How to Recover the Console Port Password

How to recover the console port password on Huawei s7700 and s9700 switches? Here we will tell you three methods to recover the password.

Three methods are provided to recover the console port password.

l Method 1: Log in to the device using Telnet and change the console port password.

l Method 2: Clear the console login password in BootROM and change the console port

password.

l Method 3: Clear the startup configuration file in BootROM, start the device with no configuration, and change the console port password.

NOTE

1. Method 1 is recommended. If you forget the Telnet password, use method 2 or 3.

2. If console port login uses password authentication and method 1 cannot be used, method 2 is recommended.

3. If the console port login uses AAA authentication, method 3 is recommended.

Logging In to the Device Using Telnet and Changing the Console Port Password

If you have a Telnet account and your user right is level 3 or higher, log in to the device using Telnet, change the console port password, and save the configuration.

1. Log in to the device using Telnet. Ensure that your user right is level 3 or higher.

Run the display users command to display all the users that have logged into the device.

The item with a "+" mark indicates your user account on user interface VTY1.

<HUAWEI> display users

User-Intf Delay Type Network Address AuthenStatus

AuthorcmdFlag

129 VTY 0 00:23:36 TEL 10.135.18.67 pass

Username : Unspecified

+ 130 VTY 1 01:20:36 TEL 10.135.18.91 pass

Username : Unspecified

131 VTY 2 00:00:00 TEL 10.135.18.54 pass

Username : Unspecified

Run the display user-interface command to display the user right of all users. VTY1 has

a corresponding user right 15; therefore, you have the right to change the console port

password.

<HUAWEI> display user-interface

Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int

0 CON 0 9600 - 15 - P -

+ 129 VTY 0 - 15 15 P -

+ 130 VTY 1 - 15 15 P -

+ 131 VTY 2 - 15 - P -

132 VTY 3 - 15 15 P -

......

2. Change the console port password.

In this example, you set the authentication mode to

password authentication and the password to huawei@123.

<HUAWEI> system-view

[HUAWEI] user-interface console 0

[HUAWEI-ui-console0] authentication-mode password

[HUAWEI-ui-console0] set authentication password cipher huawei@123

[HUAWEI-ui-console0] return

3. Save the configuration.

<HUAWEI> save

The current configuration will be written to the device.

Are you sure to continue?[Y/N]y

Now saving the current configuration to the slot 4.

Save the configuration successfully.

Clearing the Console Login Password in BootROM and Changing the Console Port

Password

The BootROM allows you to clear the console port password so that the device does not check the password when you log in through the console port. When the device starts, you do not need to enter the console port password and all configurations are loaded as normally. After the device starts, change the console port password and save the configuration.

NOTICE

l You must restart the device to display the BootROM menu, which results in service

interruption. Migrate services to a backup device and perform this operation in off-peak

hours.

l Set a new password immediately after you log in to the device by clearing console login

password.

l Do not power off the device during the operation.

l If the switch has two MPUs, remove the standby MPU before restarting the switch. After the switch completes restarting, install the standby MPU.

1. Connect a PC to the device through a serial cable and restart the device. When the message "Press Ctrl+B to enter Boot Menu..." is displayed, press Ctrl+B and enter the password (Admin@huawei.com by default). The BootROM main menu is displayed.

2. Clear console login password.

1. Boot with default mode

2. Boot from Flash

3. Boot from CFCard

4. Enter serial submenu

5. Enter ethernet submenu

6. Modify Flash description area

7. Modify bootrom password

8. Clear password for console user

9. Reboot

Enter your choice(1-9):8

Note: Clear password for console user? Yes or No(Y/N): y

Clear password for console user successfully. Choose "1" to boot, then set a

New password.

Note: Do not choose "9. Reboot" or power off the device, otherwise this

operation will not take effect.

NOTE

V2R5 and later versions: The S12700 menu page differs from that displayed above. However, you can also clear the console port password according to this method.

3. Enter 1 in the BootROM main menu to start the device.

4. Log in to the device through the console port. Authentication is not required when you login. Change the console port password. In this example, you set the authentication mode to password authentication and the password to huawei@123.

<HUAWEI> system-view

[HUAWEI] user-interface console 0

[HUAWEI-ui-console0] authentication-mode password

[HUAWEI-ui-console0] set authentication password cipher huawei@123

[HUAWEI-ui-console0] return

5. Save the configuration.

<HUAWEI> save

The current configuration will be written to the device.

Are you sure to continue?[Y/N]y

Now saving the current configuration to the slot 4.

Save the configuration successfully.

Clearing the Startup Configuration File in BootROM, Starting the Device with No

Configuration, and Changing the Console Port Password

If you clear the startup configuration file in BootROM, the device restarts with no configuration.

After the device starts, export the configuration file and change the console login configuration.

Upload the changed configuration to the device and specify the new configuration file as the next startup configuration file. After the device restarts, you do not need to enter the console login password.

NOTICE

l You must restart the device to display the BootROM menu, which results in service

interruption. Migrate services to a backup device and perform this operation in off-peak

hours.

l Do not power off the device during the operation.

l This method only applies to V200R003 and later versions, and is not supported by the

versions earlier than V200R003.

