Monthly Archives: May 2014

Cisco WAVE 594

Have you ever needed to break into a Cisco WAVE 594?  I had to do this the other day.  The official Cisco documentation http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v441/configuration/guide/cnfg/maint.html#wp1105354  says :

Step 3 When prompted to enter bootflags, enter the following value: 0x8000

Guess what that prompt flies by on your screen when booting up.  You literally have 3 seconds to hit enter.  But  it is really hard to see.  Below is a portion of the boot up screen where that prompt appears.

You will notice that the spot to hit enter occurs right after a bunch of set commands.  All the below set commands scroll on your screen in about 1 second.

NET: Registered protocol family 1
NET: Registered protocol family 17
Bridge firewalling registered
CCID: Registered CCID 3 (ccid3)
CCID: Registered CCID 2 (ccid2)
Freeing unused kernel memory: 7356k freed
INIT: version 2.78 booting
scsi 6:0:0:0: Direct-Access UNIGEN PSH4000S2 PMAP PQ: 0 ANSI: 0 CCS
sd 6:0:0:0: [sdc] 7831552 512-byte hardware sectors (4010 MB)
sd 6:0:0:0: [sdc] Write Protect is off
sd 6:0:0:0: [sdc] Assuming drive cache: write through
sd 6:0:0:0: [sdc] 7831552 512-byte hardware sectors (4010 MB)
sd 6:0:0:0: [sdc] Write Protect is off
sd 6:0:0:0: [sdc] Assuming drive cache: write through
sdc: sdc1 sdc2 sdc3
Attached scsi removable disk sdc at scsi6, channel 0, id 0, lun 0
sd 6:0:0:0: Attached scsi generic sg2 type 0
Creating device file for IPMI..
grep: /tmp/startup.config: No such file or directory
Cisco Wide Area Application Services Software booting
Set clock: Set clock: Mon May 19 06:14:28 UTC 2014
Upping loopback interface
setting $TERM to vt100
set /proc/sys/fs/file-max to 524288
set /proc/sys/net/ipv4/ip_local_port_range to 10000 61000
set /proc/sys/kernel/shmmax to 268435456
set /proc/sys/net/unix/max_dgram_qlen to 500
set /proc/sys/net/ipv4/ipfrag_time to 3
set /proc/sys/net/ipv4/tcp_max_syn_backlog to 31440
set /proc/sys/net/core/rmem_max to 8388608
set /proc/sys/net/core/wmem_max to 8388608
set /proc/sys/net/core/netdev_max_backlog to 7500
set /proc/sys/net/core/optmem_max to 20480
set /proc/sys/net/core/somaxconn to 131072
set /proc/sys/net/ipv4/tcp_window_scaling to 1
set /proc/sys/net/ipv4/tcp_timestamps to 1
set /proc/sys/net/ipv4/tcp_no_metrics_save to 1
set /proc/sys/net/ipv4/tcp_retries2 to 7
set /proc/sys/net/ipv4/tcp_slow_start_after_idle to 0
set /sys/module/tcp_bic/parameters/bic_beta to 2048
set /sys/module/tcp_bic/parameters/bic_low_window to 0
set /proc/sys/net/ipv4/tcp_rfc1337 to 1
set /proc/sys/net/ipv4/tcp_stdurg to 1
set /proc/sys/net/ipv4/tcp_adv_win_scale to 1
set /proc/sys/net/ipv4/conf/all/arp_ignore to 1
set /proc/sys/kernel/panic_on_oops to 1
set /proc/sys/net/ipv4/tcp_mem to 76800 92160 102400 0
set /proc/sys/net/ipv4/tcp_syncookies to 1
set /proc/sys/vm/min_free_kbytes to 65536
Extracting parser files…
Done init personality
Extracting other files
WAAS boot: hit RETURN to set boot flags: 0008

Available boot flags (enter the sum of the desired flags):
0x0000 – exit this menu and continue booting normally
0x2000 – ignore Carrier Detect on console
0x4000 – bypass nvram config
0x8000 – disable login security

[WAAS boot – enter bootflags (type ‘-‘ to exit)]:
[WAAS boot – enter bootflags (type ‘-‘ to exit)]:
// I typoed here the backspace key does not work //
[WAAS boot – enter bootflags (type ‘-‘ to exit)]: 0x7^?8000

Please enter a hexadecimal number (char ‘ invalid)
[WAAS boot – enter bootflags (type ‘-‘ to exit)]: 0x8000
// It took the typo and added the new numbers be very careful here //
You have entered boot flags = 0x78000

// Breaking out of yes prompt because backspace doesn’t work //
Boot with these flags? [yes]: yes^?^?^?^?^?^?^?^[[3~^[[3~^[[3~^[[3~\
Boot with these flags? [yes]: no

Available boot flags (enter the sum of the desired flags):
0x0000 – exit this menu and continue booting normally
0x2000 – ignore Carrier Detect on console
0x4000 – bypass nvram config
0x8000 – disable login security

[WAAS boot – enter bootflags (type ‘-‘ to exit)]: 0x8000
You have entered boot flags = 0x8000
Boot with these flags? [yes]: yes

When the WAAS finally boots you can log in with the username of admin and no password.

Unlike cisco routers and the configuration register this work around is on a per boot basis.