Mar 6, 2010

How to Recover a Lost Password on a Cisco Switch

So you lost the password on your Cisco switch. Maybe the old administrator left or maybe you just haven’t used this switch in a while and don’t recall the password. No matter what the case, you need to change the password on the switch so you can create a new password. How do you do this on a Cisco switch? It is a little more difficult than a Cisco router. One important difference between resetting the password on a Cisco switch vs. a router is that you don’t use configuration registers to reset the password on the switch. Let me show you how it’s done.

I want to point out that this article is based on a Cisco Catalyst 2900, 3500XL, 2940, 2950, 2955, and 3550 switches. If you have another model of Cisco Catalyst switch, see the link concerning general Cisco password recovery at the bottom of this article.
To recover a password on a Cisco switch, you will have to be connected to the console port of the Cisco switch using 9600 baud, 8 bits, no parity, 1 stop bit, and xon/xoff flow control. I recommend using Hyperterminal that comes with Windows XP to do this (Read How to Use HyperTerminal with Cisco Routers & Switches for more info).
Once you are connected and see something on the terminal window when you press enter,unplug the power cable. Next, hold down the mode button on the front, as seen in the photo below, and connect the power cable.

On a 2900, 3500XL or 3550 (like the one shown) release the mode button after the 1x port LED goes out. On a 2940 or 2950 switch release the mode button after the stat light goes out. On a 2955, press the break key (ctrl-break on Windows) when you see the message that the switch will autoboot.
You should now see something like this (taken from a 3550 switch):

Notice that it says that the password-recovery mechanism is enabled.
At the switch: prompt, type flash_init and press enter. You should see something like this (at least on a 3550):

Now type load_helper and press enter. You should see something like this:

Click here to find out more!
Now type dir flash: and press enter. You should see something like this:

The config.text file is what stores the administrative password that is keeping you from logging into the router. To get rid of this file, use this command:
rename flash:config.text flash:config.backup

Next, boot the switch using the boot command, like this:

Once the system is booted, you will be asked if you want to enter the initial configuration dialog. Say no and press enter.

Next, enter enable mode with the en or enable command. Then, type the following commands:
rename flash:config.backup config.text
copy flash:config.text system:running-config

After each command, you will be prompted to confirm the name of the destination file. Do this by pressing enter each time.
Go into global configuration mode by typing config terminal. Next type no enable secret.
Now you can reset your enable password to whatever password you want. In the example below, we used the enable password NetInsider to set the password to NetInsider.

Exit out of global configuration using the exit command and save your configuration with thecopy running-config startup-config command. You will be prompted to confirm the name of the destination file. Press enter.
You have successfully reconfigured your switch’s enable password using the password recovery procedure. Even better, you were able to do this while preserving the entire switch configuration.
For more information on Password Recovery for all Cisco devices, see Cisco Password Recovery Procedures


Post a Comment