Cisco Password Recovery for Switches

Problem

The title is a bit of a misnomer, we are not going to recover the password, we are simply going to change the password to one we know.

Solution

Note: This procedure works on models, 2900, 2940, 2950, 2955, 3500XL, and 3550. Before you start connect the the device with a console cable and terminal emulation software, the procedure is the same as the one I've outlined here. 1. Power the switch off >press and hold the "Mode" button > Power on the switch. 2. For 2900, 3500XL and 3550 Switches release the mode button when the 1x LED light goes out (all the other port lights will remain lit). For a 2940 and 2950 Switch release the mode button after the "Stat" LED goes out. For a 2955 switch press CTRL+BREAK. 3. On screen you should see the following.

Base ethernet MAC Address: 00:0b:be:78:a2:00 Xmodem file system is available. The password-recovery mechanism is enabled. The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software: flash_init boot

4. Type "flash_init" then when it has ran type "load_helper"

switch: flash_init Initializing Flash... flashfs[0]: 18 files, 3 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976 flashfs[0]: Bytes used: 4386304 flashfs[0]: Bytes available: 11612672 flashfs[0]: flashfs fsck took 17 seconds. ...done Initializing Flash. Boot Sector Filesystem (bs:) installed, fsid: 3 switch: load_helper

5. Next we need to make sure that the config.text file is in flash memory type "dir flash:" Note: don't forget the colon on the end or it will error and say "Permission Denied".

switch: dir flash: Directory of flash:/ 2 drwx 192 <date> c3550-i9q3l2-mz.121-11.EA1a 17 -rwx 255 <date> info 18 -rwx 255 <date> info.ver 19 -rwx 5448 <date> config.text 20 -rwx 5 <date> private-config.text 21 -rwx 2364 <date> vlan.dat 11612672 bytes available (4386304 bytes used)

6. We are now going to change the name of the config file so when the switch boots it will start with no configuration, then we can boot the switch.

switch: rename flash:config.text flash:config.backup switch: boot

7. Eventually when the switch boots it will ask if you want to configure it, say no.

Model revision number: G0 Motherboard revision number: A0 Model number: WS-C3550-24-SMI System serial number: CAT0650Y1VR --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no

8. At this point we can go to enable mode, change the name of the config.text file back again, and load it into memory (press Enter to accept the default filenames).

Switch>enable Switch#rename flash:config.backup config.text Destination filename [config.text]? Switch#copy flash:config.text system:running-config Destination filename [running-config]? 5448 bytes copied in 0.728 secs

9. Finally you can remove the password, and reset it to whatever you want, and save the new config.

HostName#conf t Enter configuration commands, one per line. End with CNTL/Z. HostName(config)#no enable secret HostName(config)#enable password thisisthenewpassword HostName#wr mem Building configuration... [OK] HostName#