I have gone through the password resets a couple of times now and I am not seeing this router let me in:
rommon 1 > confreg
Configuration Summary
(Virtual Configuration Register: 0x2102)
enabled are:
[ 0 ] console baud: 9600
boot:...... image specified by the boot system commands
do you wish to change the configuration? y/n [n]:
rommon 2 > confreg
Configuration Summary
(Virtual Configuration Register: 0x2102)
enabled are:
[ 0 ] console baud: 9600
boot:...... image specified by the boot system commands
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]:
Configuration Summary
(Virtual Configuration Register: 0x142)
enabled are:
[ 0 ] ignore system config info
[ 1 ] console baud: 9600
boot:...... image specified by the boot system commands
do you wish to change the configuration? y/n [n]: n
You must reset or power cycle for new config to take effect
rommon 3 > reset
Resetting .......
Initializing Hardware ...
Checking for PCIe device presence...done
System integrity status: 0x610
Rom image verified correctly
System Bootstrap, Version 16.7(3r), RELEASE SOFTWARE
Copyright (c) 1994-2017 by cisco Systems, Inc.
Current image running: Boot ROM0
Last reset cause: LocalSoft
ISR4331/K9 platform with 4194304 Kbytes of main memory
........
no valid BOOT image found
Final autoboot attempt from default boot device...
Located isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin
Package header rev 1 structure detected
IsoSize = 471482368
Calculating SHA-1 hash...Validate package: SHA-1 hash:
calculated 92A40F6F:F8586BC3:F00F114B:EFB43257:B9728643
expected 92A40F6F:F8586BC3:F00F114B:EFB43257:B9728643
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 1 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 5 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 6 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 7 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 8 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 9 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 10 contained errors which were auto-corrected.
%IOSXEBOOT-4-BOOT_SRC: (rp/0): mounting /boot/super.iso to /tmp/sw/isos
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco ISR4331/K9 (1RU) processor with 1648789K/6147K bytes of memory.
Processor board ID FDO2205A2T3
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3125247K bytes of flash memory at bootflash:.
Press RETURN to get started!
*Mar 20 19:44:06.832: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is initialized
*Mar 20 19:44:08.462: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = ipbasek9 and License = ipbasek9
*Mar 20 19:44:09.583: %ISR_THROUGHPUT-6-LEVEL: Throughput level has been set to 100000 kbps
*Mar 20 19:44:14.181: dev_pluggable_optics_selftest attribute table internally inconsistent @ 0x144
*Mar 20 19:44:18.045: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Mar 20 19:44:19.051: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Mar 20 19:44:19.051: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Mar 20 19:44:19.051: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Mar 20 19:44:19.060: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Mar 20 19:44:20.390: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Mar 20 19:44:20.442: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 20 19:44:20.442: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Mar 20 19:44:20.442: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Mar 20 19:44:20.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 20 19:44:20.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Mar 20 19:44:21.685: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuration is ignored based on the configuration register setting.
*Mar 20 19:44:21.740: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Mar 20 19:44:21.744: %SPA_OIR-6-OFFLINECARD: SPA (ISR4331-3x1GE) offline in subslot 0/0
*Mar 20 19:44:21.749: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Mar 20 19:44:21.749: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Mar 20 19:44:21.751: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Mar 20 19:44:21.751: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Mar 20 19:44:21.754: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 1
*Mar 20 19:44:21.754: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 1
*Mar 20 19:44:21.763: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Mar 20 19:44:21.809: %SPA-3-ENVMON_NOT_MONITORED: SIP1: iomd: Environmental monitoring is not enabled for ISR4331-3x1GE[0/0]
*Mar 20 19:44:21.886: %SYS-5-RESTART: System restarted --
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre
*Mar 20 19:44:26.032: %SPA_OIR-6-ONLINECARD: SPA (ISR4331-3x1GE) online in subslot 0/0
*Mar 20 19:44:27.936: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Mar 20 19:44:27.994: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Mar 20 19:44:28.027: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/2, changed state to down
Router>enable
Router#show startup-config
Using 8855 out of 33554432 bytes
!
! Last configuration change at 19:14:23 GMT Mon Mar 20 2023
!
version 15.5
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname GKNT-RG41-IP1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
security passwords min-length 8
logging buffered 512000
no logging console
enable secret 5 $1$HD9M$LuvUILb2Cq8OTM6cZbJcY1
enable password 7 070B244A4F1C151146
!
aaa new-model
!
