Cisco Switch Password Reset/Recovery

Updated 5 months ago by Eric Hufford

Scope

This article describes how to log back into a Cisco Catalyst switch when the password is lost or forgotten.

Description

Telos documentation instructs users to use "Livewire" or "Axia" as passwords for user login and privileged modes when programming a Cisco Catalyst switch. These passwords are generally acceptable, as Livewire networks are not publicly accessible.

However, for security reasons, customers will sometimes create a stronger password. If this password is forgotten, or if a switch is purchased used and is not completely wiped, a "password recovery" procedure can be used to reset the password or completely erase the old configuration file.

This is not an official Cisco document, and as such, this information is provided "as-is." It's intended to help our customers who may have a situation where they need to reset the password on their Cisco Catalyst switch.

Performing this procedure incorrectly can lead to data loss. Users perform this at their own risk.


This process requires that your switch be rebooted. Do not perform this procedure unless your switch can be inactive for an extended period.

Requirements

  • Physical access to your Cisco Catalyst switch (this process does not apply to Cisco business series switches)
  • A PC or computer that can run PuTTy, or similar serial interface software
  • A console cable that can connect to your computer and Cisco switch
  • 30 - 60 minutes - This procedure is relatively quick, but it is best to budget more time than less in the event there are complications that arise


Let's get started

Boot into a Password Recovery Mode

  1. Connect your PC to the Cisco Switch via your console cable. Open PuTTy or your other serial program and connect
  2. Plug in/turn on your Cisco switch while simultaneously holding down the "MODE" button on the front of the unit. Keep holding it for about 10-15 seconds
  3. Go to the PuTTy window and you will see a screen with a prompt that reads "switch:". Type in the following command and press enter
    flash_init
  4. After the flash memory initializes, you will have access to the configuration files on your switch.

    Now you are going to rename the main "config.text" file on your switch to something different, such as "config.old". To do this, type the following command to list the file directory of your flash memory
    dir flash:
    You will see a short list of files on your switch. The one named "config.text" is the configuration file your switch uses when it boots up, so this is the one we will change:
    rename flash:config.text flash:config.old
    Are you trying to reset this switch completely and erase all the previous configurations? See the section below called "Erasing All Configurations"
  5. Finally, issue the following command and boot your switch up:
    boot
  6. That's it for this part.

    Now the switch will boot up with no active configuration (but don't worry, if you followed all the steps above, your old config is still there). The next section will show you how to reset your password and load the config back onto the switch.

Log into the switch

Important: when your switch boots up, it will ask if you would like to "enter the initial configuration dialog." Be sure to type NO and press enter
  1. After your switch finishes booting, you will see the following screen. Once you are at the "Switch>" prompt, type the following command
    enable
  2. You are logged into the switch in privileged mode. Now, we will copy over the old configuration and change the password. Assuming you followed the steps above and named your old config file "config.old", type the following command and press enter
    copy flash:config.old running-config
  3. The system will ask you to confirm. Press enter
  4. Look familiar? We have reinstalled the old configuration file, and because we are already in privileged mode (using "enable"), we can now set any password that we wish.
    You'll likely want to put the following commands in to change your password (substitute for whatever username and password you normally use. The following are the ones found in the Telos documentation)
    conf t
    username AAAA password Livewire
    enable password Axia
  5. Finally, we need to save our configuration
    copy running-config startup-config
Still having problems? If the steps above are not working for your Cisco switch, it is possible you have a different model that requires a slightly different process. We recommend visiting Cisco's website and searching for "password recovery" to find the latest documentation.

Erasing All Configurations

Want to start from scratch? That's ok, but remember that once you delete a configuration, it's gone forever

This section is essentially the same as the first one that describes how to rename a configuration file. Instead, we will be deleting it and another file named vlan.dat.

  1. Boot up the switch into the password recovery mode as instructed in the previous section
  2. Once booted, type in
    flash_init
  3. Now, instead of copying a file, we're going to delete it. Type in the following command
    Warning: once you type this in and press enter, your file is gone!
    delete flash:config.text
  4. You'll also want to delete the vlan.dat file
    delete flash:vlan.dat
  5. Finally, boot the switch and you can configure your switch from scratch
    boot

Let us know how we can help

If you have further questions on this topic or have ideas about improving this document, please contact us.


How did we do?


TelosHelp (opens in a new tab)

Powered by HelpDocs (opens in a new tab)