AP4800E no password

Discussion in 'Cisco' started by Randy, Jul 24, 2005.

  1. Randy

    Randy Guest

    I recently started working at my wifes business and they have a Aironet
    AP4800E V8.24 AP4800E_28cd5e and the old IT person left and did not
    leave any passwords to any of the equipment. I have attached a serial
    cable and can get onto the 4800 but am locked out. I have scrounged
    Cisco for password recovery but to no avail. There are only two options
    on the menu when I boot up 1 is Privilege and 2 is help. When I select 1
    then W it asks for a password which I don't have. I have tried ctrl x
    and resetall both don't work. I did read somewhere some units have to be
    sent to Cisco for the reset. I can't find any info on Cisco relating
    directly to the AP4800E is the 340 and 350 the same thing and have the
    same commands. The reason I ask is when I do a search on Cisco's site
    for AP4800 it does sometimes point to the 340.

    Can anyone tell me if I can access this unit without sending it to
    Cisco? And if not how to reset it..

    Thanks
    Randy
    Randy, Jul 24, 2005
    #1
    1. Advertising

  2. Randy

    Uli Link Guest

    Randy schrieb:

    > I recently started working at my wifes business and they have a Aironet
    > AP4800E V8.24 AP4800E_28cd5e and the old IT person left and did not
    > leave any passwords to any of the equipment. I have attached a serial
    > cable and can get onto the 4800 but am locked out. I have scrounged
    > Cisco for password recovery but to no avail. There are only two options
    > on the menu when I boot up 1 is Privilege and 2 is help. When I select 1
    > then W it asks for a password which I don't have. I have tried ctrl x
    > and resetall both don't work. I did read somewhere some units have to be
    > sent to Cisco for the reset. I can't find any info on Cisco relating
    > directly to the AP4800E is the 340 and 350 the same thing and have the
    > same commands. The reason I ask is when I do a search on Cisco's site
    > for AP4800 it does sometimes point to the 340.
    >
    > Can anyone tell me if I can access this unit without sending it to
    > Cisco? And if not how to reset it..



    The official answer: there is no passwd recovery in the fw.

    But if you have another 4500 or 4800 AP and access to the other unit,
    then you can upgrade the other to 8.80 and then push the fw update to
    the unit without passwd, if the old admin hasn't turned fw update of.
    Perhaps the radio stops working with 8.80, but after recovering the
    passswd, you can downgrade the fw back and the radio will work again.

    Did this with a bunch of 3500 AP after pulling the radio, so they
    accepted the wrong firmware. All still working ;-)

    --
    Uli
    Uli Link, Jul 24, 2005
    #2
    1. Advertising

  3. Randy

    Randy Guest

    Unfortunately this is the only Aironet in the whole building and at my
    disposal. :(

    Thanks for the prompt reply

    Randy Simmons

    Uli Link wrote:

    > Randy schrieb:
    >
    >> I recently started working at my wifes business and they have a
    >> Aironet AP4800E V8.24 AP4800E_28cd5e and the old IT person left and
    >> did not leave any passwords to any of the equipment. I have attached
    >> a serial cable and can get onto the 4800 but am locked out. I have
    >> scrounged Cisco for password recovery but to no avail. There are only
    >> two options on the menu when I boot up 1 is Privilege and 2 is help.
    >> When I select 1 then W it asks for a password which I don't have. I
    >> have tried ctrl x and resetall both don't work. I did read somewhere
    >> some units have to be sent to Cisco for the reset. I can't find any
    >> info on Cisco relating directly to the AP4800E is the 340 and 350 the
    >> same thing and have the same commands. The reason I ask is when I do
    >> a search on Cisco's site for AP4800 it does sometimes point to the 340.
    >>
    >> Can anyone tell me if I can access this unit without sending it to
    >> Cisco? And if not how to reset it..

    >
    >
    >
    > The official answer: there is no passwd recovery in the fw.
    >
    > But if you have another 4500 or 4800 AP and access to the other unit,
    > then you can upgrade the other to 8.80 and then push the fw update to
    > the unit without passwd, if the old admin hasn't turned fw update of.
    > Perhaps the radio stops working with 8.80, but after recovering the
    > passswd, you can downgrade the fw back and the radio will work again.
    >
    > Did this with a bunch of 3500 AP after pulling the radio, so they
    > accepted the wrong firmware. All still working ;-)
    >
    Randy, Jul 24, 2005
    #3
  4. Randy

    Uli Link Guest

    Randy schrieb:

    > Unfortunately this is the only Aironet in the whole building and at my
    > disposal. :(


    I still have a few 3500E, but in Germany.

