Saturday, December 19, 2015

Recover lost password on HPE Comware 12500's

If you have an IRF of these chassis-based switches and just reboot the entire cluster then break the boot sequence and bypass the current config, when the switch reboots it will load the config from MPU 1/1 or 2/0 or 2/1.   Therefore I had to isolate myself to a single MPU.  The steps that I had to do to recover was:



·         Break the IRF by unplugging IRF physical interfaces (te1/2/0/15 and te1/2/0/16 in this case).
·         Pull the standby CPU from slot 1 in chassis 1 (1/1)
·         Connect console cable to chassis 1 slot 0 MPU (1/0)
·         Reboot switch
·         Stop with control B at bootrom (screen output and selections are listed below)
o   Select 9
o   Select 4
o   Select 0
o   Select 0
o   Switch will now reboot without current config

·         Load current config with “config replace file flash:/config.cfg” command.  The switch will load the mangled startup-config file into current configuration but will NOT log you out.
·         At a minimum, 1) strip the console password and add privilege level 3, and 2) create a temporary local user with terminal access and privilege level 3.  (user "admin" with password “hp” in below example).

user-interface con 1/0 2/1
authentication-mode none
user privilege level 3

local-user admin
password simple hp
authorization-attribute level 3
service-type ssh telnet terminal

·         Add back irf-port 1/1 (it gets stripped from config when it is pulled in via the “config replace .. “ command.

int ran te1/2/0/15 to te1/2/0/16
shut
quit

irf-port 1/1
port group int te1/2/0/15
port group int te1/2/0/16
quit

int ran te1/2/0/15 to te1/2/0/16
undo shut
quit

·         Save config.  Verify the changes in the current config with “more” command from user context

·         Insert MPU in chassis 1 slot 1
·         Verify it comes up and replaces MPU slot 1/1 config.cfg with MPU 1/0 config.sys1/1

dis device ß verify slot loads with correct code version
copy config.sys chassis1#slot1#flash:/config.sys

·         Connect irf links (te1/2/0/15 and te1/2/0/16)
·         Verify in logbuffer that the switch detects that there is an irf merge

%Dec 18 11:48:16:274 2015 hp IFNET/3/LINK_UPDOWN: Ten-GigabitEthernet1/2/0/15 link status is UP.
%Dec 18 11:48:21:845 2015 hp IFNET/3/LINK_UPDOWN: Ten-GigabitEthernet1/2/0/16 link status is UP.
IRF merge occurs and the IRF system does not need to reboot.
%Dec 18 11:48:27:391 2015 hp STM/5/STM_MERGE:

·         Reboot switch 2
·         Verify that all modules load with the correct version of code (dis device)
·         After switch 2 comes up, replace MPU’s 2/0 and 2/1 config.cfg with MPU 1/0 config.sys

Here are the boot rom halt steps

Board self testing...........................
Board steady testing...                           [ PASS ]
Board SlotNo...                                   [   1  ]
Subcard exist testing...                          [ PASS ]
DX246  testing...                                 [ PASS ]
PHY88E1111  testing...                            [ PASS ]
CPLD1 testing...                                  [ PASS ]
CPLD2 testing...                                  [ PASS ]
NS16550 register testing...                       [ PASS ]
The switch's Mac address...                       [5C:8A:38:C0:CA:00]
CF Card testing...                                [ PASS ]
BootWare Validating...
Backup Extend BootWare is newer than Normal Extend BootWare,Update? [Y/N]
Press Ctrl+B to enter extended boot menu...
Please input BootWare password:

Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.

===========================<EXTEND-BOOTWARE MENU>===========================
|<1> Boot System                                                           |
|<2> Enter Serial SubMenu                                                  |
|<3> Enter Ethernet SubMenu                                                |
|<4> File Control                                                          |
|<5> Modify BootWare Password                                              |
|<6> BootWare Operation Menu                                               |
|<7> Clear Super Password                                                  |
|<8> Storage Device Operation                                              |
|<9> Product Special Operation                                             |
|<0> Reboot                                                                |
============================================================================
Enter your choice(0-9):

========================<PRODUCT SPECIAL OPERATION>=========================
|<1> Modify Chassis ID Operation                                           |
|<2> Modify Working Mode                                                   |
|<3> Modify PCL Key                                                        |
|<4> Skip Current System Configuration                                     |
|<0> Exit To Main Menu                                                     |
============================================================================
Enter your choice(0-4): 4
Flag Set Success.

========================<PRODUCT SPECIAL OPERATION>=========================
|<1> Modify Chassis ID Operation                                           |
|<2> Modify Working Mode                                                   |
|<3> Modify PCL Key                                                        |
|<4> Skip Current System Configuration                                     |
|<0> Exit To Main Menu                                                     |
============================================================================
Enter your choice(0-4): 0

===========================<EXTEND-BOOTWARE MENU>===========================
|<1> Boot System                                                           |
|<2> Enter Serial SubMenu                                                  |
|<3> Enter Ethernet SubMenu                                                |
|<4> File Control                                                          |
|<5> Modify BootWare Password                                              |
|<6> BootWare Operation Menu                                               |
|<7> Clear Super Password                                                  |
|<8> Storage Device Operation                                              |
|<9> Product Special Operation                                             |
|<0> Reboot                                                                |
============================================================================
Enter your choice(0-9): 0
DDR2 SDRAM test successful.
System is starting...
Booting Normal Extend BootWare
The Extend BootWare is self-decompressing...................
Done!

Now console access will NOT have a password OR will have the user and password you added.

Before logging out, to test verify telnet/ssh access
·         Connect one end of an rj45 cable to one of a switch port and the other end into your laptop
·         Set your laptop nic to be in the same subnet as the switch ports network and telnet/ssh to the switch
·         login with username admin (password hp) above

Logout of the console and then back in


No comments:

Post a Comment

Please add comments so I may update the material to accommodate platform modification to various commands. Also if you have some real-world caveats, do please share.

Search Duke

About the Author

My photo
Central Florida, United States