Scope
This article describes how to log back into a Cisco Catalyst switch when the password is lost or forgotten.
Description
Telos documentation instructs users to use "Livewire" or "Axia" as passwords for user login and privileged modes when programming a Cisco Catalyst switch. These passwords are generally acceptable, as Livewire networks are not publicly accessible.
However, for security reasons, customers will sometimes create a stronger password. If this password is forgotten, or if a switch is purchased used and is not completely wiped, a "password recovery" procedure can be used to reset the password or completely erase the old configuration file.
This is not an official Cisco document, and as such, this information is provided "as-is." It's intended to help our customers who may have a situation where they need to reset the password on their Cisco Catalyst switch.
Performing this procedure incorrectly can lead to data loss. Users perform this at their own risk.
This process requires that your switch be rebooted. Do not perform this procedure unless your switch can be inactive for an extended period.
Requirements
Physical access to your Cisco Catalyst switch (this process does not apply to Cisco business series switches)
A PC or computer that can run PuTTy, or similar serial interface software
A console cable that can connect to your computer and Cisco switch
30 - 60 minutes - This procedure is relatively quick, but it is best to budget more time than less in the event there are complications that arise
Let's get started
Boot into a Password Recovery Mode
Connect your PC to the Cisco Switch via your console cable. Open PuTTy or your other serial program and connect
Plug in/turn on your Cisco switch while simultaneously holding down the "MODE" button on the front of the unit. Keep holding it for about 10-15 seconds
Go to the PuTTy window and you will see a screen with a prompt that reads "switch:". Type in the following command and press enter
flash_init
After the flash memory initializes, you will have access to the configuration files on your switch.
Now you are going to rename the main "config.text" file on your switch to something different, such as "config.old". To do this, type the following command to list the file directory of your flash memorydir flash:
You will see a short list of files on your switch. The one named "config.text" is the configuration file your switch uses when it boots up, so this is the one we will change:
rename flash:config.text flash:config.old
Are you trying to reset this switch completely and erase all the previous configurations? See the section below called "Erasing All Configurations"
Finally, issue the following command and boot your switch up:
boot
That's it for this part.
Now the switch will boot up with no active configuration (but don't worry, if you followed all the steps above, your old config is still there). The next section will show you how to reset your password and load the config back onto the switch.
Log into the switch
Important: when your switch boots up, it will ask if you would like to "enter the initial configuration dialog." Be sure to type NO and press enter
After your switch finishes booting, you will see the following screen. Once you are at the "Switch>" prompt, type the following command
enable
You are logged into the switch in privileged mode. Now, we will copy over the old configuration and change the password. Assuming you followed the steps above and named your old config file "config.old", type the following command and press enter
copy flash:config.old running-config
The system will ask you to confirm. Press enter
Look familiar? We have reinstalled the old configuration file, and because we are already in privileged mode (using "enable"), we can now set any password that we wish.
You'll likely want to put the following commands in to change your password (substitute for whatever username and password you normally use. The following are the ones found in the Telos documentation)conf t username AAAA password Livewire enable password Axia
Finally, we need to save our configuration
copy running-config startup-config
Still having problems? If the steps above are not working for your Cisco switch, it is possible you have a different model that requires a slightly different process. We recommend visiting Cisco's website and searching for "password recovery" to find the latest documentation.
Erasing All Configurations
Want to start from scratch? That's ok, but remember that once you delete a configuration, it's gone forever
This section is essentially the same as the first one that describes how to rename a configuration file. Instead, we will be deleting it and another file named vlan.dat.
Boot up the switch into the password recovery mode as instructed in the previous section
Once booted, type in
flash_init
Now, instead of copying a file, we're going to delete it. Type in the following command
Warning: once you type this in and press enter, your file is gone!
delete flash:config.text
You'll also want to delete the vlan.dat file
delete flash:vlan.dat
Finally, boot the switch and you can configure your switch from scratch
boot
Let us know how we can help
If you have further questions on this topic or have ideas about improving this document, please contact us.