3Com Switch - Lost Password Recovery

http://www.tek-tips.com/viewthread.cfm?qid=1181703&page=4

Hi, I spent a good few days trying to recover a lost password on one of our 3Com switches, i tried every backdoor i could find but to no avail. I finally found an answer... on the 3Com website.. log into the switch via hyperterminal and a com cable using the username and password "recover", it will then give you 30 seconds to pull the power. Once you stick the power back in and log on to the switch again, it will ask you for a new password.I'm not sure if this will work on all switches or just newer ones, but it's always worth a try.

http://www.directron.com/faq3switches.html

SuperStack 3 Switch 4400/4900/ SS 3 Webcache, Switch 4050/60 - How to recover from a Lost passwordProblem: How to recover from a Lost passwordProblem: Password Recovery ProcedureFact:
SuperStack 3 Switch 4400
SuperStack 3 Switch 4900
SuperStack 3 Switch 4900 12-Port
SuperStack 3 Switch 4900 12-Port 1000BASE-SX
SuperStack 3 Switch 4924
SuperStack 3 Switch 4950
SuperStack 3 Switch 4300
SuperStack 3 Webcache
SuperStack 3 Webcache 1000
SuperStack 3 Webcache 3000
SuperStack 3 Switch 4250T
SuperStack 3 Switch 4226T
Switch 4050
Switch 4060
3C16115
3C16116
Password
Admin passwordProblem: Forgot the password for the "admin" user account and can no longer perform important management operations.Problem: Lost passwordProblem: Lost admin passwordProblem: Cannot login as user "admin"Cause: If you forget your password, for the admin user account, but have other "Security" user accounts set up on your unit, you are able to reset the Admin password. The following Password Recovery allows you to define a new password for the admin account, even though you have forgotten the current one.Fix: Note the following information is on the CD ( Shipped with the product ) in the "Management Interface Reference Guide" under Support > Problem Solving > Solving Command Line Interface Problems. It is the fourth solution in the list. If you have added any additional users with "Security" access level each additional user can modify all passwords on the unit. Should any password become lost, a user with Security access level must log into a unit via the Command Line Interface and change the password of the user account in question. Use the "security > device > user > modify" command to do this. NOTE: You can modify user details for the entire stack using the modify command on the User menu. NOTE: A user's access level cannot be modified To modify user 'admin' details for the stack: 1. Login to the unit as 'security' or admin equivalent user. From the Top-level menu, enter: security device user modify. The following prompt is displayed: Enter the user name 2. Enter the name of the user 'admin'. The following prompt is displayed: Enter the password: 3. Enter a new password for the user. The following prompt is displayed: Re-enter the password: 4. Enter the password for the user again. The following prompt is displayed: Enter the community string [ ]: 5. Enter a community string "private" for the user "admin". 6. Verify the user accounts are correct by entering the command "summary". The table displayed will list all user accounts showing security level and community string. NOTE the passwords are not displayed.Cause: If you forget your password, for the admin user account, and have no other "Security" user accounts set up on your unit, you will no longer be able to perform important security management operations on that unit. The following Password Recovery allows you to define a new password for the admin account, even though you have forgotten the current one.Fix: Should there be no Security level logins (including "Admin") available on the unit, you must use the password recovery method outlined below, to define a new password for the "admin" user account: NOTE: Password recovery can be enabled or disabled at any time through the CLI, by accessing the CLI and using the security > device > user > pwdRecover command. CAUTION: If you disable Password Recovery for a Switch and subsequently forget the password for the "admin" user account, you will have to return the Switch to 3Com. NOTE: If your product has a Redundant Power Supply (RPS) connected, you will need to disconnect it in order to perform a hard reset. NOTE: You cannot use a soft reset operation to reset the password of the "admin" user account. This will end the password recovery procedure and return you to the CLI login prompt. NOTE: Password recovery cannot be performed via a SLIP (Serial Line Internet Protocol) connection. Use the password recovery method outlined below to define a new password for the admin username: 1.Access the Command Line Interface and enter the user name "recover" and password "recover" to place your unit in password recovery mode. The unit will remain in password recovery mode for a maximum of 30 seconds, before it returns to the CLI login prompt. 2. During the 30 seconds, perform a hard reset on the unit while the it is still in password recovery mode by switching it off, waiting a few seconds, and switching it on again. 3. When the unit has rebooted following the hard reset enter a new password for the "admin" user account. 4. Enter enable to leave password recovery enabled, or enter disable to turn it off. You are now logged in as the default "admin" user. NOTE:Password recovery cannot be performed via a SLIP (Serial Line Internet Protocol) connection.SuperStack 3 Switch 4900, Switch 4060 - Does it support Roving Analysis ?Problem: Does it support Roving Analysis ?Fact: SuperStack 3 Switch 4900
Switch 4050
Switch 4060
Roving AnalysisProblem: Unable to find Roving Analysis configuration menus on command line or web interfaceFix: The SuperStack 3 Switch 4900 and Switch 4060 dose NOT support Roving analysis. Note : Roving Analysis allows you to attach a network analyser to an "analysis port" and "monitor port" to monitor network traffic.SuperStack 3 Switch 4400/4900/3300 - How to install software using the "Software Update Utility"Problem: How to install software using the "Software Update Utility"Fact:
SuperStack 3 Switch 4400
SuperStack 3 Switch 4900
SuperStack 3 Switch 4924
SuperStack 3 Switch 4950
SuperStack 3 Switch 3300
SuperStack II Switch 3300
SuperStack II Switch 1100
SuperStack II Switch 610
SuperStack II PS Hub 40
SuperStack II Switch 630
SuperStack II Dual Speed Hub 500
Switch 4050
Switch 4060
3C17203
3C17204
Software Update Utlility
SUUProblem: Unable to install software using Software Update UtilityFix: To install software on your switch using the Software Update Utility, follow the steps below:1. 3Com recommends that you download the latest version of management software for your unit from the 3Com Download Web site 2. After downloading the software for your unit, extract the ".bin" file to a directory on your computer. The ".bin" file contains the management software for your unit. 3. Download the "Software Update Utility", from the following link i.e. Click here 4. After downloading the "Software Update Utility", double click on it and follow the instructions for installing it. 5. After installing the "Software Update Utility", run it and follow the instructionsNote The SUU should only be used if a TFTP upgrade has failed.(Source:3COM)

