Recently i changed my employer. I was so desperate to explore the world of Storage, Where i was working on only Hitachi VSP and low end emc storages and thank god now i got a job under the World Leader of Storage.
The very first task given to me was to configure a SAN fabric out of
1)Cisco Nexus 5020
2)Cisco MDS 9509 &
3)Brocade DCX-B switches.Where my nexus switch is gonna be the director switch.
I was stuck up with the nexus SAN switch where i didn't knew the admin password. Below i have explained in a step by step way on how to break the admin password for the same.
1)Power on the Cisco Nexus switch and observe the output in console. If we know the boot procedure we can see that first it will run the BIOS, then it will load the kickstart image from the boot loader prompt, Once the kickstart image verification is done without error then from the switch(boot) prompt the switch will boot to the init level 3 loading the system image, where we can do the normal switch operations. The important images required for the switch to boot is
a) Kickstart image &
b) System Image which resides in the bootflash: directory of the switch.
But we should not allow the switch to boot to the run level 3 nor load the System image.Before that we should break it and bring the switch to switch (boot) prompt.Below is the output that shows while a nexus switch boots up.
Booting kickstart image: bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin....
.......................................................................Image ve
rification OK
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test..............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
Creating /callhome..
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems..... done.
.
Loading system software
Uncompressing system image: bootflash:/n5000-uk9.4.1.3.N2.1.bin
Loading plugin 0: core_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/0, tar_log = /isan/plugin_extract_log/0
Loading plugin 1: eth_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/1, tar_log = /isan/plugin_extract_log/1
plugin_file_is_excluded_from_exec_path: /boot/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0.0.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/etc/ is excluded from linking
INIT: Entering runlevel: 3
Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.
Setting envvar: SYSMGR_SERVICE_NAME to muxif_service
Set envvar SYSMGR_SERVICE_NAME to muxif_service
/isan/bin/muxif_config: argc:2
muxif_init....vacl: ret: 0
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2012 Mar 13 11:29:11 Securitty %$ VDC-1 %$ %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
Executing Port Power On Tests........................Done
2012 Mar 13 11:31:39 Securitty %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online
Nexus 5000 Switch
admin login :
*****************************************************************************
2)To break the boot sequence once the POST is completed either press Cntrol and ']' (Cntrl + ]) or Control and Sihft alongwith 'b'.
This depends on the models of switch you are working on. In the Latest Nexus switch should work and that worked for me.Cntrl + ]
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test..............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
^]Creating /callhome.. (Here by giving 'Cntrl + ]' i am breaking the boot sequence)
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems....r. done.
.
INIT: Sending processes the KILL signal kernel daemon...don
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch(boot)#
*********************************************************************************
3) Once you reach the sitch(boot) prompt, there are only few commands that can be performed here. Here itself you have to change the admin password with command. admin-password.
Switch(boot)# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(boot)(config)# admin-password password123there
Password is not strong enough: Password should contain characters from at least three of the following classes: lower case letters, upper case letters, digits and special characters.
switch(boot)(config)# admin-password P@ssword123
switch(boot)(config)# exit
*****************************************************************************
4) Once the password is rest then we have to load the system image from this prompt using the load command.
switch(boot)# dir bootflash:
bootflash:license_SSI14190KEY_15.lic
bootflash:lost+found
bootflash:mts.log
bootflash:n5000-uk9-kickstart.4.1.3.N2.1.bin
bootflash:n5000-uk9.4.1.3.N2.1.bin
bootflash:vdc_2
bootflash:vdc_3
bootflash:vdc_4
switch(boot)# dir bootflash:
497 Aug 11 2010 21:20:20 license_SSI14190KEY_15.lic
16384 Aug 11 2010 21:07:16 lost+found/
1418 Mar 13 2012 10:43:18 mts.log
21680640 Aug 11 2010 21:12:03 n5000-uk9-kickstart.4.1.3.N2.1.bin
136255825 Aug 11 2010 21:12:37 n5000-uk9.4.1.3.N2.1.bin
4096 Jan 01 2005 00:02:30 vdc_2/
4096 Jan 01 2005 00:02:30 vdc_3/
4096 Jan 01 2005 00:02:30 vdc_4/
Usage for bootflash: filesystem
219824128 bytes total used
663527424 bytes free
883351552 bytes available
switch(boot)# load bootflash:n5000-uk9.4.1.3.N2.1.bin
INIT: Unexporting directories for NFS kernel daemon...done.
