在企业网络运维管理中,Console 口 是网络设备(如华三交换机)最核心的本地管理通道,也是远程登录失效、系统异常时的最后运维生命线 。为保障设备本地访问安全,生产环境通常会为 Console 口配置严格的认证密码。但在实际运维过程中,常因人员交接密码未同步、长期未登录导致密码遗忘、配置变更后密码记录丢失等情况,造成无法通过 Console 口登录设备,直接阻断本地管理路径。
当远程管理(SSH/Telnet)因网络故障、配置错误不可用时,Console 口密码锁定将导致设备完全无法运维,严重影响故障排查、配置恢复与业务恢复效率。因此,掌握华三交换机Console 口密码清除与重置方法,是快速解除设备登录锁定、恢复本地管理权限、保障网络运维连续性的关键技能,对提升故障应急响应能力、降低运维风险具有重要意义。
步骤 1 进入bootroom菜单清除Consle密码。通过conlse线和Secure CRT软件连接并登录设备,然后断电重启设备。在配置终端的屏幕上显示如下信息,当出现**"press Ctrl+B"** 的时候快速按住**"Ctrl+B"**进入botroom菜单。
System is starting...
Press Ctrl+D to access BASIC-BOOTWARE MENU
Booting Normal Extend BootWare
The Extend BootWare is self-decompressing.......................Done!
BootWare Validating...
Press Ctrl+B to enter extended boot menu...
BotWare password: Not required. Please press Enter to continue.
Password recovery capability is enabled.
Note: The current operating device is flash
Enter < Storage Device Operation > to select device.
步骤 2进入bootroom主菜单,查看是否使能密码恢复功能。
Password recovery capability is enabled. //enabled使能密码恢复功能。
Note: The current operating device is flash
Enter < Storage Device Operation > to select device.
=====================<EXTENDBOOTWARE MENU>=================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu
|<4> File Control |
|<5> Restore to Factory Default Configuration //恢复到出厂默认配置
|<6> Skip Current System Configuration //跳过当前系统配置启动
|<7> BootWare Operation Menu |
|<8> Clear Super Password |
|<9> Storage Device Operation |
|<0> Reboot //重启设备
=============================================================
Ctrl+Z: Access EXTEND-ASSISTANT MENU
Ctrl+F: Format File System
Enter your choice(0-9):
Flag Set Success.
步骤 3 进入bootroom主菜单,然后选择"<6> Skip Current System Configuration"跳过当前系统配置启动,此时设备不会删除上次启动时加载的配置文件,不同设备可能不是数字6。
有部分系列交换机型号可以使用如下方法清除console口密码:
- 重启设备进入BootWare主菜单,选择<6>,即以忽略系统当前配置的方式启动,此时设备不会删除上次启动时加载的配置文件。
Password recovery capability is enabled.
Note: The current operating device is flash
Enter < Storage Device Operation > to select device.
=======================<EXTENDED-BOOTWARE MENU>=============
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format File System
Ctrl+C: Display Copyright
Enter your choice(0-9): 6
- 系统出现如下提示表明已经设置成功。
Flag Set Success.
当再次出现BootWare主菜单时,选择<1>,设备开始启动。
重启设备后,设备的配置为空,用户可以在系统视图下配置回滚恢复原有配置,如下配置表示将当前配置回滚到配置文件startup.cfg中的配置状态。如果用户不想恢复原有配置,请跳过此步骤。
<Sysname> system-view
Sysname configuration replace file flash:/startup.cfg
Current configuration will be lost, save current configuration? Y/N:n
Now replacing the current configuration. Please wait ...
Succeeded in replacing current configuration with the file flash:/startup.cfg.
- 在系统视图下设置新的Console口的登录认证模式和密码,例如:设置Console口验证方式为密码验证,且以明文方式设置Console口的密码为123456。
<Sysname> system-view
Sysname line console 0
Sysname-line-console0 authentication-mode password
Sysname-line-console0 set authentication password simple 123456
- 保存新配置。
Sysname-line-console0 save
Password recovery capability is enabled. //enabled使能密码恢复功能。
Note: The current operating device is flash
Enter < Storage Device Operation > to select device.