3Com Switch - Lost Password Recovery

http://www.tek-tips.com/viewthread.cfm?qid=1181703&page=4

Hi, I spent a good few days trying to recover a lost password on one of our 3Com switches, i tried every backdoor i could find but to no avail. I finally found an answer... on the 3Com website.. log into the switch via hyperterminal and a com cable using the username and password "recover", it will then give you 30 seconds to pull the power. Once you stick the power back in and log on to the switch again, it will ask you for a new password.I'm not sure if this will work on all switches or just newer ones, but it's always worth a try.

IE and Novell WebAccess Chinese Problem

The problen has been bugging us for quite a while: Chinese characters entered on WebAccess appear as garbages.

Porblem can be solved by setting the Chinese Based fonts:

1. In IE, go to: Tools > Internet Options > Fonts (button under the General Tab)
2. Change "Language Script" to "Chinese Traditional"
3. Choose "Sim Sun", "PMingLIU", "MingLIU"

Hints from Novell on BASP issue

From: http://forums.novell.com/group/novell.support.netware.communications/readerNoFrame.tpt/@thread@5659@F@10@D-,D@+5659/@article@5665

Do you have spanning-tree enabled on the port that the server connects to? If so, disable it, or in the case of Cisco, enable fast spanning tree.

Jeff wrote in message news:kYdch.6062$jS4.831@prv-forum2.provo.novell.com...>

Each time the server is reboot, the BASP interfaces are always unbound.> (The node address on the BASP console appears as 00 00 00 00 00 00...> shouldn't it be the MAC of the physical NIC bound by the BASP interfaces?

BASP for Netware Installation notes

Broadcom Corporation
16215 Alton Parkway,
Irvine, CA 92619-7013

Installation Notes
Broadcom's Advanced Server Features Program For Netware
04/16/2004
Version 2.25
Table of Contents
=================
Introduction
Balance Modes and Limitations
NESL Compliance
Installation
Using InetCfg
Balance Mode Selection
Loading Frame Types
Hot Standby
VLANs
Jumbo Frames
Additional Command Line Keywords
Unloading


Introduction
============
BASP.LAN is Broadcom's virtual ethernet driver for Netware 4.x and 5.x that
provides Load-balancing, fault-tolerance, and VLAN features. These features
are provided by creating teams (virtual adapters) that consist of multiple
NIC interfaces. A team can consist of one to six (eight on some systems) NIC
interfaces and each interface can be designated primary or standby*. All
primary interfaces in a team will participate in Load-balancing operations by
sending and receiving a portion of the total traffic**. Standby interfaces will
take over in the event that all primary interfaces have lost their links.
VLANs can be added to a team to allow multiple VLANs with different VLAN IDs
to share the virtual adapter.
Load-balancing and fault-tolerance features will work with any third party's
NIC adapters. VLANs only work with Broadcom or Alteon NIC adapters.
*Standby can only be used in Smart Load-Balance mode (See below).
**In 802.3ad mode, the number of NIC interfaces aggregated is automatically
determined through LACP (See below).
Balance Modes and Limitations
=============================
Smart Load-balance (SLB) is a protocol specific scheme and the level of
support for IP, IPX, and other protocols are listed below.

