Wednesday 28 March 2012

solutions for Unix,backup and storage: C4 TAPE LIBRARY CONFIGURATION ON SOLARIS WITH NETW...

solutions for Unix,backup and storage: C4 TAPE LIBRARY CONFIGURATION ON SOLARIS WITH NETW...:  9 Today i have configured a C4 tape Library to a solaris server. We are running backup using networker 7.2. The C4 tape library has got 38...

Adding SWAP space and DUMP space to a ZFS installe...

solutions for Unix,backup and storage: Adding SWAP space and DUMP space to a ZFS installe...: Its very easy to add swap space in ZFS installed machine and the concept is same as that of UFS. In UFS we make use of commands 'mkfile' an...

Friday 16 March 2012

Crack Admin Password for Cisco Nexus 5020 Switch

Recently i changed my employer. I was so desperate to explore the world of Storage, Where i was working on only Hitachi VSP and low end emc storages and thank god now i got a job under the World Leader of Storage.
The very first  task given to me was to configure a SAN fabric out of

1)Cisco Nexus 5020
2)Cisco MDS 9509 &
3)Brocade DCX-B switches.Where my nexus switch is gonna be the director switch.

I was stuck up with the nexus SAN switch where i didn't knew the admin password. Below i have explained in a step by step way on how to break the admin password for the same.

1)Power on the Cisco Nexus switch and observe the output in console. If we know the boot procedure we can see that first it will run the BIOS, then it will load the kickstart image from the boot loader prompt, Once the kickstart image verification is done without error then from the switch(boot) prompt the switch will boot to the init level 3 loading the system image, where we can do the normal switch operations. The important images required for the switch to boot is
                             a) Kickstart image &
                             b) System Image which resides in the bootflash: directory of the switch.

But  we should not allow the switch to boot to the run level 3 nor load the System image.Before that we should break it and bring the switch to switch (boot) prompt.Below is the output that shows while a nexus switch boots up.





Booting kickstart image: bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin....
.......................................................................Image ve
rification OK


Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
  Executing Mod 1 1 SEEPROM Test......done
  Executing Mod 1 1 GigE Port Test.......done
  Executing Mod 1 1 Inband GigE Test.....done
  Executing Mod 1 1 NVRAM Test....done
  Executing Mod 1 1 PCIE Test..............................done
  Mod 1 1 Post Completed Successfully
  Executing Mod 1 2 SEEPROM Test....done
  Mod 1 2 Post Completed Successfully
POST is completed
Creating /callhome..
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems..... done.
.
Loading system software
Uncompressing system image: bootflash:/n5000-uk9.4.1.3.N2.1.bin


Loading plugin 0: core_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/0, tar_log = /isan/plugin_extract_log/0
Loading plugin 1: eth_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/1, tar_log = /isan/plugin_extract_log/1
plugin_file_is_excluded_from_exec_path: /boot/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0.0.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/etc/ is excluded from linking
INIT: Entering runlevel: 3
Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.


Setting envvar: SYSMGR_SERVICE_NAME to muxif_service
Set envvar SYSMGR_SERVICE_NAME to muxif_service
/isan/bin/muxif_config: argc:2
muxif_init....vacl: ret: 0
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2012 Mar 13 11:29:11 Securitty %$ VDC-1 %$ %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
Executing Port Power On Tests........................Done


2012 Mar 13 11:31:39 Securitty %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online


Nexus 5000 Switch
admin login :




*****************************************************************************

2)To break the boot sequence once the POST is completed either press Cntrol and ']' (Cntrl + ]) or Control and Sihft alongwith 'b'.
This depends on the models of switch you are working on. In the Latest Nexus switch  should work and that worked for me.Cntrl + ]


Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
  Executing Mod 1 1 SEEPROM Test......done
  Executing Mod 1 1 GigE Port Test.......done
  Executing Mod 1 1 Inband GigE Test.....done
  Executing Mod 1 1 NVRAM Test....done
  Executing Mod 1 1 PCIE Test..............................done
  Mod 1 1 Post Completed Successfully
  Executing Mod 1 2 SEEPROM Test....done
  Mod 1 2 Post Completed Successfully
POST is completed
^]Creating /callhome..                             (Here by giving 'Cntrl + ]' i am breaking the boot sequence)
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems....r. done.
.
INIT: Sending processes the KILL signal kernel daemon...don
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch(boot)# 



*********************************************************************************

3) Once you reach the sitch(boot) prompt, there are only few commands that can be performed here. Here itself you have to change the admin password with command. admin-password.