!
aaa group server tacacs+ VIRGIN_TACACS
server-private 193.193.126.180 key 7 15085A5451277828042A13714013
server-private 193.193.126.244 key 7 0109575C0E0655030D55685A4A11
ip tacacs source-interface GigabitEthernet0/0/1
!
aaa authentication login default group VIRGIN_TACACS local-case
aaa authentication enable default group VIRGIN_TACACS enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group VIRGIN_TACACS none
aaa authorization commands 1 default group VIRGIN_TACACS none
aaa authorization commands 15 default group VIRGIN_TACACS none
aaa accounting exec default start-stop group VIRGIN_TACACS
aaa accounting commands 15 default start-stop group VIRGIN_TACACS
aaa accounting network default start-stop group VIRGIN_TACACS
aaa accounting connection default start-stop group VIRGIN_TACACS
!
!
!
!
!
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
no ip source-route
!
!
!
!
!
!
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name vmbusiness
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4331/K9 sn FDO22043E7T
!
spanning-tree extend system-id
!
username n22_TaCaCs+ privilege 15 secret 5 $1$p6uR$2sRjn.w4i5dnjhbdZ1mBi1
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
no cdp run
!
!
policy-map MIA-Bleach-Inbound
class class-default
set dscp default
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Customers LAN
ip address 62.252.144.49 255.255.255.248
ip access-group 187 in
negotiation auto
service-policy input MIA-Bleach-Inbound
!
interface GigabitEthernet0/0/1
description 100mb WAN link to WINN-METNET-2A - LAG-5.101 CAL0311303
bandwidth 100000
ip address 213.81.87.122 255.255.255.254
speed 100
no negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Vlan1
no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 213.81.87.123
ip ssh time-out 15
ip ssh source-interface GigabitEthernet0/0/1
ip ssh rsa keypair-name GKNT-RG41-IP1.vmbusiness
ip ssh version 2
!
!
logging source-interface GigabitEthernet0/0/1
logging host 193.193.126.140
access-list 15 remark |----------------------------------|
access-list 15 remark | Control SNMP RW Access |
access-list 15 remark |---------------------------<VM>-| |
access-list 15 remark | Virgin Media Access |-|
access-list 15 remark |----------------------------<1>-|
access-list 15 permit 193.193.126.0 0.0.0.255
access-list 15 permit 62.255.250.0 0.0.0.255
access-list 15 permit 82.12.64.0 0.0.0.255
access-list 15 permit 81.96.227.0 0.0.0.255
access-list 15 permit 193.38.112.0 0.0.0.255
access-list 16 remark |----------------------------------|
access-list 16 remark | Control VTY Access |
access-list 16 remark |---------------------------<VM>-| |
access-list 16 remark | Virgin Media Access |-|
access-list 16 remark |----------------------------<1>-|
access-list 16 permit 193.193.126.0 0.0.0.255
access-list 16 permit 62.255.250.0 0.0.0.255
access-list 16 permit 82.12.64.0 0.0.0.255
access-list 16 permit 81.96.227.0 0.0.0.255
access-list 16 permit 193.38.112.0 0.0.0.255
access-list 18 remark |----------------------------------|
access-list 18 remark | Control NTP Access |
access-list 18 remark |---------------------------<VM>-| |
access-list 18 remark | Virgin Media Access |-|
access-list 18 remark |----------------------------<1>-|
access-list 18 permit 193.193.126.0 0.0.0.255
access-list 187 remark |-------------------------------------|
access-list 187 remark | CPE Hardening - Customer LAN |
access-list 187 remark |------------------------------<VM>-| |
access-list 187 remark | Virgin Media Access |-|
access-list 187 remark |-------------------------------<1>-|
access-list 187 remark |----IF REQUIRED INSERT CUSTOMER LAN RANGE----|
access-list 187 deny tcp any any eq bgp
access-list 187 remark |----IF REQUIRED INSERT CUSTOMER SPECIFIC LINES----|
access-list 187 deny ip 10.0.0.0 0.255.255.255 any
access-list 187 deny ip any 10.0.0.0 0.255.255.255
access-list 187 deny ip 127.0.0.0 0.255.255.255 any
access-list 187 deny ip any 127.0.0.0 0.255.255.255
access-list 187 deny ip 172.16.0.0 0.15.255.255 any
access-list 187 deny ip any 172.16.0.0 0.15.255.255
access-list 187 deny ip 192.168.0.0 0.0.255.255 any
access-list 187 deny ip any 192.168.0.0 0.0.255.255
access-list 187 deny udp any any eq bootpc
access-list 187 deny udp any any eq netbios-ns
access-list 187 deny udp any any eq netbios-dgm
access-list 187 deny udp any any eq netbios-ss
access-list 187 permit ip any any
!