Stopping NFS kernel daemon: rpc.mountd rpc.nfsddone.
Unexporting directories for NFS kernel daemon...
done.
Stopping portmap daemon: portmap.
Stopping kernel log daemon: klogd.
Sending all processes the TERM signal... done.
Sending all processes the KILL signal... done.
Unmounting remote filesystems... done.
Deactivating swap...done.
Unmounting local filesystems...done.
mount: you must specify the filesystem type
Starting reboot command: reboot
Rebooting...
Restarting system.
Booting kickstart image: bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin....
.......................................................................Image ve
rification OK
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test..............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
Creating /callhome..
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems..... done.
.
Loading system software
Uncompressing system image: bootflash:/n5000-uk9.4.1.3.N2.1.bin
Loading plugin 0: core_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/0, tar_log = /isan/plugin_extract_log/0
Loading plugin 1: eth_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/1, tar_log = /isan/plugin_extract_log/1
plugin_file_is_excluded_from_exec_path: /boot/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0.0.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/etc/ is excluded from linking
INIT: Entering runlevel: 3
Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.
Setting envvar: SYSMGR_SERVICE_NAME to muxif_service
Set envvar SYSMGR_SERVICE_NAME to muxif_service
/isan/bin/muxif_config: argc:2
muxif_init....vacl: ret: 0
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2012 Mar 13 11:29:11 Securitty %$ VDC-1 %$ %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
Executing Port Power On Tests........................Done
2012 Mar 13 11:31:39 Securitty %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online
The very first task given to me was to configure a SAN fabric out of
1)Cisco Nexus 5020
2)Cisco MDS 9509 &
3)Brocade DCX-B switches.Where my nexus switch is gonna be the director switch.
I was stuck up with the nexus SAN switch where i didn't knew the admin password. Below i have explained in a step by step way on how to break the admin password for the same.
1)Power on the Cisco Nexus switch and observe the output in console. If we know the boot procedure we can see that first it will run the BIOS, then it will load the kickstart image from the boot loader prompt, Once the kickstart image verification is done without error then from the switch(boot) prompt the switch will boot to the init level 3 loading the system image, where we can do the normal switch operations. The important images required for the switch to boot is
a) Kickstart image &
b) System Image which resides in the bootflash: directory of the switch.
But we should not allow the switch to boot to the run level 3 nor load the System image.Before that we should break it and bring the switch to switch (boot) prompt.Below is the output that shows while a nexus switch boots up.
Booting kickstart image: bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin....
.......................................................................Image ve
rification OK
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test..............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
Creating /callhome..
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems..... done.
.
Loading system software
Uncompressing system image: bootflash:/n5000-uk9.4.1.3.N2.1.bin
Loading plugin 0: core_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/0, tar_log = /isan/plugin_extract_log/0
Loading plugin 1: eth_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/1, tar_log = /isan/plugin_extract_log/1
plugin_file_is_excluded_from_exec_path: /boot/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0.0.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/etc/ is excluded from linking
INIT: Entering runlevel: 3
Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.
Setting envvar: SYSMGR_SERVICE_NAME to muxif_service
Set envvar SYSMGR_SERVICE_NAME to muxif_service
/isan/bin/muxif_config: argc:2
muxif_init....vacl: ret: 0
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2012 Mar 13 11:29:11 Securitty %$ VDC-1 %$ %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
Executing Port Power On Tests........................Done
2012 Mar 13 11:31:39 Securitty %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online
Nexus 5000 Switch
admin login :
*****************************************************************************
2)To break the boot sequence once the POST is completed either press Cntrol and ']' (Cntrl + ]) or Control and Sihft alongwith 'b'.
This depends on the models of switch you are working on. In the Latest Nexus switch should work and that worked for me.Cntrl + ]
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test..............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
^]Creating /callhome.. (Here by giving 'Cntrl + ]' i am breaking the boot sequence)
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems....r. done.
.
