No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
Console Port Password Recovery for CloudEngine Series Switches

Logging in to a device through the console port is one of the most commonly used device management methods on the live networks. For security purposes, you are advised to set a console port password. Then the device can be configured and managed only after the correct password is entered. This document describes how to reset a console port password when you forget the password.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Console Port Password Recovery for CloudEngine Series Switches

Console Port Password Recovery for CloudEngine Series Switches

Logging in to a device through the console port is a commonly used method for device management. For security purposes, a password is typically set for secure access to the device through the console port (hereafter referred to as console port password). This document describes how to recover (that is, reset) a console port password when you forget the password.

You can reset a console port password using any of the following methods:

Method 1: Log in to the device using STelnet/Telnet to reset the console port password.

Method 2: Reset the console port password through the BootLoader menu.

Method 3: Reset the console port password through the BIOS menu.

  • Method 1 is recommended. Methods 2 and 3 require the device to be restarted, which interrupts services. If the STelnet or Telnet password is also forgotten, use method 2 or 3.
  • Methods 2 and 3 apply to different switches. Method 2 applies to the following switch models: CE5880EI, CE6857EI, CE6860EI, CE6865EI, CE6865SI, CE6880EI, CE6881, CE5881, CE6881K, CE6820, CE6863, CE6863K, CE6881E, CE8850EI, CE6870-48T6CQ-EI, CE6875EI, CE8861EI, CE9860EI, CE8868EI, CE12800E and CE16800, because only these switches support the BootLoader menu. For other switch models, use method 3.

Logging In to the Device Using STelnet or Telnet to Reset a Console Port Password

If you can log in to the device using STelnet or Telnet and your privilege level is 3 or 15, log in to the device using STelnet or Telnet, reset the console port password, and save the configuration.

  1. Log in to the device using an STelnet or a Telnet account.

    Run the display users command to check all the users who have logged in to the device. The current user interface is marked with an asterisk (*) and is VTY1 in this example.

    <HUAWEI> display users
NOTE:                                                                           
User-Intf: The absolute number and the relative number of user interface        
Authen: Whether the authentication passes                                       
Author: Command line authorization flag                                         
--------------------------------------------------------------------------------
  User-Intf   Delay     Type   Network Address   Authen    Author   Username    
--------------------------------------------------------------------------------
   34  VTY 0  00:06:53  TEL    10.135.18.67      pass      yes      Unspecified

*  35  VTY 1  00:00:00  TEL    10.135.18.91      pass      yes      Unspecified

    Run the display user-interface command to display the privilege levels of all users. The ActualPrivi field indicates the actual privilege levels of users. If the current privilege level of a user is 3 or 15, the user has the permission to set a new console port password.

    <HUAWEI> display user-interface
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int       
  0    CON 0    9600       -     15    -           P     -    
+ 34   VTY 0               -     15    15          P     -   
+ 35   VTY 1               -     15    15          P     -   
......

  2. Reset the console port password.

    • The following example sets the authentication mode to password authentication.
      <HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode password
[*HUAWEI-ui-console0] set authentication password
Please configure the login password (8-16)
Enter Password:      //Enter the new password.
Confirm Password:   //Enter the new password again for confirmation.
[*HUAWEI-ui-console0] user privilege level 3
[*HUAWEI-ui-console0] commit
[~HUAWEI-ui-console0] return
    • The following example sets the authentication mode to AAA, user name to admin123, and password to Huawei@!123.
      <HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode aaa
[*HUAWEI-ui-console0] quit
[*HUAWEI] aaa 
[*HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@!123 
Info: A new user is added.  
[*HUAWEI-aaa] local-user admin123 service-type terminal 
[*HUAWEI-aaa] local-user admin123 level 3
[*HUAWEI-aaa] commit
[~HUAWEI-aaa] return

  3. To prevent configuration loss after a device restart, save the device configuration.

    <HUAWEI> save
Warning: The current configuration will be written to the device. Continue? [Y/N]:y
Now saving the current configuration to the slot 1 
Info: Save the configuration successfully.

Resetting a Console Port Password Through the BootLoader Menu

The BootLoader menu provides the function of clearing the console port password. After the console port password is cleared and the device starts, you can set a new console port password and save the configuration.

  • You need to restart the device to enter the BootLoader menu. For example, you can power off and then power on the device to restart the device. Restarting the device interrupts services. Therefore, back up services and restart the device in off-peak hours. Do not power off the device when the device restarts.

  • For CE12800E and CE16800 series switches, if the device has two MPUs, remove the standby MPU. After performing the following operations, install the standby MPU and run the save command to ensure that the configurations on the active and standby MPUs are the same.

  • After restarting the device, you can log in to the device through the console port without entering the password only this time. The original console port password is still saved in the configuration file. After logging in to the device, set a new console port password immediately; otherwise, you still need to enter the original password the next time you log in to the device through the console port.

  1. Connect your PC to the device through the console port. In Figure 1-1, the CE16800 is used as an example to be connected to the PC.
    Figure 1-1 Connecting your PC to the device through the console port

  2. Restart the device. When the following information is displayed, press Ctrl+B within three seconds to access the BootLoader menu.