Load-balancing Fault-tolerance
-----------------------------------------------------
IP Yes Yes
IPX Yes* Yes**
Other protocols No Yes**
*Only outbound load-balancing for IPX.
**Only for Broadcom or Alteon NICs. Alteon's driver ALT.LAN must be version
2.05b or newer released by Broadcom.
Smart Load-balance (SLB) mode works with all ethernet switches without
configuring the switch ports to any special trunking mode. Only IP traffic
will be load-balanced in both inbound and outbound directions. IPX traffic
will be load-balanced in outbound direction only. Other protocol packets will
be sent and received through one primary NIC only. Fault-tolerance for
non-IP traffic is only supported using Broadcom or Alteon NICs.
The Generic Trunking mode requires the ethernet switch to support some
form of port trunking mode (e.g. Cisco's Gigabit EtherChannel or other
switch vendor's link aggregation mode). Trunking mode must be statically
configured on the switch ports that are connected to the team. This mode is
protocol-independent and all traffic should be load-balanced and
fault-tolerant.
802.3ad mode requires the ethernet switch to support 802.3ad with LACP
(Link Aggregation Control Protocol). LACP will try to configure the maximum
number of NICs in the team that are compatible for link aggregation. If LACP
determines that some NICs are not able to aggregate (because of some
restrictive limitations or configurations on the switch), the remaining NICs
that cannot aggregate will be idle. If LACP is completely disabled on the
switch, then only one of the NICs in the team will be used. Some switches
require the LACP ports to be in full duplex mode for them to work. LACP
can be configured active or passive on the team and most switches allow
active or passive selections on a per port basis. At least one side of
each connection must be active otherwise the connection will never be
selected for aggregation. This mode is also protocol-independent and all
traffic should be load-balanced and fault-tolerant.
NESL Compliance
===============
For optimum fault tolerance and recovery operations, BASP.LAN relies on
the NIC drivers to generate NESL (Netware Event Sevice Layer) events during
link changes and other failure events. NESL is an optional feature in the
ODI driver specification and not all drivers support it. For NESL events to
propagate properly to BASP.LAN, ODINEB.NLM must be loaded before the
NESL compliant ODI drivers.
Do the following to check if a NIC driver supports NESL events. Load BASP.LAN
and create a team by binding the NIC adapter to the virtual slot (See
instructions and examples below). In the "Virtual Adapter X Team Members"
screen of the BASP.LAN's menu interface, the Link status of all bound NIC
adapters are shown. Disconnect or connect the NIC adapter's cable and the
link status shown on the screen should change immediately if the NIC driver
supports NESL events.
Installation
============
1. Load BASP.LAN just like a standard LAN driver with all necessary frame
types for the team. BASP.LAN requires a special VSLOT parameter to specify
the virtual slot. The virtual slot can be viewed as a team number and the
valid range is from 1 to 4.
e.g.
LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_EII VSLOT=1
2. Load the network drivers for the NIC adapters that will be part of the
team. The frame types loaded should be the same for all adapters in the team
and same as those loaded for BASP.LAN in step 1. Do not bind protocols
directly to these adapters. Be sure to load ODINEB.NLM (a Novell supplied
NLM) before all network drivers.
e.g.
LOAD ODINEB.NLM
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_1_EII SLOT=1
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_2_EII SLOT=2
3. Bind BASP.LAN to the NIC adapters in the team by using a custom
BASP BIND command at the console.
e.g.
BASP BIND BASP_1_EII B57_1_EII
BASP BIND BASP_1_EII B57_2_EII
Note that if there are multiple frame types loaded on the virtual and the
physical adapters, it is only necessary to bind one frame type on the
virtual adapter to the same frame type on the physical adapter. The other
frame types will be automatically bound.
Alternatively, BASP can be bound to NIC adapters like a protocol using
the standard Netware BIND command. The protocol name for BASP is BASPn where
n is the vslot number.
e.g.
BIND BASP1 B57_1_EII
BIND BASP1 B57_2_EII