    --
    Uli
    Uli Link, Jul 24, 2005
    #4
  5. www.BradReese.Com, Jul 24, 2005
    #5
  6. Randy

    Dan Lanciani Guest

    In article <>, randy@comcast.*net (Randy) writes:

    | Unfortunately this is the only Aironet in the whole building and at my
    | disposal. :(

    If you can convince the boot block that the main firmware is missing or
    corrupt it will request an Xmodem load on the console. (You can then
    install a newer firmware version that supports password reset.) You
    will probably have to rig up a circuit to disable the flash chip after
    the boot block is copied to RAM but before the main firmware is fully
    decompressed. Interestingly, once when I was doing this I glitched
    something at the wrong (right?) time and got a prompt that (among other
    things) let me enter the normal menu system with write privilege without
    resetting the configuration to default.

    Dan Lanciani
    ddl@danlan.*com
    Dan Lanciani, Jul 25, 2005
    #6
  7. Randy

    Randy Guest

    Is this using a eeprom? if so can I open it up and reset it manually? Or
    is this in a sense what you are saying I thought of this last night

    I know the unit works fine because I left it on last night and forgot
    about it. I turned on my laptop this afternoon and it found the signal.
    Ah but it is also pw protected. :(


    Dan Lanciani wrote:

    >In article <>, randy@comcast.*net (Randy) writes:
    >
    >| Unfortunately this is the only Aironet in the whole building and at my
    >| disposal. :(
    >
    >If you can convince the boot block that the main firmware is missing or
    >corrupt it will request an Xmodem load on the console. (You can then
    >install a newer firmware version that supports password reset.) You
    >will probably have to rig up a circuit to disable the flash chip after
    >the boot block is copied to RAM but before the main firmware is fully
    >decompressed. Interestingly, once when I was doing this I glitched
    >something at the wrong (right?) time and got a prompt that (among other
    >things) let me enter the normal menu system with write privilege without
    >resetting the configuration to default.
    >
    > Dan Lanciani
    > ddl@danlan.*com
    >
    >
    Randy, Jul 25, 2005
    #7
  8. Randy

    Dan Lanciani Guest

    In article <>, randy@comcast.*net (Randy) writes:

    | Is this using a eeprom?

    It's a flash chip.

    | if so can I open it up and reset it manually?

    I suppose you could unsolder the surface-mount chip, reprogram it, and
    re-solder it...

    |Or
    | is this in a sense what you are saying I thought of this last night

    I was suggesting a somewhat less invasive strategy to trick the boot
    block into thinking thinking that it didn't have a valid main firmware
    image.

    Dan Lanciani
    ddl@danlan.*com
    Dan Lanciani, Jul 26, 2005
    #8
  9. Randy

    Martin Kayes Guest

    Hi,

    I just saw this thread and was wondering if the following would help. It is
    a part of the upgrade procedure for the AP4800 (and other VxWorks devices).

    There is an option to format the config area of flash - this should allow
    you to wipe the config. I haven't tried it myself but it may be of some
    use, I have modified the text to show what you should try:



    Determine the Boot-Block Version

    When you connect to the AP and the Summary Status screen appears, reboot the
    AP: press Ctrl-X, or unplug and then replug the power connector.

    As the AP reboots, introductory system information appears. The boot-block
    version appears in the third line of this text and is labeled Bootstrap Ver.


    *** If your boot-block version is 1.01, your introductory text might look
    like this:

    System ID: 00409625854D
    Motherboard: MPC860 50MHz, 2048KB FLASH, 16384KB DRAM, Revision 20
    Bootstrap Ver. 1.01: FLASH, CRC 4143E410 (OK)
    Initialization: OK Upgrade Method for Boot-Block Versions 1.01 and Earlier
    Follow these steps to upgrade your AP if the boot-block version is 1.01 or
    earlier:

    While the terminal emulator is connected to the console at 9600-8-N-1, power
    up the AP. This prompt appears:

    Type <esc> within 5 seconds for menu.To enter the menu, press Esc. This
    prompt appears:

    Type '=' for main menu.Press = (the equal sign key) to go to the main menu.

    c -- Copy file
    f -- File dir
    l -- downLoad file into DRAM
    u -- Upload file
    p -- xfer Protocol
    n -- coNsole
    r -- Run
    s -- System info.
    ! -- FORMAT memory bank

    Note: The menus are case-sensitive, and there is no command prompt like
    those seen in a Windows or UNIX command shell.

    Press ! (the exclamation mark key, Shift-1) to erase the contents of Flash
    memory

    ! -- FORMAT memory bank
    Press 2 to select the Config bank.

    FORMAT Memory Bank:

    1 -- DRAM
    2 -- Config
    3 -- FLASH
    Press Y to confirm FORMAT.

    Caution: This step erases all files in the bank.

    Y -- *FORMAT*
    N -- CANCEL

    When the Flash memory is erased, the system displays the updated contents of
    all memory types.

    OR...