snmp-server view DenyAll iso excluded
snmp-server view Cust_View system included
snmp-server view Cust_View interfaces included
snmp-server view Cust_View ip included
snmp-server view Cust_View ifMIB included
snmp-server view Cust_View entityMIB included
snmp-server view Cust_View adslMIB included
snmp-server view Cust_View local included
snmp-server view Cust_View temporary included
snmp-server view Cust_View ciscoRttMonMIB included
snmp-server view Cust_View ciscoMemoryPoolMIB included
snmp-server view Cust_View ciscoConfigCopyMIB excluded
snmp-server view Cust_View ciscoHsrpMIB included
snmp-server view Cust_View ciscoProcessMIB included
snmp-server view Cust_View ciscoCBQosMIB included
snmp-server view Cust_View atEntry.2 included
snmp-server view Cust_View lsystem.50 excluded
snmp-server view Cust_View lsystem.53 excluded
snmp-server view Cust_View lsystem.54 excluded
snmp-server view Cust_View lsystem.55 excluded
snmp-server view Cust_View transmission.127.1.1.4 included
snmp-server view Cust_View cdpGlobal.1 included
snmp-server view Cust_View ccmHistoryRunningLastChanged included
snmp-server view Cust_View ccmHistoryStartupLastChanged included
snmp-server view Cust_View vlanInfo.1 included
snmp-server view Cust_View cdpCacheEntry included
snmp-server community 12o3ijsdofhe94frwr39 RW 15
snmp-server community BS0Ca1arm view DenyAll RO 15
snmp-server trap-source GigabitEthernet0/0/1
snmp-server source-interface informs GigabitEthernet0/0/1
snmp-server tftp-server-list 15
snmp-server contact Peterborough_BSOC_01733393430
snmp-server enable traps tty
snmp-server host 193.193.126.185 BS0Ca1arm
snmp-server host 193.193.126.249 BS0Ca1arm
snmp-server file-transfer access-group 15 protocol tftp
snmp ifmib ifalias long
snmp ifmib ifindex persist
!
!
!
!
control-plane
!
banner exec ^C
|--------------------------------------------------------------------------|
|This device is managed, supported and it's configuration owned by the |
|Virgin Media Business & Security Operations Centre in Peterborough |
|--------------------------------------------------------------------------|
^C
banner login ^C
|--------------------------------------------------------------------------|
| I M P O R T A N T N O T I C E |
|Unauthorised use of this computer system may lead to criminal prosecution.|
|If you are not an authorised user, disconnect immediately. |
|Your use of this system may be monitored and/or recorded. |
|By accessing and using this system you consent to such monitoring for |
|law enforcement and other purposes. |
|--------------------------------------------------------------------------|
^C
alias exec e7683945 configured SECURE on Fri May 18 15:08:41 2018
!
line con 0
exec-timeout 15 0
password 7 110D1C031607071856
stopbits 1
line aux 0
exec-timeout 15 0
stopbits 1
line vty 0 4
access-class 16 in
exec-timeout 15 0
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 15 0
no exec
transport input none
transport output none
!
ntp source GigabitEthernet0/0/1
ntp access-group peer 18
ntp server 193.193.126.248
ntp server 193.193.126.184
!
end
Router#configure memory
A system RELOAD is required before templating state change
% Warning: use /31 mask on non point-to-point interface cautiously
interface Vlan1
^
% Invalid input detected at '^' marker.
no ip address
% Incomplete command.
GKNT-RG41-IP1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
GKNT-RG41-IP1(config)#enable secret defaultsecret
GKNT-RG41-IP1(config)#enable password defaultpassword
GKNT-RG41-IP1(config)#line con 0
GKNT-RG41-IP1(config-line)#password default
GKNT-RG41-IP1(config-line)#interface gigabitethernet0/0/1
GKNT-RG41-IP1(config-if)#no shutdown
GKNT-RG41-IP1(config-if)#interface gigabitethernet0/0/0
GKNT-RG41-IP1(config-if)#no shutdown
GKNT-RG41-IP1(config-if)#interface gigabitethernet0/0/2
GKNT-RG41-IP1(config-if)#no shutdown
GKNT-RG41-IP1(config-if)#config-register 0x2102
GKNT-RG41-IP1(config)#copy running-config startup-config
^
% Invalid input detected at '^' marker.
GKNT-RG41-IP1(config)#copy running-config startup-config
^
% Invalid input detected at '^' marker.
GKNT-RG41-IP1(config)#^Z
GKNT-RG41-IP1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
GKNT-RG41-IP1#copy running-config startup-config
Destination filename [startup-config]? startup-config
Building configuration...
[OK]
GKNT-RG41-IP1#reload
Proceed with reload? [confirm]
enable defaultenable
secret defaultsecret
console default (with a space on the end)
All I want to do is repurpose it, but the firmware is too old for factory-reset to work. Do I need to change the username do you think?
