How do you telnet into a nokia checkpoint box?

[bkmeyer]

Our Engineer here was recently fired and securing the network is up to me. I am only a Network Admin with no firewall/router experience. I have a laptop with a null modem and straight through cable. Niether one can connect to the console port of the box. If anyone has any info that they could give me I would be very gratefull. I have been trying for almost a week now. I was told to use cpconfig but I can't get a prompt.

Brian Meyer

 

[ChrisAC]

Telnet will most probably not be allowed. However SSH might be so it's worth trying that.

For console access you need to use the same settings as a Cisco router.

Baud rate: 9600
Data Bits: 8
Parity: None
Stop Bits: 1

Providing that you have the correct cable this will work.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Piloria]

also try the voyager connection
you may find that you can use a brouser session into the box
put the laptop on the lan segment with the firewall and just put the ip address into the address

 

[brianpaterson]

Brian,

As described by email you will need to use a nokia cable for a console session. The ONLY way to change an unknown admin password is from a local console session (unless you have out of band management like an Arula connected to the console port already).

This is the Nokia resolution for a password overwrite (straight lift from their site):

This resolution describes how to reset the admin password, should it be unknown or forgotten. There are some important notes that need to be considered first:



The supported method is to boot the system into single-user mode and run /etc/overpw

If you are running IPSO 3.1.3 or earlier on a boot manager platform, (which could only be an IP650 or IP330), overpw fails. Please ask for Internal Resolution 1961 - How to remove config and password if overpw fails. (Newer boot manager platforms require later versions of IPSO, for which overpw has been updated.)

If you are running IPSO 3.4.x, then you will be able to login as admin to the console without a password, but you will not be able to log into Network Voyager. Therefore,

The use of overpw requires the use of the dbpasswd in order to set the Network Voyager password to be the same as the login password.


SOLUTION
You must have local serial console access to the unit to perform this procedure. Keyboard and monitor directly connected to the machine will not display the "boot:" line, which means you will not be able to perform this procedure.

Boot system into single user mode. To do this reboot or power cycle the machine, When you see the line " boot: " you must enter "-s" before it goes into multiuser mode. (you have about 10 seconds)

* on a ip330 or ip650 you need to type boot -s at the BOOTMGR prompt*


After it boots, it will ask you "Enter pathname of shell or RETURN for sh:", press Enter key.


Type "/etc/overpw" in the # prompt. It will ask if you want continue, type "y".

In IPSO 3.1.3 systems and earlier, it will ask you to put a floppy disk into the floppy drive to make sure you have physical access to the box. Put a floppy disk into the floppy drive and press Enter key. IPSO 3.1.4 and later does not ask this question.


The admin password defaults to no password for admin. Continue to boot to multiuser mode.


Login as admin. Note that you are not asked for a password


Use the dbpasswd command to set a new password:

nokia[admin]# dbpasswd admin newpassword ""

(Note that the "" is necessary to specify (NULL) as the old password.)

Then, save this new password to the configuration file so that you can log into Network Voyager:

nokia[admin]# dbset :save

if you are defaulting ipso 3.4 or above, blank passwords are not accepted in Network Voyager. Please see Resolution 6726 to read more about this.


Once you get the password changed you need to set up SSH access as telnet is as secure as a sieve. You can download OpenSSH for free on the net but a commercial product such as SecureCRT would be a better option for corporate use.

Cheers


B-)
Brian, CCSE
brian@domain-integrity.com