. cf g st ar t up_bak. cf g
Copy f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g?[ Y/ N] : y
%Copy f i l e f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g. . . Done.

4) You can use FTP or TFTP to transfer the configuration file to your PC, and edit the file in the text
editor software such as Windows Notepad and WordPad by using any of the following methods:
Change keyword cipher of the password command to simple, and type a new password (for the
password authentication method).
Delete the super authentication-mode scheme command to set local authentication for user
level switching, and set a new password with the super password command (for the scheme
authentication method, not recommended).
5) Upload the configuration file to the switch to replace the existing configuration file. Then the switch
uses the new configuration file at the next startup, and allows you to switch between user levels
with the new password. Meanwhile, other configurations are retained.
Boot ROM Password Recovery

Before performing the following operations, make sure that the Boot ROM password recovery function
is enabled (default status). If you have disabled this function by selecting 8 in the Boot ROM menu,
contact your H3C agent for password recovery.

Follow these steps to recover the Boot ROM password:
1) Use any of the following methods to obtain the MAC address of the switch:
Use the display device manuinfo command.
<H3C> di spl ay devi ce manui nf o
DEVI CE_NAME : S5500- 28C- PWR- EI
DEVI CE_SERI AL_NUMBER : 210235A254H096000016
MAC_ADDRESS : 0023- 8929- 4F70
MANUFACTURI NG_DATE : 2009- 10- 07
VENDOR_NAME : H3C
Reboot the switch and view its MAC address in the POST information.
***********************************************************
* *
* H3C S5500- 28C- EI BOOTROM, Ver si on 510 *
* *
***********************************************************
Cr eat i on dat e : May 18 2009, 17: 01: 57
Mac Addr ess : 002389294F70
Check the MAC address label on the chassis.

2-9
2) Contact the H3C customer service staff and provide the MAC address. Then you can obtain a Boot
ROM super password.
3) Use this password to enter the Boot ROM menu, select 5 in the menu, and change the Boot ROM
password.
BOOT MENU

0. Reboot


Ol d passwor d: ******(Type the super password.)
New passwor d: ******
Conf i r mpasswor d: ******
Cur r ent passwor d has been changed successf ul l y!
Web NMS Login Password Recovery

If the switch is enabled with the password control function, the local user password is not displayed in
the configuration file. Disable this function before performing the following operations.

Log in to the switch through the console port or telnet and then follow these steps to recover the web
NMS login password:
1) Use the display current-configuration command to view the local username and password.
<H3C> di spl ay cur r ent - conf i gur at i on | begi n l ocal - user
l ocal - user abc
ser vi ce- t ype t el net
ser vi ce- t ype t er mi nal t el net

2-10

If the switch has multiple local users, view the configuration of the telnet user configured with the
service-type telnet or service-type terminal telnet command.

2) Change the password. In this example, the password of the user admin is changed to new.
[ H3C] l ocal - user admi n
[ H3C- l user - admi n] passwor d si mpl e new
Save the configuration. Then you can use the username admin and password new to log in to the
switch through the web NMS.

Copyright 2007-2010 Hangzhou H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies
Co., Ltd.
The information in this document is subject to change without notice.

H3C Series Ethernet Switches Login Password Recovery Manual (V1.01) - Book

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

H3C Series Ethernet Switches Login Password Recovery Manual (V1.01) - Book

Transféré par

Droits d'auteur :

Formats disponibles

i

%Copy f i l e f l ash: / st ar t up. cf g t o f l ash: / st ar t up_bak. cf g. . . Done.

Vous aimerez peut-être aussi