Document ID: 21229 |
Introduction
This document describes how to recover a lost or unknown password on a Catalyst 4500/4000 switch with a Supervisor Engine II-Plus (WS-X4013+), Supervisor Engine II-Plus-TS (WS-X4013+TS), Supervisor Engine II-Plus-10GE (WS-X4013+10GE), Supervisor Engine III (WS-X4014), Supervisor Engine IV (WS-X4515), Supervisor Engine V (WS-X4516), Supervisor Engine V-10GE (WS-X4516-10GE) module, Cisco Catalyst 4948, Cisco Catalyst 4948 10GE, and Cisco Catalyst 4900M switches.
Note: In Catalyst 4500/4000 Series Switches, Supervisor Engines II+, II+10GE, II+TS, III, IV, V, and V-10GE support only Cisco IOS® Software and Supervisor Engines I and II support only the Catalyst OS Software. In order to recover the password on the Supervisor Engines I or II, refer to Password Recovery Procedure for the Catalyst 1200, 1400, 2901, 2902, 2926T/F, 2926GS/L, 2948G, 2980G, 4000, 5000, 5500, 6000, 6500 Running CatOS.
Prerequisites
Requirements
There are no specific requirements for this document.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Step-by-Step Procedure
Complete these steps to recover your password:
Note: Make sure that you have physical access to the switch and that you use console access to the Supervisor Engine module while you perform these steps. For details on the switch console connection, refer to Connecting a Modem to the Console Port on Catalyst Switches.
Tip: Configuration of the switch is not lost if the procedure is followed as mentioned. As a best practice, Cisco recommends that you have a backup copy of the configuration of all Cisco devices at the TFTP server or a Network Management server.
-
Power cycle the device.
In order to power cycle, turn the device off, then back on.
Press Ctrl-C within 5 seconds to prevent autoboot. This action puts you in ROM monitor (ROMmon) prompt mode.
!--- Here, you power cycle the switch. ********************************************************** * * * Welcome to ROM Monitor for WS-X4014 System. * * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. * * All rights reserved. * * * ********************************************************** ROM Monitor Program Version 12.1(10r)EY(1.21) Board type 1, Board revision 7 Swamp FPGA revision 16, Dagobah FPGA revision 43 Timer interrupt test passed. MAC Address : 00-02-b9-83-af-fe IP Address : 172.16.84.122 Netmask : 255.255.255.0 Gateway : 172.16.84.1 TftpServer : Not set. Main Memory : 256 MBytes ***** The system will autoboot in 5 seconds ***** Type control-C to prevent autobooting. !--- At this point, press Ctrl-C. Autoboot cancelled......... please wait!!! Autoboot cancelled......... please wait!!! rommon 1 > [interrupt] !--- The module ended in the ROMmon. rommon 1 > [interrupt]
-
Issue the confreg command at the rommon prompt.
Make the selections that appear here in boldface for password recovery:
rommon 1 > set
rommon 1 > confreg Configuration Summary : => load ROM after netboot fails => console baud: 9600 => autoboot from: commands specified in 'BOOT' environment variable do you wish to change the configuration? y/n [n]: y enable "diagnostic mode"? y/n [n]: n enable "use net in IP bcast address"? y/n [n]: n disable "load ROM after netboot fails"? y/n [n]: n enable "use all zero broadcast"? y/n [n]: n enable "break/abort has effect"? y/n [n]: n enable "ignore system config info"? y/n [n]: y change console baud rate? y/n [n]: n change the boot characteristics? y/n [n]: n Configuration Summary : => load ROM after netboot fails => ignore system config info => console baud: 9600 => autoboot from: commands specified in 'BOOT' environment variable do you wish to save this configuration? y/n [n]: y You must reset or power cycle for new configuration to take effect
Note: You can also use the confreg 0x2142 command at the ROMmon prompt in order to set the configuration register value to bypass the startup configuration stored in NVRAM.
rommon 1 >confreg 0x2142 You must reset or power cycle for the new configuration to take effect.
-
Issue the reset command so that the module reboots.
Due to the changes that you made in step 2, the module reboots but ignores the saved configuration.
rommon 2 > reset Resetting ....... rommon 3 > ********************************************************** * * * Welcome to ROM Monitor for WS-X4014 System. * * Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. * * All rights reserved. * * * ********************************************************** !--- Output suppressed. Press RETURN to get started! !--- Press Return. 00:00:21: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai 00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start Switch>
-
Make sure that the configuration register value is 0x2142.
This value makes the module boot from Flash without a load of the saved configuration. Issue the enable command at the Switch prompt to go to enable mode. Then, issue the show version command to check the configuration register value.
Switch> enable Switch#show version Cisco Internetwork Operating System Software IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai Image text-base: 0x00000000, data-base: 0x00AA2B8C ROM: 12.1(10r)EY(1.21) Switch uptime is 5 minutes System returned to ROM by reload Running default software cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. Processor board ID FOX04183666 Last reset from Reload 32 Gigabit Ethernet/IEEE 802.3 interface(s) 467K bytes of non-volatile configuration memory. Configuration register is 0x2142 Switch#
-
Issue the configure memory command or the copy startup-config running-config command to copy the NVRAM into memory.
Do not issue the configure terminal command, which shows the default configuration on the module.
