Login Password Recovery

H3C Series Ethernet Switches Table of Contents

Table of Contents

Chapter 1 Login Password Overview .......................................................................................... 1-1

1.1 Console Port Login Password ........................................................................................... 1-1
1.2 Telnet Login Password ...................................................................................................... 1-2

Chapter 2 Login Password Recovery.......................................................................................... 2-1

2.1 Console Port Login Password Recovery ........................................................................... 2-1
2.2 Telnet Login Password Recovery ...................................................................................... 2-4

i
Login Password Recovery
H3C Series Ethernet Switches Chapter 1 Login Password Overview

Chapter 1 Login Password Overview

Note:
The login password recovery methods introduced in this chapter are applicable to the
following H3C series switches:
z S3100
z S3100-52P
z S3600
z S3610
z S5100
z S5500
z S5510
z S5600
For password recovery methods of other models of H3C switches, refer to their
installation manuals or contact H3C agents.

1.1 Console Port Login Password

To log in through the Console port is the most common way to log into a switch. It is also
the prerequisite to configure other login methods. After connecting the serial port of a
PC to the Console port of a Switch using a configuration cable, you can configure and
manage the switch on the PC through a terminal emulator. Normally, you can only log
into an H3C Ethernet switch through its Console port.
To prevent unauthorized users from logging into a switch through the Console port, you
can set the login password for the Console port.
Following three authentication modes are available for users logging into H3C Ethernet
switches through the Console ports.
z None
z Password
z Scheme

Note:
For information about the authentication modes listed above, refer to the operation
manual and command manual of your products.

1-1
Login Password Recovery
H3C Series Ethernet Switches Chapter 1 Login Password Overview

With the login password for the Console port configured, the following information
appears when a user attempts to log into a switch through the Console port.
**************************************************************************
* Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************

User interface aux0 is available.

Press ENTER to get started.

Login authentication

Password:

1.2 Telnet Login Password

Telnet is a common way to log into/manage a device. Through Telnet, you can log
into/manage any device if the IP address of the device and the Login password for
Telnet are available.
You can Telnet to an H3C Ethernet switch. You can also set the login password for
Telnet to prevent unauthorized users from logging into an H3C Ethernet switch.
Following three authentication modes are available for users logging into H3C Ethernet
switches through Telnet.
z None
z Password
z Scheme

Note:
For information about the authentication modes listed above, refer to the operation
manual and command manual of your products.

With the login password for Telnet configured, the following information appears when a
user attempts to log into a switch through Telnet.
**************************************************************************

1-2
Login Password Recovery
H3C Series Ethernet Switches Chapter 1 Login Password Overview

* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************

Login authentication

Password:

1-3
Login Password Recovery
H3C Series Ethernet Switches Chapter 2 Login Password Recovery

Chapter 2 Login Password Recovery

2.1 Console Port Login Password Recovery

If the login password for the Console port gets lost, you can fetch it by selecting the
Skip current configuration file item form the BOOT menu, as described below.
1) Connect the serial port of the PC to the Console port of the switch using a
configuration cable, configure the terminal emulator according to the current
configuration, and then restart the switch.
2) When the following information appears, press <Ctrl + B> to enter the BOOT
menu.
Board checking.......................................LSA1LTSG
SDRAM fast selftest.......................................OK!
Flash fast selftest.......................................OK!
CPLD selftest.............................................OK!
Switch chip selftest......................................OK!
Slot 1/1/1 has no module or get slot type error
Slot 1/1/2 has no module or get slot type error
Slot 1/1/3 has no module or get slot type error
Slot 1/1/4 has no module or get slot type error
PHY selftest..............................................OK!
Please check port leds..............................finished!

The switch Mac is: 000f-e200-3900

Press Ctrl-B to enter Boot Menu... 5

password:

Note:
By default, entering the BOOT menu requires no password. If the system prompts for
the password and the password gets lost, contact the dealer.

3) Press 7 in the BOOT menu to select the Skip current configuration file item.
BOOT MENU

1. Download application file to flash

2-1
Login Password Recovery
H3C Series Ethernet Switches Chapter 2 Login Password Recovery

2. Select application file to boot

3. Display all files in flash
4. Delete file from flash
5. Modify bootrom password
6. Enter bootrom upgrade menu
7. Skip current configuration file
8. Set bootrom password recovery
9. Set switch startup mode
0. Reboot

Enter your choice(0-9): 7

The current setting is running configuration file when reboot.
Are you sure to skip current configuration file when reboot? Yes or No(Y/N)
y
Setting......done!
4) After returning to the BOOT menu, press 0 to restart the switch.
BOOT MENU

1. Download application file to flash

2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Modify bootrom password
6. Enter bootrom upgrade menu
7. Skip current configuration file
8. Set bootrom password recovery
9. Set switch startup mode
0. Reboot

Enter your choice(0-9): 0

^@System rebooting...
5) After the switch the second time, the configuration file as well as the login
password for the Console port will be skipped, and you can log into the switch
without providing the password.
**************************************************************************
* Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************

Configuration file is skipped.

