Cisco Switch password recovery – Catalyst Fixed Configuration Switches

Cisco Switch password recovery

After you set passwords to control access to the Cisco IOS CLI, you need to make sure you remember them. In case you have lost or forgotten access passwords, Cisco has a password recovery mechanism that allows administrators to gain access to their Cisco devices. The password recovery process requires physical access to the device. Note that you may not be able to actually recover the passwords on the Cisco device, especially if password encryption has been enabled, but you are able to reset them to a new value. With this mechanism you are able to reset the password without loosing all the configuration of the switch. That is the most precious thing if you have not make some configuration backups that are normally recommended to be done. In this case here, we will show how to power the switch on without loading the startup-config file from NVRAM. That will enable us to start the switch without loading the password set but also without configuration of other stuff. After the “clean” startup, we enter the global configuration mode and load the configuration from flash back to running-config. In this situation we have loaded all the settings of the switch and the passwords to. But we are in the Global configuration mode already so we don’t need to know the password to enter. In this case we are able to overwrite all the passwords without the need to know the old one.

This is the example of password recovery:

Cisco 2960 switch

      1. Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch.
      2. Use the following terminal settings:
        • Bits per second (baud): 9600
        • Data bits: 8
        • Parity: None
        • Stop bits: 1
        • Flow Control: Xon/Xoff
      3. Unplug the power cable
      4. Power the switch and bring it to the switch: prompt:
      5. Hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch.
      6. Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.
      7. Issue the flash_init command.
        switch: flash_init
        Initializing Flash...
        flashfs[0]: 143 files, 4 directories
        flashfs[0]: 0 orphaned files, 0 orphaned directories
        flashfs[0]: Total bytes: 3612672
        flashfs[0]: Bytes used: 2729472
        flashfs[0]: Bytes available: 883200
        flashfs[0]: flashfs fsck took 86 seconds
        ....done Initializing Flash.
        Boot Sector Filesystem (bs:) installed, fsid: 3
        Parameter Block Filesystem (pb:) installed, fsid: 4
      8. Issue the load_helper command.
        switch: load_helper switch:
      9. Issue the dir flash: command.
        The switch file system is displayed:

        switch: dir flash:
        Directory of flash:/
        2    -rwx  1803357   <date>               c3500xl-c3h2s-mz.120-5.WC7.bin 
        4    -rwx  1131      <date>               config.text 
        5    -rwx  109       <date>               info
        6    -rwx  389       <date>               env_vars
        7    drwx  640       <date>               html
        18   -rwx  109       <date>               info.ver
        403968 bytes available (3208704 bytes used)
      10. Type rename flash:config.text flash:config.old to rename the configuration file.
        switch: rename flash:config.text flash:config.old
      11. Issue the boot command to boot the system.
        switch: boot
      12. At the switch prompt, type en to enter enable mode.
      13. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.
        Switch#rename flash:config.old flash:config.text
        Destination filename [config.text] 
      14. Copy the configuration file into memory.
        Switch#copy flash:config.text system:running-config
        Destination filename [running-config]? 
        1131 bytes copied in 0.760 secs
      15. Overwrite the current passwords that you do not know. Choose a strong password with at least one capital letter, one number, and one special character.Note: Overwrite the passwords which are necessary. You need not overwrite all of the mentioned passwords.
        Sw1# conf t
        Sw1(config)#enable secret <new_secret_password> 
        Sw1(config)#enable password <new_enable_password> 
        Sw1(config)#line vty 0 15
        Sw1(config-line)#password <new_vty_password> 
        Sw1(config-line)#line con 0
        Sw1(config-line)#password <new_console_password>
      16. Write the running configuration to the configuration file with the write memory command.
        Sw1#write memory
        Building configuration...

One Response

  1. hossein April 11, 2013

Leave a Reply