INIT: Sending processes the KILL signal kernel daemon...don
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch(boot)#
*********************************************************************************
3) Once you reach the sitch(boot) prompt, there are only few commands that can be performed here. Here itself you have to change the admin password with command. admin-password.
Switch(boot)# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(boot)(config)# admin-password password123there
Password is not strong enough: Password should contain characters from at least three of the following classes: lower case letters, upper case letters, digits and special characters.
switch(boot)(config)# admin-password P@ssword123
switch(boot)(config)# exit
*****************************************************************************
4) Once the password is rest then we have to load the system image from this prompt using the load command.
switch(boot)# dir bootflash:
bootflash:license_SSI14190KEY_15.lic
bootflash:lost+found
bootflash:mts.log
bootflash:n5000-uk9-kickstart.4.1.3.N2.1.bin
bootflash:n5000-uk9.4.1.3.N2.1.bin
bootflash:vdc_2
bootflash:vdc_3
bootflash:vdc_4
switch(boot)# dir bootflash:
497 Aug 11 2010 21:20:20 license_SSI14190KEY_15.lic
16384 Aug 11 2010 21:07:16 lost+found/
1418 Mar 13 2012 10:43:18 mts.log
21680640 Aug 11 2010 21:12:03 n5000-uk9-kickstart.4.1.3.N2.1.bin
136255825 Aug 11 2010 21:12:37 n5000-uk9.4.1.3.N2.1.bin
4096 Jan 01 2005 00:02:30 vdc_2/
4096 Jan 01 2005 00:02:30 vdc_3/
4096 Jan 01 2005 00:02:30 vdc_4/
Usage for bootflash: filesystem
219824128 bytes total used
663527424 bytes free
883351552 bytes available
switch(boot)# load bootflash:n5000-uk9.4.1.3.N2.1.bin
INIT: Unexporting directories for NFS kernel daemon...done.
Stopping NFS kernel daemon: rpc.mountd rpc.nfsddone.
Unexporting directories for NFS kernel daemon...
done.
Stopping portmap daemon: portmap.
Stopping kernel log daemon: klogd.
Sending all processes the TERM signal... done.
Sending all processes the KILL signal... done.
Unmounting remote filesystems... done.
Deactivating swap...done.
Unmounting local filesystems...done.
mount: you must specify the filesystem type
Starting reboot command: reboot
Rebooting...
Restarting system.
Booting kickstart image: bootflash:/n5000-uk9-kickstart.4.1.3.N2.1.bin....
.......................................................................Image ve
rification OK
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 booting
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test..............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
Creating /callhome..
Mounting /callhome..
Creating /callhome done.
Callhome spool file system init done.
Checking all filesystems..... done.
.
Loading system software
Uncompressing system image: bootflash:/n5000-uk9.4.1.3.N2.1.bin
Loading plugin 0: core_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/0, tar_log = /isan/plugin_extract_log/0
Loading plugin 1: eth_plugin...
plugin_link_to_exec_path: plugin_path = /isan/plugin/1, tar_log = /isan/plugin_extract_log/1
plugin_file_is_excluded_from_exec_path: /boot/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/ is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/lib/libplugin_sysreg.so.0.0.0 is excluded from linking
plugin_file_is_excluded_from_exec_path: /boot/etc/ is excluded from linking
INIT: Entering runlevel: 3
Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.
Setting envvar: SYSMGR_SERVICE_NAME to muxif_service
Set envvar SYSMGR_SERVICE_NAME to muxif_service
/isan/bin/muxif_config: argc:2
muxif_init....vacl: ret: 0
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2012 Mar 13 11:29:11 Securitty %$ VDC-1 %$ %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
Executing Port Power On Tests........................Done
2012 Mar 13 11:31:39 Securitty %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online
**********************************************************************************
5) Now the switch is booted in run level 3 and is up.You can give the admin login and password and login to the switch.
login as: admin
Using keyboard-interactive authentication.
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
libh250#
**********************************************************************
New articles on restoring san switch from loader prompt, Upgrading images of Cisco SANswitches and configuring fabric using ISL are all yet to published in my next few updates here.
Cool!!!!! Thanx for this information...
ReplyDelete????
ReplyDelete