    *** Method for Boot-Block Versions 1.02 and Later

    Follow these steps to upgrade your AP if the boot-block version is 1.02 or
    later:

    When the memory files are listed under the heading of Memory:File, press
    Ctrl-W within five seconds to reach the boot-block menu.

    Press = (the equal sign key) to go to the main menu.

    c -- Copy file
    f -- File dir
    l -- downLoad file into DRAM
    u -- Upload file
    p -- xfer Protocol
    n -- coNsole
    r -- Run
    s -- System info.Note:

    The menus are case-sensitive, and there is no command prompt like those seen
    in a Windows or UNIX command shell.

    Press Ctrl-Z to display the hidden reformat menu.

    Press ! (the exclamation mark key, Shift-1) to erase the contents of Flash
    memory

    ! -- FORMAT memory bank
    Press 2 to select the Config memory bank.

    FORMAT Memory Bank:

    1 -- DRAM
    2 -- Config
    3 -- FLASH
    Press Y to confirm FORMAT.

    Caution: This step erases all files in the bank.

    Y -- *FORMAT*
    N -- CANCEL

    When the Flash memory is erased, the system displays the updated contents of
    all memory types.



    Regards,

    Martin



    "Randy" <randy@comcast.*net> wrote in message
    news:...
    >I recently started working at my wifes business and they have a Aironet
    >AP4800E V8.24 AP4800E_28cd5e and the old IT person left and did not leave
    >any passwords to any of the equipment. I have attached a serial cable and
    >can get onto the 4800 but am locked out. I have scrounged Cisco for
    >password recovery but to no avail. There are only two options on the menu
    >when I boot up 1 is Privilege and 2 is help. When I select 1 then W it asks
    >for a password which I don't have. I have tried ctrl x and resetall both
    >don't work. I did read somewhere some units have to be sent to Cisco for
    >the reset. I can't find any info on Cisco relating directly to the AP4800E
    >is the 340 and 350 the same thing and have the same commands. The reason I
    >ask is when I do a search on Cisco's site for AP4800 it does sometimes
    >point to the 340.
    >
    > Can anyone tell me if I can access this unit without sending it to Cisco?
    > And if not how to reset it..
    >
    > Thanks
    > Randy
    Martin Kayes, Jul 26, 2005
    #9
  10. Randy

    Dan Lanciani Guest

    In article <dc5c8t$mf6$1$>, (Martin Kayes) writes:
    | Hi,
    |
    | I just saw this thread and was wondering if the following would help. It is
    | a part of the upgrade procedure for the AP4800 (and other VxWorks devices).

    The AP4800E is not a VxWorks device; it runs the original Aironet custom OS.

    Dan Lanciani
    ddl@danlan.*com
    Dan Lanciani, Jul 26, 2005
    #10
  11. Randy

    Martin Kayes Guest

    That rings a bell. The example on Cisco's website that I copied the posted
    commands from was done on an AP4800E so either the interrupt sequence is the
    same or at some time they may have had a VxWorks upgrade available.

    It's a bit before my time though!

    Martin

    "Dan Lanciani" <ddl@danlan.*com> wrote in message
    news:...
    > In article <dc5c8t$mf6$1$>, (Martin
    > Kayes) writes:
    > | Hi,
    > |
    > | I just saw this thread and was wondering if the following would help.
    > It is
    > | a part of the upgrade procedure for the AP4800 (and other VxWorks
    > devices).
    >
    > The AP4800E is not a VxWorks device; it runs the original Aironet custom
    > OS.
    >
    > Dan Lanciani
    > ddl@danlan.*com
    Martin Kayes, Jul 27, 2005
    #11
  12. Randy

    Uli Link Guest

    Martin Kayes schrieb:
    > That rings a bell. The example on Cisco's website that I copied the posted
    > commands from was done on an AP4800E so either the interrupt sequence is the
    > same or at some time they may have had a VxWorks upgrade available.


    No, there is no such upgrade. The Aironet 4800E is totally different
    hardware, with a Motorolla 68020 CPU. Larger case.
    The Aironet VxWorks 4800B is a PowerPC860. This is what shortly later
    was renamed to Cisco Aironet 340. Those one don't have AUI and BNC
    connectors and no Power switch.

    --
    Uli
    Uli Link, Jul 27, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dirk
    Replies:
    4
    Views:
    1,479
  2. Deepak K
    Replies:
    2
    Views:
    12,295
    Deepak K
    Apr 19, 2005
  3. Kompu Kid
    Replies:
    5
    Views:
    1,482
    Wai Doan Hsu
    Aug 2, 2004
  4. morph
    Replies:
    0
    Views:
    466
    morph
    May 20, 2008
  5. jamesstevn
    Replies:
    0
    Views:
    1,810
    jamesstevn
    Mar 10, 2010
Loading...

Share This Page