Cisco841M 来ました

Cisco841-01Cisco841-02

IMG_7299

前回の投稿からもう1年近くが経ってますが、諸々の事情でBeaglebone Blackの件は進んでません…。

で、それとは別に。

夏くらいから購入を狙っていたCisco841Mを発注しまして、先ほど納品されました。

昨今の普通の人ならLANにつないでWebブラウザで………という発想になるわけですが、ふつ〜のひとである私はいつも通りおもむろにコンソールケーブルを引っ張り出してPCへつなぎ、電源を入れてみました。     ということで、boot messageを以下に貼りつけておきます(一部、念のため情報をマスクしています);

% sudo cu -l /dev/cu.KeySerial1
Password:
Connected.

System Bootstrap, Version 15.5(1r)T1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2014 by cisco Systems, Inc.

Total memory size = 512 MB
C841M-4X-JAIS/K9 platform with 524288 Kbytes of main memory
Main memory is configured to 32 bit mode

Readonly ROMMON initialized

IOS Image Load Test
___________________
Digitally Signed Production Software
Self decompressing the image : ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################## [OK]
*** No sreloc section
Smart Init is enabled
smart init is sizing iomem
TYPE      MEMORY_REQ
Onboard devices &
buffer pools      0x01AECEC0
———————————————–
TOTAL:      0x01AECEC0

Rounded IOMEM up to: 26Mb.
Using 5 percent iomem. [26Mb/512Mb]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C800M Software (C800M-UNIVERSALK9-M), Version 15.5(3)M, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Thu 23-Jul-15 03:45 by prod_rel_team

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco C841M-4X-JAIS/K9 (revision 1.0) with 496716K/27571K bytes of memory.
Processor board ID XXXXXXXXXXX
6 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 32 bits wide
255K bytes of non-volatile configuration memory.
1916928K bytes of SD Flash sdflash (Read/Write)

Press RETURN to get started!

*Jan  2 00:00:00.663: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c800m Next reboot level = advipservices and License = advipservices
*Dec 19 02:04:47.343: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized
*Dec 19 02:04:47.347: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled
*Dec 19 02:04:59.875: %LINK-3-UPDOWN: Interface GigabitEthernet0/4, changed state to down
*Dec 19 02:04:59.875: %LINK-3-UPDOWN: Interface GigabitEthernet0/5, changed state to down
*Dec 19 02:05:00.751: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Dec 19 02:05:00.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/4, changed state to down
*Dec 19 02:05:00.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/5, changed state to down
*Dec 19 02:05:10.123: %SYS-5-LOG_CONFIG_CHANGE: Buffer logging: level warnings, xml disabled, filtering disabled, size (51200)
*Dec 19 02:05:10.539: %SYS-5-CONFIG_I: Configured from memory by console
*Dec 19 02:05:12.503: %LINK-5-CHANGED: Interface GigabitEthernet0/4, changed state to administratively down
*Dec 19 02:05:12.503: %LINK-5-CHANGED: Interface GigabitEthernet0/5, changed state to administratively down
*Dec 19 02:05:14.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Dec 19 02:05:14.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Dec 19 02:05:14.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Dec 19 02:05:14.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to down
*Dec 19 02:05:18.759: %SYS-5-RESTART: System restarted —
Cisco IOS Software, C800M Software (C800M-UNIVERSALK9-M), Version 15.5(3)M, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Thu 23-Jul-15 03:45 by prod_rel_team
*Dec 19 02:05:19.055: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Dec 19 02:05:19.903: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Dec 19 02:05:19.903: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
———————————————————————–
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username “cisco” with the
password “cisco”. These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
———————————————————————–

User Access Verification

Username: cisco
Password:
% Password expiration warning.
———————————————————————–

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username “cisco” for  one-time use. If you have
already used the username “cisco” to login to the router and your IOS image
supports the “one-time” user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

———————————————————————–

yourname#

とまあ、こんな感じ。bannerをよく読めばわかる通り、

  • 初期login名: cisco
  • 初期password: cisco

となっています。ただしこのアカウントは最初の一回かぎりのみ有効で、loginすると無効になってしまいます。そう、runnung config上では。 ……もうわかったと思いますが、write memやcopy run startup-configをしない限り無効にはなりません。startup configにはしっかりと残っています。なので、おもむろにACアダプタを抜いてから再度差し込んでやれば、初期アカウントでのloginは可能です(電源スイッチはありません)。 で、以下がstartup configになります;

yourname#sh conf
Using 3785 out of 262136 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
ethernet lmi ce
!
crypto pki trustpoint TP-self-signed-1832251863
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1832251863
revocation-check none
rsakeypair TP-self-signed-1832251863
!
!
crypto pki certificate chain TP-self-signed-1832251863
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.128
default-router 10.10.10.1
lease 0 2
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
license udi pid C841M-4X-JAIS/K9 sn XXXXXXXXXXX
!
!
username cisco privilege 15 one-time secret 5 $1$snwY$7gUfOdRI65oeJb.wZ47up1
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface GigabitEthernet0/3
no ip address
!
interface GigabitEthernet0/4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/5
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.128
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
access-list 23 permit 10.10.10.0 0.0.0.127
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
———————————————————————–

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username “cisco” for  one-time use. If you have
already used the username “cisco” to login to the router and your IOS image
supports the “one-time” user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

———————————————————————–
^C
banner login ^C
———————————————————————–
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username “cisco” with the
password “cisco”. These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
———————————————————————–
^C
!
line con 0
login local
no modem enable
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

yourname#

だいたい予想通りなのですが、最初からno cdp runになっていたのはちょっとびっくり。そういうものですかね。 NVRAMとフラッシュメモリの中身はこんな感じ。

yourname#dir nvram:
Directory of nvram:/

249  -rw-        3785                    <no date>  startup-config
250  —-        1914                    <no date>  private-config
251  -rw-        3785                    <no date>  underlying-config
1  -rw-        2945                    <no date>  cwmp_inventory
4  —-         396                    <no date>  persistent-data
5  -rw-          17                    <no date>  ecfm_ieee_mib
6  -rw-         559                    <no date>  IOS-Self-Sig#1.cer
7  -rw-         559                    <no date>  IOS-Self-Sig#2.cer

262136 bytes total (249217 bytes free)
yourname#dir fla
yourname#dir flash:
Directory of sdflash:/

1  -rw-        3068  Sep 28 2015 06:50:36 +00:00  cpconfig-8xx.cfg
2  -rw-    58966316  Oct 27 2015 01:37:00 +00:00  c800m-universalk9-mz.SPA.155-3.M.bin
3  drw-           0  Oct 27 2015 01:29:16 +00:00  ccpexp
458  -rw-        2885  Oct 27 2015 01:32:52 +00:00  home.shtml

1958944768 bytes total (1892286464 bytes free)

こちらも、まあ予想通りな感じではあります。フラッシュメモリのccpexpディレクトリの下は、おそらくWebインタフェイス用と思われるファイル群がたくさん詰まっていました。これらについては、長いので省略。フラッシュメモリのデバイス名が`sdflash:’とあるので、実はSDカードかもしれません…。これはまあ、あとで分解して確認してみましょう。

ということで、第一印象のレポートでした。

カテゴリー: Cisco パーマリンク