Note that if there are multiple frame types loaded on the virtual and the
physical adapters, it is only necessary to bind BASP to any one frame type
on the physical adapter. The other frame types will be automatically bound.
4. Bind protocols to BASP.LAN.
e.g.
BIND IP BASP_1_EII ADDR=x.x.x.x MASK=x.x.x.x
Note that the recommended sequence is to load BASP.LAN before the network
drivers as outlined above. This allows BASP.LAN to determine the initial
link state of the bound adapters without delay.
Using InetCfg
=============
load inetcfg.nlm
displayed>
1 select "Board"
2 press key
3 select physical device driver, i.e. "B57"
4 press then enter name, i.e. "B57_1"
5 press key the select "yes" to save
Repeat steps 2 through 5 to configure another adapter, you may name
subsequent boards "B57_2", "B57_3" etc.
6 press key
7 select virtual device driver, i.e. "BASP"
8 press then enter name, i.e. "BASP_1". In this window,
Virtual slot number, Balance Mode and VLAN ID can be selected
Note: 1. The first Virtual adapter (TEAM) should have Virtual slot of "1".
2. VLAN "0" (zero) is a default and this VLAN is untagged.
9 press key, then select "yes" to save
10 scroll down to "Protocols" and press to select
11 scroll down to "User-specified Protocol" and press to select
12 press key
13 enter the name for the Protocol,
i.e. "BASP1" for TEAM 1, BASP2 for TEAM 2, BASP3 for TEAM 3 and
BASP4 for TEAM 4.
14 press keys to go back to "Internetworking Configuration" window
15 select "Bindings"
16 press to configure protocol
17 select "TCP/IP" then press
18 select "A Network Interface" then press
19 select virtual adapter i.e. BASP....
20 define IP address
21 press , select "yes" to save
Repeat steps 16 through 21 if desired to configure IPX and multiple frame types.
Note: physical adapters must be configured with the same frame types
as the Virtual TEAM.
22 press to bind the physical adapter to a virtual team
23 select "User-specified Protocol"
24 select "A Network Interface"
25 select a physical adapter i.e. B57.....
26 enter "BASP1" for Protocol, select desired frame type,
enter special parameters if desired (please refer to B57.LAN readme.txt
for parameters), and press then select "yes" to save
Note: You may use names such as "BASP1" for TEAM 1, "BASP2" for TEAM 2,
"BASP3" for TEAM 3 and "BASP4" for TEAM 4.
Repeat steps 22 through 26 to configure an additional physical driver, and to
configure additional frame types.
The configuration can be viewed at "View Configuration" - "All INETCFG
Commands".
Balance Mode Selection
======================
Use "MODE=SLB" for Smart Load-Balance mode, "MODE=TRUNK" for Generic
Trunking mode, or "MODE=802.3AD" for 802.3ad mode. The default is SLB.
e.g.
LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_EII VSLOT=1 MODE=TRUNK

In 802.3ad mode, untagged ethernet II frame type must be loaded before LACP
frames can be transmitted and received. LACP will default to active for all
NICs in the team. Use the parameter "LACP=PASSIVE" to change LACP to passive
mode for all NICs in the team. Note that at least one side (server or switch)
must be in LACP active mode for it to work.
e.g.
LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_EII VSLOT=1 MODE=802.3AD
LACP=PASSIVE
Loading Frame Types
===================
After one or more NIC adapters are bound to a virtual adapter, additional
frame types can only be loaded in the virtual adapter if the corresponding
frame types are also loaded in the bound adapters. For example,
ETHERNET_802.2 can be loaded in BASP VSLOT 1 if ETHERNET_802.2 are loaded
in B57.LAN SLOT 1 and 2 in the above example.
Similarly, a virtual adapter can only be bound to a physical adapter if
the physical adapter has all the frame types loaded in the virtual adapter.
Hot Standby
===========
In Smart Load-Balance (SLB) mode, one or more NIC adapters can be designated
as hot standbys. Use the keyword "STANDBY" in the BASP BIND command to
indicate binding a NIC adapter as a hot standby.
e.g.
BASP BIND BASP_1_EII B57_1_EII
BASP BIND BASP_1_EII B57_2_EII STANDBY

In the above example, B57_1_EII and B57_2_EII are bound as primary and
hot standby adapters respectively. Note that standby is only valid for
Smart Load-Balance mode.
VLANs
=====
To add VLANs to a team, do the following:
1. Load BASP.LAN with the all necessary frame types and specify the
VLAN ID for each frame type. You can specify a maximum of 64 VLAN IDs and
each VLAN ID can be loaded up to 4 times with 4 different frame types.
e.g. VLAN ID 2 for Ethernet II:
LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_V2_EII VSLOT=1 VLAN=2