Switch#configure memory Uncompressed configuration from 1307 bytes to 3014 bytes Switch# 00:13:52: %SYS-5-CONFIG_I: Configured from memory by console c-4006-SUPIII#
-
Issue the show ip interface brief command to make sure that the interfaces that were in use earlier show an "up up" status.
If any of the interfaces that were in use before the password recovery show "down", issue the no shutdown command on that interface to bring the interface up.
-
Issue the write terminal command or the show running-config command to display the saved configuration on the module.
c-4006-SUPIII#show running-config Building configuration... Current configuration : 3014 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption service compress-config ! hostname c-4006-SUPIII ! boot system flash bootflash: ! vtp mode transparent !--- Output suppressed. line con 0 stopbits 1 line vty 0 4 login ! end c-4006-SUPIII#
Now you are ready to change the password on the module.
-
Issue these commands to change the password:
c-4006-SUPIII#configure terminal Enter configuration commands, one per line. End with CNTL/Z. c-4006-SUPIII(config)#no enable secret !--- This step is necessary if the switch had an enable !--- secret password. c-4006-SUPIII(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.] !--- This command sets the new password.
-
Make sure that you change the configuration register value back to 0x2102.
Complete these steps at the config prompt to change and verify the configuration register value.
c-4006-SUPIII(config)#config-register 0x2102 c-4006-SUPIII(config)# ^Z c-4006-SUPIII# 00:19:01: %SYS-5-CONFIG_I: Configured from console by console c-4006-SUPIII#write memory !--- This step saves the configuration. Building configuration... Compressed configuration from 3061 bytes to 1365 bytes[OK] c-4006-SUPIII#show version !--- This step verifies the value change. Cisco Internetwork Operating System Software IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24-Jan-02 17:34 by ccai Image text-base: 0x00000000, database: 0x00AA2B8C ROM: 12.1(10r)EY(1.21) c-4006-SUPIII uptime is 20 minutes System returned to ROM by reload Running default software cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory. Processor board ID FOX04183666 Last reset from Reload 32 Gigabit Ethernet/IEEE 802.3 interface(s) 467K bytes of nonvolatile configuration memory. Configuration register is 0x2142 (will be 0x2102 at next reload) c-4006-SUPIII#
At this point, you have changed the password.
Sample Output/Example Procedure
This sample output is the result of the password recovery procedure on a Catalyst 4000 Supervisor Engine III.
c-4006-SUPIII> enable
Password:
Password:
Password:
% Bad secrets
!--- Here, you power cycle the switch.
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe
IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 Mbytes
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
!--- At this point, press Ctrl-C.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
rommon 1 > [interrupt]
rommon 1 > confreg
Configuration Summary :
=> load ROM after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
rommon 2 > reset
Resetting .......
rommon 3 >
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe
IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 Mbytes
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
. . . . .
******** The system will autoboot now ********
config-register = 0x2142
Autobooting using BOOT variable specified file.....
Current BOOT file is --- bootflash:
Rommon reg: 0x2B004180
Decompressing the image : ###########################
#####################################################
####################################### [OK]
k2diags version 1.6
prod: WS-X4014 part: 73-6854-07 serial: JAB0546060Z
Power-on-self-test for Module 1: WS-X4014
Status: (. = Pass, F = Fail)
Traffic using serdes loopback (L2; one port at a time)...
switch port 0: . switch port 1: . switch port 2: .
switch port 3: . switch port 4: . switch port 5: .
switch port 6: . switch port 7: . switch port 8: .
!--- Output suppressed.
Module 1 Passed
Exiting to ios...
Rommon reg: 0x2B000180
Decompressing the image : ##########################
!--- Output suppressed.
######################################################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Press RETURN to get started!
00:00:21: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
Switch> enable
Switch# show version
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142
Switch#
Switch#configure memory
Uncompressed configuration from 1307 bytes to 3014 bytes
c-4006-SUPIII#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#show running-config
Building configuration...
Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!
vlan 20
private-vlan primary
!
vlan 100
!
vlan 202
private-vlan association 440
!
vlan 440
private-vlan isolated
!
vlan 500
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
!
!
interface GigabitEthernet1/1
no switchport
ip address 10.1.1.1 255.255.255.0
ip pim dense-mode
!
interface GigabitEthernet1/2
no switchport
ip address 20.1.1.1 255.255.255.0
!
!--- Output suppressed.
!
interface Vlan1
ip address 172.16.84.140 255.255.255.0
ip pim dense-mode
!
interface Vlan2
no ip address
shutdown
!
interface Vlan20
no ip address
shutdown
!
!--- Output suppressed.
!
line con 0
stopbits 1
line vty 0 4
login
!
end
c-4006-SUPIII#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret
!--- This step is necessary if the switch had
!--- an enable secret password.
c-4006-SUPIII(config)#enable secret < password >
[Choose a strong password with at least one capital letter,
one number, and one special character.]
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)#^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write memory
Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142 (will be 0x2102 at next reload)
c-4006-SUPIII#
Cisco Support Community - Featured Conversations
Related Information
- Standard Break Key Sequence Combinations During Password Recovery
- Password Recovery Procedures
- LAN Product Support Pages
- LAN Switching Support Page
- Technical Support & Documentation - Cisco Systems
| Updated: Aug 26, 2008 | Document ID: 21229 |