=====================<EXTENDBOOTWARE MENU>=================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu
|<4> File Control |
|<5> Restore to Factory Default Configuration //恢复到出厂默认配置
|<6> Skip Current System Configuration //跳过当前系统配置启动
|<7> BootWare Operation Menu |
|<8> Clear Super Password |
|<9> Storage Device Operation |
|<0> Reboot //重启设备
=============================================================
Ctrl+Z: Access EXTEND-ASSISTANT MENU
Ctrl+F: Format File System
Enter your choice(0-9): 6 //跳过当前系统启动的配置文件
Flag Set Success.
步骤 4 输入0,然后自动重启设备。
====================<EXTEND-BOOTWARE MENU>================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Clear Super Password |
|<9> Storage Device Operation |
|<0> Reboot |
=================================================================
Ctrl+Z: Access EXTEND-ASSISTANT MENU
Ctrl+F: Format File System
Enter your choice(0-9): 0 //输入0重启设备
System is starting...
Press ENTER to get started.
步骤 5如不需要配置,直接跳过启动文件后直接保存当前空配置,再重启设备。
<H3C> save
The current configuration will be written to the device. Are you sure? Y/N:y
Please input the file name(*.cfg)flash:/startup.cfg
(To leave the existing filename unchanged, press the enter key):(输入回车)
flash:/startup.cfg exists, overwrite? Y/N:y
Validating file. Please wait...
Configuration is saved to device successfully.
<H3C>reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration may be lost after the reboot, save current configuration? Y/N:y
This command will reboot the device. Continue? Y/N:y
步骤 6如需要之前的配置,导出当前配置文件备份再清除密码,然后再导入配置文件覆盖。
- 备份配置文件
<H3C>
#Apr 26 12:02:07:166 2000 H3C SHELL/4/LOGIN:
Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1<hh3cLogIn>: login from Console
%Apr 26 12:02:07:306 2000 H3C SHELL/5/SHELL_LOGIN: Console logged in from aux0.
<H3C> copy startup.cfg startup_bak.cfg //复制一份配置文件进行备份
<H3C>dir //查看设备配置文件
Directory of flash:/
1 drw- - Apr 26 2000 12:00:20 logfile
2 -rw- 1666 Apr 26 2000 12:05:39 startup.cfg
3 -rw- 1556 Apr 26 2000 12:05:33 startup_bak.cfg
4 -rw- 151 Apr 26 2000 12:05:30 system.xml
29106 KB total (16876 KB free)
- 给设备和电脑配置成同网段IP地址,在电脑上通过3CD、MobaXterm软件搭建tftp服务器。
<H3C> system-view
System View: return to User View with Ctrl+Z.
H3Cinterface Vlan-interface 1
H3C-Vlan-interface1 ip address 192.168.100.1 24
H3C-Vlan-interface1quit
H3C ping 192.168.100.2
PING 192.168.100.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.100.2: bytes=56 Sequence=1 ttl=128 time=7 ms
Reply from 192.168.100.2: bytes=56 Sequence=2 ttl=128 time=2 ms
- 设备上传配置文件至tftp服务器。
<H3C>tftp 192.168.100.2 put startup.cfg
File will be transferred in binary mode
Sending file to remote TFTP server. Please wait... |
TFTP: 1666 bytes sent in 0 second(s).
File uploaded successfully.
<H3C>
设备文件上传成功,tftp服务器下载成功。
- 清除console密码。
可以到本地相关路径查看到相关文件,需要恢复之前配置解决方法:删除密码恢复之前配置文件
(1)使用记事本打开startup.cfg文件 。
(2)删除aux0口下的认证方式和密码并保存文件。
- 覆盖当前配置文件。
<H3C> tftp 192.168.100.20 get startup.cfg
The file startup.cfg exists. Overwrite it? Y/N:y //选择y,确认覆盖文件。
Verifying server file...
Deleting the old file, please wait...
...
File will be transferred in binary mode
Downloading file from remote TFTP server, please wait....
TFTP: 1166 bytes received in 0 second(s)
File downloaded successfully.
<H3C> reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration may be lost after the reboot, save current configuration? Y/N:n 不保存配置
This command will reboot the device. Continue? Y/N:y 确定继续重启
步骤 7重启设备后,Console口密码清除成功,原始配置依然存在,不影响现有网络。