Switch(boot)# config t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(boot)(config)# admin-password password123there 
Password is not strong enough: Password should contain characters from at least three of the following classes: lower case letters, upper case letters, digits and special characters.
switch(boot)(config)# admin-password P@ssword123
switch(boot)(config)# exit

*****************************************************************************

4) Once the password is rest then we have to load the system image from this prompt using the load command.



switch(boot)# dir bootflash:
bootflash:license_SSI14190KEY_15.lic
bootflash:lost+found
bootflash:mts.log
bootflash:n5000-uk9-kickstart.4.1.3.N2.1.bin
bootflash:n5000-uk9.4.1.3.N2.1.bin
bootflash:vdc_2
bootflash:vdc_3
bootflash:vdc_4
switch(boot)# dir bootflash:
        497  Aug 11 2010 21:20:20  license_SSI14190KEY_15.lic
      16384  Aug 11 2010 21:07:16  lost+found/
       1418  Mar 13 2012 10:43:18  mts.log
   21680640  Aug 11 2010 21:12:03  n5000-uk9-kickstart.4.1.3.N2.1.bin
  136255825  Aug 11 2010 21:12:37  n5000-uk9.4.1.3.N2.1.bin
       4096  Jan 01 2005 00:02:30  vdc_2/
       4096  Jan 01 2005 00:02:30  vdc_3/
       4096  Jan 01 2005 00:02:30  vdc_4/


           Usage for bootflash: filesystem
                  219824128 bytes total used
                  663527424 bytes free
                  883351552 bytes available
switch(boot)# load bootflash:n5000-uk9.4.1.3.N2.1.bin



INIT: Unexporting directories for NFS kernel daemon...done.
Stopping NFS kernel daemon: rpc.mountd rpc.nfsddone.
Unexporting directories for NFS kernel daemon...
done.
Stopping portmap daemon: portmap.
Stopping kernel log daemon: klogd.
Sending all processes the TERM signal... done.
Sending all processes the KILL signal... done.
Unmounting remote filesystems... done.
Deactivating swap...done.
Unmounting local filesystems...done.
mount: you must specify the filesystem type
Starting reboot command: reboot
Rebooting...
Restarting system.




Booting kickstart image: bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin....
.......................................................................Image ve
rification OK


Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
  Executing Mod 1 1 SEEPROM Test......done
  Executing Mod 1 1 GigE Port Test.......done
  Executing Mod 1 1 Inband GigE Test.....done
  Executing Mod 1 1 NVRAM Test....done
  Executing Mod 1 1 PCIE Test..............................done
  Mod 1 1 Post Completed Successfully
  Executing Mod 1 2 SEEPROM Test....done
  Mod 1 2 Post Completed Successfully
POST is completed
Creating /callhome..
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems..... done.
.
Loading system software
Uncompressing system image: bootflash:/n5000-uk9.4.1.3.N2.1.bin


Loading plugin 0: core_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/0, tar_log = /isan/plugin_extract_log/0
Loading plugin 1: eth_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/1, tar_log = /isan/plugin_extract_log/1
plugin_file_is_excluded_from_exec_path: /boot/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0.0.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/etc/ is excluded from linking
INIT: Entering runlevel: 3
Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.


Setting envvar: SYSMGR_SERVICE_NAME to muxif_service
Set envvar SYSMGR_SERVICE_NAME to muxif_service
/isan/bin/muxif_config: argc:2
muxif_init....vacl: ret: 0
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2012 Mar 13 11:29:11 Securitty %$ VDC-1 %$ %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
Executing Port Power On Tests........................Done


2012 Mar 13 11:31:39 Securitty %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online
**********************************************************************************

5) Now the switch is booted in run level 3 and is up.You can give the admin login and password and login to the switch.

login as: admin
Using keyboard-interactive authentication.
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
libh250#

**********************************************************************

New articles on restoring san switch from loader prompt, Upgrading images of Cisco SANswitches and configuring fabric using ISL are all yet to published in my next few updates here. 



solutions for Unix,backup and storage: How to Break Admin Password for Cisco Nexus 9000 S...

solutions for Unix,backup and storage: How to Break Admin Password for Cisco Nexus 9000 S...: Recently i changed my employer. I was so desperate to explore the world of Storage, Where i was working on only Hitachi VSP and low end emc ...

Wednesday 7 March 2012