2. Load the network drivers for the NIC adapters in the team with all the
frame types specified in step 1. Note that the one or more VLAN IDs
specified in step 1 do not have to be specifed when loading the network
drivers. And each frame type loaded in step 1 only needs to be loaded once
for each network driver even if it is loaded multiple times with different
VLAN IDs in step 1. Only Broadcom and Alteon NIC adapters can be used.
ALT.LAN must be version 2.05b or newer released by Broadcom and must include
the keyword FORVLANS.
e.g. Broadcom adapters:
LOAD ODINEB.NLM
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_1_EII SLOT=1
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_2_EII SLOT=2
or Alteon adapters:
LOAD ODINEB.NLM
LOAD ALT.LAN FRAME=ETHERNET_II NAME=ALT_1_EII SLOT=1 FORVLANS
LOAD ALT.LAN FRAME=ETHERNET_II NAME=ALT_2_EII SLOT=2 FORVLANS

3. Bind BASP.LAN to the NIC adapters in the team.
e.g.
BASP BIND BASP_1_V2_EII B57_1_EII
BASP BIND BASP_1_V2_EII B57_2_EII

Note that if there are multiple VLANs (each with one or more frame types)
loaded on the virtual adapter, it is only necessary to bind one frame type
on one VLAN on the virtual adapter to the same frame type on the physical
adapter. The other VLANs will be automatically bound.

4. Bind protocols to BASP.LAN.
e.g.
BIND IP BASP_1_V2_EII ADDR=x.x.x.x MASK=x.x.x.x


This example creates a team with 2 adapters using VLAN ID 2. Outbound
packets will be tagged with VLAN ID 2 and only similarly tagged packets
will be received by the NIC adapters in the team. Additional VLANs
with different VLAN IDs can be created in the same team. The Maximum number
of VLANs per virtual slot is 64. The valid range of VLAN IDs is from 1 to
4094. VLAN=0 indicates the VLAN is untagged and is the default. Use decimal
numbers to specifiy the VLAN ID.
Jumbo Frames
============
Jumbo Frames are supported in all balance modes. The maximum frame size will
be automatically set to the smallest maximum frame size of all NICs in the
team. Use appropriate keywords to enable jumbo frames when loading the NIC
drivers.
e.g.
LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_EII VSLOT=1
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_1_EII SLOT=1 JUMBO=9000
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_2_EII SLOT=2 JUMBO=9000
BASP BIND BASP_1_EII B57_1_EII
BASP BIND BASP_1_EII B57_2_EII

Additional Command Line Keywords
================================
CHECKSUM=ON
Enables BASP.LAN to offload TCP/UDP and IP checksums to the bound
NIC adapters if supported. This will improve performance if some or
all NIC adapters in the team support hardware checksums. Be sure to
load the NIC drivers with hardware checksums enabled.

e.g., a team of two BCM5700 NICs with hardware checksums enabled.

LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_1_EII CHECKSUM=ON SLOT=1
LOAD B57.LAN FRAME=ETHERNET_II NAME=B57_2_EII CHECKSUM=ON SLOT=2
LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_EII CHECKSUM=ON VSLOT=1
BASP BIND BASP_1_EII B57_1_EII
BASP BIND BASP_1_EII B57_2_EII
NOSCREEN
Disables the menu-driven screen when BASP.LAN is loaded for the first
time.

e.g.

LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_EII VSLOT=1 NOSCREEN


GVRP
Enables GVRP (Garp VLAN Registration Protocol) for the VLAN that is
loaded. An untagged 802.2 frame type must be loaded in the virtual
adapter and all bound physical adapters for GVRP to take effect.
This is necessary because GVRP uses untagged 802.2 frames to advertise
VLAN memberships. Use VLAN=0 FRAME=ETHERNET_802.2 in the LOAD command
to specify untagged 802.2 frame type.

e.g.

LOAD BASP.LAN FRAME=ETHERNET_II NAME=BASP_1_V2_EII VSLOT=1 VLAN=2
GVRP
LOAD BASP.LAN FRAME=ETHERNET_802.2 NAME=BASP_1_V2_EII VSLOT=1 VLAN=0
Unloading
=========
BASP.LAN can only be unloaded from the console command line after all
bound adapters in every VSLOT have been unbound.

Reboot and BASP BIND

BACH was reboot after patching and, as usual, the VLAN failed.

The BASP console shows that the Virtual interfaces are not bound to a physical NIC (check the node appears on the upper right... a bunch of hex should appear but not a bunch of zeros). When they are bound, VLANs seem to work again.

Command: BASP BIND BASP_V2_eii B57_2_eii