2-2
Login Password Recovery
H3C Series Ethernet Switches Chapter 2 Login Password Recovery

User interface aux0 is available.

Press ENTER to get started.

<H3C>
6) After logging into the switch, you can check the content of the configuration file by
using the display startup command and use the more command to fetch the
login password for the Console port in the configuration file.
<H3C> display startup
Current startup saved-configuration file: NULL
Next startup saved-configuration file: flash:/vrpcfg.cfg
<H3C> more vrpcfg.cfg
……
#
user-interface aux 0
authentication-mode password
set authentication password simple test
user-interface vty 0 4
authentication-mode none
user privilege level 3
idle-timeout 0 0
#
return
<H3C>

Note:
If the password is set in plain text, it is displayed as is in the configuration file. If the
password is set in cipher text, you need to convert it to the plain text form.

7) You can also transfer the configuration file to a PC using FTP or TFTP, change the
authentication password or the authentication mode setting of the configuration
file to None in a text editor (such as wordpad or notepad in Windows series
operating systems), save the configuration file, and then upload the configuration
file to the switch. When the switch reboots, the modified configuration file will be
used. You can set a new password for the Console port without affecting other
configurations.

2-3
Login Password Recovery
H3C Series Ethernet Switches Chapter 2 Login Password Recovery

Note:
The above mentioned method takes effect if the Password mode or the Scheme mode
is set to local. If the Scheme mode is set to Radius, the password is set on the Radius
server. In this case, a user cannot log into a switch if the login password gets lost or the
Radius server is unavailable. You can solve this problem by changing the
Authentication mode setting in the configuration file to None (as described above). But
for the password, you need to fetch it on the Radius server.

8) Note that if you perform the operation described in step 3, that is, select the Skip
current configuration file item in the BOOT menu and press y, the setting will be
stored in the BootROM, which means the configuration file will be skipped when
the device starts the next time. To validate the configuration file again, you need to
restart the device manually, select the Skip current configuration file item in the
BOOT menu, and then press n when prompted by the message Are you sure to
skip current configuration file when reboot? Yes or No(Y/N), as shown below.
BOOT MENU

1. Download application file to flash

2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Modify bootrom password
6. Enter bootrom upgrade menu
7. Skip current configuration file
8. Set bootrom password recovery
9. Set switch startup mode
0. Reboot

Enter your choice(0-9): 7

The current setting is running configuration file when reboot.
Are you sure to skip current configuration file when reboot? Yes or No(Y/N)
n
Setting......done!

2.2 Telnet Login Password Recovery

If the login password for Telnet gets lost, you can log into the switch through the
Console port and then check or modify the password, as described below.
1) Connect the serial port of the PC to the Console port of the switch using a
configuration cable, configure the terminal emulator according to the current
configuration, and then log into the switch through the Console port.

2-4
Login Password Recovery
H3C Series Ethernet Switches Chapter 2 Login Password Recovery

2) Check the configuration file for the user interface authentication setting by using
the display current-configuration command.
<H3C> display current-configuration | begin user-interface
user-interface aux 0
set authentication password simple test
user-interface vty 0 4
user privilege level 3
set authentication password simple h3c
idle-timeout 0 0
#

Note:
z | begin user-interface in the display current-configuration command specifies a
regular expression. It displays the content of the configuration file from the first line
beginning with the string user-interface, it helps to locate the user interface-related
settings in the configuration file quickly. Refer to the corresponding operation
manual for information about the use of regular expression.
z If the configuration file does not contain the Authentication-mode setting, the
current authentication mode of user interface is password, the default.

3) Modify the authentication mode and the password through CLI.

In the above example, the output information of the display current-configuration
command indicates that the authentication mode is password, the password is h3c.
z To use the existing password for logging in, you can terminate the current session,
log in through Telnet, and enter h3c when the system prompts for the password.
z To use another password, you can execute the set authentication password
command in user view, as shown below.
<H3C> system-view
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] set authentication password simple new
z To change the Telnet authentication mode, you can execute the
authentication-mode command in user view. The following changes the Telnet
authentication mode to none.
<H3C> system-view
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode none

After the above configuration, the new settings take effect when a user logs in through
Telnet.

2-5
Login Password Recovery
H3C Series Ethernet Switches Chapter 2 Login Password Recovery

Note:
Save your modifications timely using the save command to make sure they can take
effect when the switch starts the next time.

2-6