Cisco Catalyst Password Recovery / Reset

KB ID 0000496 

Problem

The title is a bit of a misnomer, we are not going to recover the password, we are simply going to change the password to one we know.

Solution

Note: This procedure works on models, 2900, 2940, 2950, 2955, 3500XL, and 3550. Before you start connect the the device with a console cable and terminal emulation software, the procedure is the same as the one I’ve outlined here.

1. Power the switch off >press and hold the “Mode” button > Power on the switch.

2. For 2900, 3500XL and 3550 Switches release the mode button when the 1x LED light goes out (all the other port lights will remain lit). For a 2940 and 2950 Switch release the mode button after the “Stat” LED goes out. For a 2955 switch press CTRL+BREAK.

3. On screen you should see the following.

[box]

Base ethernet MAC Address: 00:0b:be:78:a2:00
Xmodem file system is available.
The password-recovery mechanism is enabled.

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

flash_init
boot

[/box]

4. Type “flash_init” then when it has ran type “load_helper”

[box]

switch: flash_init
Initializing Flash...
flashfs[0]: 18 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 4386304
flashfs[0]: Bytes available: 11612672
flashfs[0]: flashfs fsck took 17 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
switch: load_helper

[/box]

5. Next we need to make sure that the config.text file is in flash memory type “dir flash:”

Note: don’t forget the colon on the end or it will error and say “Permission Denied”.

[box]

switch: dir flash:
Directory of flash:/

2 drwx 192 <date> c3550-i9q3l2-mz.121-11.EA1a
17 -rwx 255 <date> info
18 -rwx 255 <date> info.ver
19 -rwx 5448 <date> config.text
20 -rwx 5 <date> private-config.text
21 -rwx 2364 <date> vlan.dat

11612672 bytes available (4386304 bytes used)

[/box]

6. We are now going to change the name of the config file so when the switch boots it will start with no configuration, then we can boot the switch.

[box]

switch: rename flash:config.text flash:config.backup
switch: boot

[/box]

7. Eventually when the switch boots it will ask if you want to configure it, say no.

[box]

Model revision number: G0
Motherboard revision number: A0
Model number: WS-C3550-24-SMI
System serial number: CAT0650Y1VR

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

[/box]

8. At this point we can go to enable mode, change the name of the config.text file back again, and load it into memory (press Enter to accept the default filenames).

[box]

Switch>enable
Switch#rename flash:config.backup config.text
Destination filename [config.text]?
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
5448 bytes copied in 0.728 secs

[/box]

9. Finally you can remove the password, and reset it to whatever you want, and save the new config.

[box]

HostName#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HostName(config)#no enable secret
HostName(config)#enable password thisisthenewpassword
HostName#wr mem
Building configuration...
[OK]
HostName#

[/box]  

Related Articles, References, Credits, or External Links

Cisco ASA – Password Recovery / Reset

Cisco PIX (500 Series) Password Recovery / Reset

Cisco Router – Password Recovery /Bypass