1. Connect a PC to the device through a serial cable and restart the device. When the message "Press Ctrl+B to enter Boot Menu..." is displayed, press Ctrl+B and enter the password (Admin@huawei.com. By default, the password for old versions could be 9300). The BootROM main menu is displayed.

2. Delete the startup configuration file so that the device starts with no configuration.

NOTE

Record the name of the current configuration file so that you can restore the previous configuration later.

MAIN MENU

1. Boot with default mode

2. Boot from Flash

3. Boot from CFCard

4. Enter serial submenu

5. Enter ethernet submenu

6. Modify Flash description area

7. Modify BootROM password

8. Clear password for console user

9. Reboot

Enter your choice(1-9):6

Modify flash description area

Please select booting device.

Press ENTER directly for no change or input your choice.

1: Flash, 2: CF Card

Current booting device: 2, your choice: //Press Enter to use the current

value.

Current booting File Name: cfcard:/HUAWEIV200R003C00.CC,

Press ENTER directly for no change.

Or, please input the file name (e.g. quidway.cc): //Press Enter to use the

current value.

Saved-configuration file

'.'=clear field; '^D'=quit; Enter=use current configuration;

new=change to other configuration file;

current: vrpcfg.zip

new : . //Clear the current value.

Saved-patch file

'.'=clear field; '^D'=quit; Enter=use current patch;

new=change to other patch file;

current:

new : //Press Enter. The patch file does not need to be updated.

Writting descriptor to flash...OK!

Writting backup descriptor to flash...OK!

NOTE

V2R5 and later versions: The S12700 menu page differs from that displayed above. However, you

can also clear the console port password according to this method.

3. Enter 1 in the BootROM main menu to start the device.

4. After the startup, the device restores the default factory settings. Log in to the device through the console port and set a new login password, for example, huawei@123.

An initial password is required for the first login via the console.

Continue to set it? [Y/N]:y

Set a password and keep it safe. Otherwise you will not be able to login via

The console.

Please configure the login password (maximum length 16)

Enter password: //Enter huawei@123.

Confirm password: //Enter huawei@123 again.

5. Restore the previous configuration. To restore the previous configuration but not retain the console login password in the previous configuration file, download the previous

configuration file to the PC. After deleting the console configuration, upload the previous

configuration file to the device and specify it as the startup configuration file. Restart the

device to make the previous configuration file take effect.

a. Configure the device as the FTP server.

<HUAWEI> system-view

[HUAWEI] ftp server enable

Info: The FTP server is already enabled.

[HUAWEI] interface ethernet 0/0/0

[HUAWEI-Ethernet0/0/0] ip address 10.110.24.254 24

[HUAWEI-Ethernet0/0/0] quit

[HUAWEI] aaa

[HUAWEI-aaa] local-user huawei password irreversible-cipher huawei@123

[HUAWEI-aaa] local-user huawei ftp-directory cfcard:

[HUAWEI-aaa] local-user huawei service-type ftp

[HUAWEI-aaa] local-user huawei privilege level 15

b. Download previous configuration file vrpcfg.zip to the PC.

C:\Documents and Setting\Administrator> ftp 10.110.24.254

Connected to 10.110.24.254.

220 FTP service ready.

User (10.110.24.254:(none)): huawei

331 Password required for huawei.

Password:

230 User logged in.

ftp> get vrpcfg.zip

200 Port command okay.

150 Opening ASCII mode data connection for vrpcfg.zip.

226 Transfer complete.

ftp: receive 981 bytes in 0.00 seconds 981000.00Kbytes/sec

c. Decompress the downloaded file on the PC and open it using a text editing tool

(system-provided text editing tool is recommended). Delete the console authentication

configuration and compress the file into the file vrpcfg.zip. The following

configuration needs to be deleted:

#

user-interface maximum-vty 15

user-interface con 0

authentication-mode password // Manual deletion is required.

set authentication password cipher %@%@:*IB+w7j~""GlU$0-;\#m@Jw%@%

@ // Manual deletion is required.

#

user-interface con 0

authentication-mode aaa // Manual deletion is required.

user privilege level 15 // Manual deletion is required.

6. Save the modified configuration file and upload it to the device to replace the original

configuration file.

ftp> put vrpcfg.zip

200 Port command okay.

150 Opening ASCII mode data connection for vrpcfg.zip.

226 Transfer complete.

ftp: 981 bytes are sent and the transmission time is 0.00 Seconds. The speed

is 981000.00Kbytes/sec.

7. Configure the uploaded configuration file as the startup configuration file. Restart the

device without saving the configuration.

<HUAWEI> startup saved-configuration vrpcfg.zip

Info: Succeeded in setting the configuration for booting system.

<HUAWEI> reboot fast

System will reboot! Continue ? [y/n]:y

8. After the device restarts, you are prompted to enter the console login password. Enter a

password and press Enter to display the command line interface.

NOTE

The preceding screen display information is only for reference. The screen display information varies

depending on the device and version.

More related:

How to Recover the BootROM Password