    Press CTRL+R to enter the Recovery mode and restore factory configurations.
Press CTRL+B to enter BOOT menu or CTRL+E to boot DFX: 3
  3. In the BootLoader menu, enter the BootLoader password.

    The display on different devices in different versions may be different. Therefore, the display on your device may be different from that provided in this example.

    The default username and password are available in CloudEngine 16800, 12800, 9800, 8800, 7800, 6800, and 5800 Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

  4. Select Password manager submenu to access the password manager submenu.
  5. Select Clear the console login password to access the submenu for clearing the console port password. When the following information is displayed, enter y. The device will continue to start.
    Caution: A new console password must be set after the restart. 
Continue now? Yes(y) or No(n): y 
Password:     //Enter the BootLoader password. If the BootLoader password is empty, you do not need to enter it.
  6. After the device finishes starting, you can log in to the device through the console port without entering the password only this time. After logging in to the device, set a new console port password immediately.
    • The following example sets the authentication mode to password authentication.
      <HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode password
[*HUAWEI-ui-console0] set authentication password
Please configure the login password (8-16)
Enter Password:      //Enter the new password.
Confirm Password:   //Enter the new password again for confirmation.
[*HUAWEI-ui-console0] user privilege level 3
[*HUAWEI-ui-console0] commit
[~HUAWEI-ui-console0] return
    • The following example sets the authentication mode to AAA, user name to admin123, and password to Huawei@!123.
      <HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode aaa
[*HUAWEI-ui-console0] quit
[*HUAWEI] aaa 
[*HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@!123 
Info: A new user is added.  
[*HUAWEI-aaa] local-user admin123 service-type terminal 
[*HUAWEI-aaa] local-user admin123 level 3
[*HUAWEI-aaa] commit
[~HUAWEI-aaa] return
  7. To prevent configuration loss after a device restart, save the device configuration.
    <HUAWEI> save
Warning: The current configuration will be written to the device. Continue? [Y/N]:y 
Now saving the current configuration to the slot 1  
Info: Save the configuration successfully.

Resetting a Console Port Password Through the BIOS Menu

The BIOS menu provides the function of clearing the console port password. After the console port password is cleared and the device starts, you can set a new console port password and save the configuration.

  • You need to restart the device to enter the BIOS menu. For example, you can power off and then power on the device to restart the device. Restarting the device interrupts services. Therefore, back up services and restart the device in off-peak hours. Do not power off the device when the device restarts.

  • For CE12800 series switches, if the device has two MPUs, remove the standby MPU. After performing the following operations, install the standby MPU and run the save command to ensure that the configurations on the active and standby MPUs are the same.

  • After restarting the device, you can log in to the device through the console port without entering the password only this time. The original console port password is still saved in the configuration file. After logging in to the device, set a new console port password immediately; otherwise, you still need to enter the original password the next time you log in to the device through the console port.

  1. Connect your PC to the console port of the device. In Figure 1-2, the CE12800 is used as an example to be connected to the PC.

    Figure 1-2 Connecting your PC to the device through the console port

  2. Restart the device. When the following information is displayed, press Ctrl+B within 3 seconds and enter the BIOS password to access the BIOS menu.

    Press CTRL+B to enter BIOS menu or CTRL+E to boot DFX:  1
  3. In the BIOS menu, enter the BIOS password.

    The default username and password are available in CloudEngine 16800, 12800, 9800, 8800, 7800, 6800, and 5800 Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

  4. Select Modify console password in the BIOS menu as prompted. When the following information is displayed, enter y. The device will restart.

    Caution: A new console password must be set after the restart.
Continue now? Yes(y) or No(n):y

  5. After the device finishes starting, you can log in to the device through the console port without entering the password only this time. After logging in to the device, set a new console port password immediately.

    • The following example sets the authentication mode to password authentication.
      <HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode password
[*HUAWEI-ui-console0] set authentication password
Please configure the login password (8-16)
Enter Password:      //Enter the new password.
Confirm Password:   //Enter the new password again for confirmation.
[*HUAWEI-ui-console0] user privilege level 3
[*HUAWEI-ui-console0] commit
[~HUAWEI-ui-console0] return
    • The following example sets the authentication mode to AAA, user name to admin123, and password to Huawei@!123.
      <HUAWEI> system-view
[~HUAWEI] user-interface console 0
[~HUAWEI-ui-console0] authentication-mode aaa
[*HUAWEI-ui-console0] quit
[*HUAWEI] aaa 
[*HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@!123 
Info: A new user is added.  
[*HUAWEI-aaa] local-user admin123 service-type terminal 
[*HUAWEI-aaa] local-user admin123 level 3
[*HUAWEI-aaa] commit
[~HUAWEI-aaa] return
  6. To prevent configuration loss after a device restart, save the device configuration.
    <HUAWEI> save
Warning: The current configuration will be written to the device. Continue? [Y/N]:y 
Now saving the current configuration to the slot 1  
Info: Save the configuration successfully.

More Information About Password Recovery

For more information about solutions to forgetting passwords, see the following document:

Troubleshooting: Forgetting Passwords

Translation
简体中文
Download
Updated: 2021-02-22

Document ID: EDOC1100164802

Views: 11583

Downloads: 87

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :