Free CCNA | Password Reset & Licensing – Day 32 | CCNA 200-301 | Cisco Training 2020

Just another WordPress site

Free CCNA | Password Reset & Licensing – Day 32 | CCNA 200-301 | Cisco Training 2020

Cisco Certified Network Associate day 31 welcome back everyone I’m Imran Rafai your trainer for this entire series Today we will talk about password reset and licensing… right …this is a very very critical information for device management… so if you guys haven’t subscribed yet please consider subscribing so that you will be notified when we have new videos. So without wasting much time, let’s get straight into today’s class and like always before we go ahead my social media contacts are here and my email address is on your screen if you have anything please feel free to contact me. So what is ahead? Today we are going to look at three things: we look at password recovery right how do we do password recovery in switches and routers then we would look at i/o as upgrade recovery backup whatever that is and then of course we look at IOS licensing, which was introduced in the latest iOS version 15 and above. Right…. So how do we do password recovery? Now you would ask why do we need password recovery? Let’s assume we set up our device and we have set up all the passwords on it – Line VTY passwords, maybe Console passwords…. even enable password and let’s say you have forgotten the password or maybe one of the staffs who was in the company… they left and they did not give you the password or maybe you bought a device on eBay…. right and you got a used device. You got the device and the passwords … don’t know the password and you can’t access the device so in such situations how do we do password recovery….right so let’s put on the hackers hat …. we will try to do a little bit of hacking. Well not really hacking….but yeah something like that ….right So we’re breaking into the Cisco device and we’re recovering the password. Now this can be done….. like you know….. like a hacking thing right. If it’s not your device you could still do it but then that’s hacking – ILLEGAL! If it’s your device and you’re trying to get into your device because you’ve forgotten the password, I mean you have permission on the device then feel free but don’t be mischievous and try this on device that you don’t own right So how do we do it? There are three things basically – When a Cisco device reboots ….. so basically if you want to do a password recovery….. what you would do is ……you would…. I mean you see this switch here….. the power switch so let me take the pen …… so you see this power switch ……so you will hit the switch OFF and then back ON right…. that’s what in the Cisco world, they call it bouncing a router so you bounce the router put it OFF and put it ON and when the device boots you see those decompressing the image information then you see those # and * that keep going….. so when you see that, that is when the image is booting when that happens you need to run a BREAK SEQUENCE. Now the break sequence depends on your terminals software that you are using…. if you are using HYPER TERMINAL, it is different… if you are using SecureCRT it’s different right …. so it depends on your terminal software. Look at the description below, I will put a link from Cisco which gives you a list of all the break sequence for different terminal softwares around. Right….. so run the break sequence when you run the break sequence, the boot goes into something called as the ROMMON mode right…. the rom monitor mode the roman mode right now in the roman mode you get access not what is Roman Roman is basically like you’re on your computer right you have the BIOS write it it’s a it’s a very basic operating system so what one of the features that you can access when you in the Roman mode is the config register or the configuration register right now not only for a system when when a router boot the processes it first tries to get into of course you get into the boot sequence right it does the post and then it would load the operating system right once it loads operating system next it looks for your startup configuration if the startup configuration is not found on the device it will go to the default configuration where you get the screen which says do you want to run the system Auto configuration whatever that is and we always type new right so it goes in

that mode now what happens is the configuring configuration register right the one that you see here so once you do the boots boot sequence is going to Roman mode right and configuration registry that’s what tells the boot sequence what it should do so if at all the config register is in by normal for a normal router the config register stays at a value of 0 X 2 1 0 2 which means load the startup config if the config register is 0 X 2 1 4 2 right the difference is 4 and this is 0 if it is 4 2 it tells the boots we sequence to skip the startup configuration so it will boot the operating his load operating system it will keep the startup configuration and it will go loading the default configuration and the device will I mean it will have a setup consideration but it will not load into the running configuration and running configuration it will have the default settings right you will see we’ll see it very soon so what we need to do is we need to go there and change the configuration to 0 X 2 1 4 2 which will tell the device makes any boots please don’t load the startup configuration and setup configuration is where your password and all the other settings are there right so it will load without the startup configuration and will give access to the privilege mode right so you can get access to the privilege mode and then you can copy or you can do an okapi your startup configuration which is there and put in the running configuration change the password and then you can save the running to the startup configuration we will see how it is done once you do that reset the system right and then it will go into the module I’m going to show you quickly open tech trees and show you what we’re talking about right so this is not apology where I have a router so now we are doing the router password reset so we put nodes okay all this wipes all this right in our series I use to open the device like this and click on CLI right which is acceptable but and if want to do something different I want to do how you would do in a real device right so basically even though like I said you know when you click on this realize as if you’ve got console access to this but let’s we’ll do that let’s let’s act on what we are really doing so what I’ve done is I put a laptop now this is going to be a laptop so you have a Cisco device that is not accessible so I’m going to take that right so this is a Cisco device and I’m not going to use this henceforth I will consciously try not using the CLI tab I will try to use as if it’s a real device of a physical device right and I have a router so what I’m going to do is I’m going to use this cable this blue cable as the console cable I’m going to plug the console cable to my laptop to rs-232 that’s my serial port and I’m going to connect to the console port so basically now this device is connected to the router alright so here if I go to desktop and I don’t have a configure IP at all right for console I don’t need IP what I need is I need to go to terminal and this is the settings this setting has to be the same it has to be 9,600 bits per second data bits will be 8/3 is none stop that as one flow control none and if you hit OK it will give you access to the pool soul right and and if you click on seal I it’s exactly the same thing so basically if I hit here you see that it is the same thing but this is because it’s packet trace it gives us access from here but we’ve not using this we will always try using it using a device like this a laptop so it will try to simulate a real-world environment right so now you have this device router which needs a password reset you have taken your laptop gone there connect to the console cable plug digital console port and you opened terminal software put these values right and then you are accessing the console and then you realize it is locked with the password how do we enter there’s no way we can enter what do you do is now this this is router so you go to the router let’s bounce router so what do we do we switch it off and we switch it on right and you see that the image is decompressing you need to do control C so in package reset is control C but if it’s a head terminal it has control break different devices have different thing like I said look at the description and you will have a list of all the break sequence for different terminal software so once we get into

this mode you can see this it is wrong monitor Rahman right let’s do a question mark and we’ll see what are the commands that’s available here so in this mode I have boot conference this is what I was talking about consideration register dir help the reset set TFT DM LD and unset so we don’t need to worry about anything now we look at con fridge so I’m going to do conf red configuration registry and I need to set the value 0 X 0 to 1 for 2 right to 1 for 2 if I set to 1 photo I am telling this device the next time you reboot please discard write don’t consider let don’t delete the startup config but just don’t load the last startup config just load the default value I want the system to act as if it’s a brand new router right some I’m going to hit enter tu-142 remember the value tu-142 is keeping the startup-config to one zero two means it’s a normal router where it will load the startup configuration right so that’s how the startup configuration takes effect right so once you do this I’m going to do reset which is going to reset the system so now this router is resetting right so once the drop resets ideally if whatever we have done is correct it will go to the default settings you see now it has gone as if it’s a default router right there is no setting there’s no configuration on and that’s why it’s taken us to the system configuration dialog where we always say no so let’s say no hit enter we are in the router and you see that earlier the router had a name which is right so you because we were in console it was asking for console password you couldn’t even see the host name but then of course there is a host name you will see that soon so I hit enter I am in the privileged mode right so from user mode I go to the privilege mode now now I can say let’s see let’s do this show start and this is the startup configuration so you will see the host name is the end up licking router and then I have put a line console password pass for this console I can now I know the password so I can like copy this and then I can you know use this password but if you want to change the password very well you can what we need to do is firstly we need to load the startup config to our running config so let’s do this copy start to running right so basically what it is going to do is it’s going to copy the startup config put it in a running config and you’ll see that routers hostname already changed because now this is a running config right show run our running configuration is what used to be the startup configuration and now we can see the password for console is console have you set up an able password no we have not set up an enable password so that should be fine so and also another thing to remember is once you do that recovery is killing privilege mode it did not get take us back to the use exact mode right so we are safe we can still make changes to the registry let’s say the password was secret obviously you will not be able to read Asik if it let’s say enable secret and I had put a password you will obviously not see we have discussed this earlier it’s an encrypted password and you’ll not be able to see the password so you can go back this and you can type the password again so use this enable secret and enable whatever right now if I say show run you will see that enable secret is done and it’s an encrypted password you will not know what it is but you know because you said it now right so this is how you do password recovery for a router one more thing one more thing this is critical so now if you say let’s say show version and show version at the end it will also always show us the config register value so you see that the config value is 2 1 4 2 right so if I do now let’s say now the running config I have made changes I say copy running to startup right now I’ve saved my running config to start pumping but in this state if I restart my router what will happen yes the device will go back because the configurator is still to 1 for 2 the device will come back with factory setting right it will come without any configuration right we don’t need that when we have recovered the password now we know the password now we want the device to act like a normal router we want it to load startup config because we have the configuration we

want the router to load up start up once again and and just boot like normal way right so what do we need to do is we need to go to global configuration mode and then say configure register 0 X – 1 0 – right it changed our config register and then copy running to start or we could just say right right is the old command W RIT right if I do right sole command sorry you know why this happens in our domain name server hi let’s not discuss we have discussed this earlier but let’s just wait for this to timeout of course it’s timed out WRI T Eve right it does the same thing as copy running to startup concert right once you do this let’s say we’ll do again show version and we will see that now the config registry is 0 to 1 for 2 but it says it will be 0 to 1 0 2 at next reload so left to reload confirm and then the router will reload and we will have all the files all the configurations in fact and we know the new password now so this is how we do password recovery for this is console and enable is enabled this is how we do password recovery for a router right so we have done with this let’s go back to our presentation so that’s that’s how you do password recovery for a router now how do we do password recovery for a switch right now in in like I said in a in a router there is a switch there’s a power switch where you can put it off and put it on but in a mess in a switch in a Cisco switch there’s a power switch right so what we need to do is we need to first week you can like unplug the cable app from the back of the switch right and then reload the switch or if you are if you have access to privileged mode then you can do reload we say it will go to the switch and when the switch is reloading press this button there is this button can you see this button press that button for 3 seconds when you press the button 3 seconds automatically it will go into the Roman mode right and in that mode what you need to do is you need to first aim you know you initialize slash and inside slash there is going to be one file right so once you want to press for 3 second to get into that more mode in the mode you can go there is a file called slash config P eek XP now this is a configuration file in a switch what we would do is we would remain in that switch or we would rename that config file right so we could rename it to config dot hold on whatever you want and then do a sesame fit so what happens in a switch is when switch is booting up after it loads the operating system of the iOS it looks for the config file if the config file is not present it will just load the default right that’s a difference in in a router you have to go and change the configuration tree right concept register to get it to go to the default mode right in in a switch you just change the name of that device or of that config file and then the switch will load the default so let’s let’s see how how it is done impact racer right so what I’m going to do now is I’m going to use this time I’m going to connect my laptop to the console cable or to the console port of the switch right let’s do the same thing that we did earlier so we’re going to do keep the physical I mean we’re not going to use the CLI tab we’re going to do exactly like how it is done in real life so I’m going to access the CLI I’m going to access the console only through a laptop right so let’s try to access again same configuration nine six hundred eight nine one and none hit enter I’m in the console port of the switch now in this case I have not given a console password the reason is if I had a console password I wouldn’t be able to reload the switch because this packet tracer there’s no way I can you know remove the cable and reach out the cable to reboot the switch so I had to I mean what like what we could do is I can do an enable password so let’s say configure enable password enable right and hit right now now if I were to come here and I type enter this password I don’t know the password let’s assume so I need a

password reset right so can I do reload no I don’t think we can do we hold from this device I mean from from the user more at least so you can do a reload from the privilege mode so what I’m going to do is I mean in real life of course like I said just plug the cable from the back put it back in and the device will restart but in our case we don’t have the luxury so I’m going to remove the password and I’m going to reload it from here you understand why I’m doing that right and again let’s wait for this domain server look up to timeout alright let’s go let’s enable and the password is enabled and let’s do reload and when the device is reloading press this mode button it says mode button press for 3 seconds for Roman access I’m in a Roman axis I don’t want to go back to I don’t want to do CLI here it’s going to be interesting thing if you see CLI here is the same as from the laptop so this is just simulating getting access to console so but we are going to do as if real laptop connected laptop to the device and I’m in the Roman module now now I’m in the Roman mode so first you need to do is discount which is slash underscore in it right this is initializing slash in factories I think the flashiness initialization of the flash happens automatically but in your switch you might have to do this to initialize your flash then we can say dir slash right I’m going to see what is available in the flash and you see that slash has two files one is this is the operating system the iOS and then you have the config file so what we need to do is we need to rename rename flash config dot txt to slash config dot o LD right so basically now we can see our our slash and you can see that this file has indeed been renamed to config dot o LD now let’s do a reload a resets our it we set and we see that the switch is recent in factory starting now and also switch restarts it should go back to the default mode right so you see the switch has gone back to default mode that’s why the switch safe switch right the hostname was in NW King swish so that means it has not loaded the the configuration so we go here and in in a real device there is a command which says rename right but in factories I think that command is not this I cannot but I can say sure sure running of course as you can see it’s a default there’s nothing on on the device now in practice what I do is there is a command called more and I can say flash config dot o LD right this is I mean this is a hack what you need to do is just copy this part right this is the the real configuration files you just copied this part having you understand why I’m doing this right so I can do copy and go to the global config mode and I can do paste and ideally it should copy everything and you can see that the hostname has change and the switches come back to the normal switch and then you can do a copy start copy running to start and then you will have a new config dot PNO file config dot txt file that is created by the switches right so easy way to do is is really in the old file to the correct name config dot te x3r if in in packet Reece you’re doing and you can just copy your config dot old a well these content and then put in your running config and then save it right whatever way you want you can do so that’s how you do a switch password recovery right so you see that there’s a difference between packet the password recovery for a router and for a switch next we’re going to look at is backup and recovery right we would look at how to copy the iOS image right to the TFT how to get the file back from

TFT to your device and then we would see how do we recover like there are changes when your iOS file is deleted by mistake right for some reason maybe one of your colleague has done it or whatever reason your iOS does not boot how do we recover how do we get you know from your Roman mode you say I mean like we saw there was a Roman mod in your iOS device from that mode how do we get the file from a TFTP server like there are two ways to do it one is the X modem right packet tracer does not support X modem which is going to briefly tell you what X modem is and then we will do what we can do from packet tracer which is the TFT method alright so now we have a device this is the device and what I’ve done is I’ve given this IP address and then I’ve given this server IP address right so you can see that 10.1 to one have I not given okay I apparently have not given an IP address to this but there is definitely an IP address in this so I’m going to quickly give an IP address to this so obviously we can’t do this because we’re not going to touch the high I’m going to connect a gnome console cable plug it to the console port left to the normal way code germinal okay and I’m the console of that device right I can see there is a password password is console enter configure terminal interface G 0 / 0 IP sorry interface F 0 / 0 IP address 10 dot 101 1 to 5 5 to 5 5 to 5 4.0 no shot so right now I have this I have configured IP address right so how do we do right so this is let’s let’s look at the flash now show flash so this one this one is the squares or the operating system of this router right this is the most important thing now how do we copy this file to the TFTP server there is a TTP server on this device so in factories how do you how do you configure FTP you can go to a server and go to services and then there is a TFTP service put it on and I don’t know no these are all the operating systems that’s available on the server right this one is the one that is there on this device 1 8 4 1 routers add add services so what we can do is we can remove this file because I want it to come from here so let’s go back here let’s go back here and I’m going to say copy / to TFTP right it’s going to ask the source file name so this is the file name so I’m going to say source I’m going to put it here paste and then we’ll always in use the copy command first is the source and then is the destination remember this always especially when you’re in recovering passwords for the router where you have to configure you know copy from start up to running if by mistake when you after you do get back into the device you do copy running to start you would literally delete all the backups right all the configuration in the startup files because the startup file is very pause mu your running config at that point was blank right you would have copied everything from your running to your startup and you would lose all your files so be careful startup the current running and running startup you need to know which is source which the destinations in this case we put the file name so now it says destination address name of the remote host remote host is the TFTP server which is destination file name i can leave it as the same and it is writing that to that server now we can go back here TFTP and you can see that this file is indeed here right that’s how you copy the file from paste from from the whole flash to TST be how do we do the are to be around you can say copy TFTP to flash right it’s asking host remote hosts file name right what let’s do this let us get IP base can I can I copy no I can’t

okay I’m going to type the file name c18 for one IP base oh it’s IP base is one word IP base MV dot one two three one four t7 dot pin right so let’s let’s confirm that oh it starts to see oh god yeah c18 4.5 is – MZ dot 1 2 3 – 1 4 dot t 7 dot pin right that’s the source file name destination file name will be same thing and you hit enter you can go show flash and you will see that now we have to file one is the original right and then we have is file name now these are the two operating systems that we have and I don’t know if you have discussed this iOS file names for old one so this is the platform the 18-foot forty one router this is advanced IP services adv IP services right canine and Z those are the different version numbers in the release times this P is for I think it’s like not a I think MSM release is for 16 months support and K is intermediate release right don’t worry about that this is what is important twelve point four so it’s set to one to four that this is iOS version twelve point four this is is iOS version twelve point three right so now we have two and this is IP based IP base is the basic functionalities IP advanced IP services you will have much more functionalities I think like MPLS and things like that so this is what you get from TFTP to your flash right so now another scenario is when by mystic you delete your flash so let’s say let’s delete slash right so once we delete flash it’s going to ask what to delete let’s delete photo iOS so copy okay before we do this let’s say no okay by default now this is the iOS that it is booting from nas points for some reason you say up and from next boot I want this iOS to be the boot operating system so what you do is you go to config mode and you say boot system write as a command boot system and it’s a flash and you give the file name right so from next boot this is going to be the default operating system right even though it has two operating system this is going to be the operating system it is going to board from right that’s the command to change the boot sequence so now let’s do this let’s delete a slash and let’s delete that file it says deleted next let’s delete eight this operating system so basically we have deleted both operating system from this device delete flush and I’m going to say operating system perfect now show flush oh my god we don’t have an operating system what will happen if we reload what will happen right it will go into Roman mode why because that’s the process it is going to look for the operating system if the operating system is not present it goes from the Roman mode now Roman mode is like I said basic operating system which has some functionalities now there are two ways in packet tracer there is no X modem but if you are less it doing on a real device there is a command called X modem you would say X modem right and then you give all the all the details once you do that you can end in let’s say fusing teratoma using secure CRT you can click on file and there is an option which is transfer and then you can choose X modem once you do X mu them you can choose the file so let’s assume this iOS file is in your laptop like you will have it in your laptop and then you can choose that file you can say transfer X modem and choose that operating system file and you say send and export them is it’s it’s really really slow right there are times when it has taken one one hour maybe two hours so it’s very very very slow that’s X modem depending on the file size it can be very very tedious process safety on the other hand is slightly more faster I wouldn’t say it’s very fast but it’s slightly more faster

than X modem right so an impact reason because we don’t have that option of file and choose transferring that function they don’t have the commands if you look at this there is no command for X modem instead we have something called the TFT TFTP DN d NL d which is TFTP download so let’s say tftpd and LD it tells us that we need to set up these variables right so let’s set up those variables first now why do we need that variables because known as Roman mode this routered does not have any functionality basically it is completely no you so first we need to set up the device we need to give it an IP address so let’s give an IP address IP address 10.1 Doe 101 IP subnet mask 255 2 to 5 5 to 5 4.0 default gateway whereas TFTP and TFTP server is again same thing tinder 100 1.10 and TFTP file what is the file name I think I should have that in right this is the TFTP file name so basically what I’ve done is I have given IP address I’ve given the mask gateway have done the default so if you can address it remember so this is how the topology is so I’ve given I’m giving to this device right because it’s configuration is completely raised in the Roman mode there is no IP address so we have created those IP addresses now and you’re failing you default gateway an FTP server is and I have given the file name so once that’s done all I have to is run this command tftpd and LD hit enter it will confirm it’ll ask us to confirm that IP address is this subnet mask is this this is a default gateway TFTP server and this is file you’re looking for if I say yes what it would do is it would if you can see now it’s become green it is actually copying the file from the TFTP server once it is done let’s do the boot come on and instead of doing not you could do the reset and a real device you say reset it’ll reset but you can do boot so boot is working so you hit boot it is booting back and you can see that now your device is working because the operating system is back in the device so this is how you recover a device which has lost its operating system right now let’s look what what else is there right so that’s that’s how you do recovery of iOS how do we do backup and how do you recover and how do we recover if there is no operating system Todd next we’re going to talk a little bit about iOS licensing now try to iOS version 15 that was I think twelve point four from twelve point four date directly jump to I was 16 don’t ask me why but that’s what they did so earlier the way you bought devices you’d call Cisco and say okay I want a device right and just go to yes okay what platform do you want okay this is a platform and they say okay this platform cost one thousand dollars because obviously it depends on the license so let’s say Hardware whatever that Hardware was right you give your hardware and they say what operating system we say I want IP base okay fine IP bases thousand dollars if maybe your friend he says okay I want enterprise IP services right it’s the same hardware but teach it I mean this with IP be it constant you $1000 but your your friend he paid ten thousand dollars okay and don’t quote me on the numbers I’m just giving you random numbers now he took the IP at one services and you bought it with the IP base hardware is the same the only thing that was different was operating system now what prevents you from asking your friend to give a backup of the operating system and you put it on to your device you literally save nine thousand dollars or even if you do not have a friend today with that ones advancement of internet right one of the biggest problems with the internet is piracy right so all the operating system is

