1. 需求分析
- 如果A系列防火墙密码忘记,但不想清空当前系统配置文件,那么可以通过防火墙sysloader模式下只重置管理员密码解决该问题。
- 其他型号防火墙可在StoneOS 5.5R9及之后版本通过密保验证重置密码。
2. 解决方案
2.1 软硬件信息
| 软件平台 | SG6000-A-3-5.5R9P1-v6.bin |
|---|---|
| 硬件平台 | SG-6000-A200 |
2.2 环境说明
- console线直连A系列设备,登录命令行下进行操作。
2.3 步骤说明
2.3.1 进入Sysloader模式
需要先通过console口进入防火墙的命令行界面,将防火墙关机后重新开机,在命令行等待进入Sysloader模式
bash
A200:
TIM-1.0
Bootloader 3.0.1 (Apr 28 2021-14:01:52)
DRAM: 2 GiB
PCIE-0: Link down
MMC: sdhci@d0000: 0, sdhci@d8000: 1
Press ESC to stop autoboot: 5 4 //在此处显示时需要在五秒内按下"Esc"键,否则会自动加载系统启动文件,若错过需再次重启进入。
load sysloader from USB? [y]/n: n //是否从USB加载syloader?按下"n"键
Run on-board sysloader? [y]/n: y //是否运行主板sysloader?按下"y"键
Loading: #
Starting kernel ...
A系列其他设备:
启动过程中有个选择加载image和sysloader的地方,选择sysloader回车即可进入sysloader。2.3.2 Sysloader模式下重置Administrator密码
bash
Sysloader 8.0.1 Apr 30 2021 - 15:17:48
sysloader#
1 Load firmware via TFTP
2 Load firmware via FTP
3 Load firmware from USB disks (not available)
4 Select backup firmware as active
5 Show on-board firmware
6 Reset
7 Reset Administrator password
sysloader# 7 //选择7:重置Administrator密码
user name : hillstone //选择需要重置密码的账户
Info: Reset admin password successfully!
user name: hillstone
password: 1a25240297 //显示为新的Administrator密码
Note: This password will be activated when system boot up again and keep valid until power off
sysloader# 6 //选择"6"重启设备2.4 结果验证
bash
----------------------------------------------------------------------------------------
W e l c o m e
H i l l s t o n e N e t w o r k s
----------------------------------------------------------------------------------------
Hillstone StoneOS Software Version 5.5
Copyright (c) 2009-2022 by Hillstone Networks
login: hillstone
password:
SG-6000# show interface
H:physical state;A:admin state;L:link state;P:protocol state;U:up;D:down;K:ha keep up;C:lacp down
=========================================================================================================================================================
Interface name IPv4 address/mask IPv6 address/prefix Zone name H A L P MAC address Description
---------------------------------------------------------------------------------------------------------------------------------------------------------
vswitchif1 0.0.0.0/0 N/A NULL D U D D 3029.5253.37fb ------
ethernet0/0 192.168.1.1/24 N/A trust D U D D 3029.5253.37ed ------
ethernet0/1 192.168.11.1/24 N/A trust D U D D 3029.5253.37ee ------
ethernet0/2 0.0.0.0/0 N/A NULL D U D D 3029.5253.37ef ------
ethernet0/3 0.0.0.0/0 N/A NULL D U D D 3029.5253.37f0 ------
ethernet0/4 0.0.0.0/0 N/A NULL D U D D 3029.5253.37f1 ------
ethernet0/5 0.0.0.0/0 N/A NULL D U D D 3029.5253.37f2 ------
=========================================================================================================================================================