available on the Internet I mean people do that of course it’s illegal I would never recommend anybody to do that but people are doing that and that is why Cisco said you know what we need a mechanism to prevent that and that’s why when they went to iOS version 15 they went with licensing now if you remember from old version like we showed you a while ago iOS versions 12.4 had different operating systems you had the advanced security so these are the different versions right and you could tell that by looking at the operating system name so you it would say IP based or it would say add one IP services like the one we saw earlier adv IP services or ENT base ENT services at one security right so every operating system had a name and you could distinguish by the name what operating system it was right like like you have new windows you have Windows Home windows basic Windows Enterprise right so similarly more features more functionalities as you go higher down the scale in is 15 you have one license I mean one operating system right it’s called the universal operating system a universal operating system has the IP base IP base is it’s it’s a lifetime license it is enabled for everyone right so IP bases enable for everyone all the other three functions the data unified communication of security it would run on licenses so you had to go to Cisco you need to go by you can go online and buy the license from Cisco says you say I mean you would say ok I want data services so you go to Cisco you pay amount whatever that is $1,000 $2,000 whatever that amount you pay Cisco and Cisco would send a license file to your email take that file go into your device you can put it on the devices flash right you can just do a TFTP and transfer that to your device flash and you can say license install and you can install newse license and you whatever that service that you bought the license for would automatically get enabled right so and then and then of course there is another way where you could do evaluation like for instance security I think in packet tracer security is evaluation license so you could enable the evaluation license and run for sixty days where you get security functionalities right like crypto and and all the other things we PN’s and all that comes under security so basically in depending on what you need you need to buy the license based license is going to be common so I’m going to quickly show you how to look at the licensing and how to look at all the other functionalities of the squire’s license I am going to take an exception so we’ll let’s go CLI this time and do show version trivia show version you could see right you would see that this is running version 15 points 1 and if you can see its c1 900 Universal k9m right that means it’s the universal license it has all the things but what license is it running you can see that down you can it will tell that the license information for module C 1 980 base is a permanent license you can see permanent security is disabled data is visible right they don’t have any license at the moment show license all right you can do show license and then there are different ways like you can do show license all it will tell whatever license that’s available so at the moment the primary license is IP base it’s a permanent license it’s active it’s in use not counted evaluation lies in storage there is security k9 license that’s evolution and then you have data k9 I think both of them come as evaluation but I think packet race at the moment it suppose only security valuation that’s why I think license type evaluation and here license type nothing is shown so that that is the license how to look at the license you can also look at license details and you can basically see how many whatever license that’s active and think what other things you can look at license features right so you can see that IP base enforcement no evaluation no subscription no enabled yes security enforcement yes yes that means you need license for this evaluation is available for security subscription no no no it says is it enabled no right so this is a little about cisco iOS version 15 licensing right so you go to Cisco’s

website you buy the license put the license here you can come you can come to the global config mode you can say license and you can say install which is not there here but you can say install and then you can enable your license and then automatically whatever license that you’re installing will get enabled that’s how you do licensing in version 15 and above I think we have covered everything Phi C and D 1 this will be officially this will be the last video for icnd1 the next video I’m going to quickly there may have had a lot of people asking about how to sign up for example next video I’m going to quickly show you how if people who are interested to write IC into one exam I will show you how to go register for IC into one exam and attempt the test so thank you so much for watching I will see y’all very well