Password Recovery Procedure For Catalyst 4500

Password Recovery Procedure for Catalyst 4500/4000 Supervisor Engine II+/II+TS/II+10GE/III/IV/V/V
10GE Module and Catalyst 4900 Switches that Run Cisco IOS Software
Introduction
This document describes how to recover a lost or unknown password on a Catalyst 4500/4000
switch with a Supervisor Engine II-Plus (WS-X4013+), Supervisor Engine II-Plus-TS (WS-
X4013+TS), Supervisor Engine II-Plus-10GE (WS-X4013+10GE), Supervisor Engine III (WS-
X4014), Supervisor Engine IV (WS-X4515), Supervisor Engine V (WS-X4516), Supervisor
Engine V-10GE (WS-X4516-10GE) module, Cisco Catalyst 4948, Cisco Catalyst 4948 10GE,
and Cisco Catalyst 4900M switches.
Note: In Catalyst 4500/4000 Series Switches, Supervisor Engines II+, II+10GE, II+TS, III, IV,
V, and V-10GE support only Cisco IOS® Software and Supervisor Engines I and II support only
the Catalyst OS Software. In order to recover the password on the Supervisor Engines I or II,
refer to Password Recovery Procedure for the Catalyst 1200, 1400, 2901, 2902, 2926T/F,
2926GS/L, 2948G, 2980G, 4000, 5000, 5500, 6000, 6500 Running CatOS.
Prerequisites
Requirements
There are no specific requirements for this document.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Step-by-Step Procedure
Complete these steps to recover your password:
Note: Make sure that you have physical access to the switch and that you use console access to
the Supervisor Engine module while you perform these steps. For details on the switch console
connection, refer to Connecting a Modem to the Console Port on Catalyst Switches.
Tip: Configuration of the switch is not lost if the procedure is followed as mentioned. As a best
practice, Cisco recommends that you have a backup copy of the configuration of all Cisco
devices at the TFTP server or a Network Management server.
1. Power cycle the device.
In order to power cycle, turn the device off, then back on.
Press Ctrl-C within 5 seconds to prevent autoboot. This action puts you in ROM monitor
(ROMmon) prompt mode.
!--- Here, you power cycle the switch.
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7

Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe

IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 MBytes
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
!--- At this point, press Ctrl-C.
Autoboot cancelled......... please wait!!!

rommon 1 > [interrupt]
!--- The module ended in the ROMmon.
2. Issue the confreg command at the rommon prompt.
Make the selections that appear here in boldface for password recovery:
rommon 1 > set

rommon 1 > confreg
Configuration Summary :
=> load ROM after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment
variable
do you wish to change the configuration? y/n [n]: y

enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
=> ignore system config info
=> autoboot from: commands specified in 'BOOT' environment
variable
do you wish to save this configuration? y/n [n]: y

You must reset or power cycle for new configuration to take
effect
Note: You can also use the confreg 0x2142 command at the ROMmon prompt in order
to set the configuration register value to bypass the startup configuration stored in
NVRAM.
rommon 1 >confreg 0x2142

You must reset or power cycle for the new configuration to take
effect.
3. Issue the reset command so that the module reboots.
Due to the changes that you made in step 2, the module reboots but ignores the saved
configuration.
rommon 2 > reset
Resetting .......
rommon 3 >
**********************************************************
* *
* *
**********************************************************
!--- Output suppressed.

Press RETURN to get started!
!--- Press Return.
00:00:21: %SYS-5-RESTART: System restarted --

Cisco Internetwork Operating System Software
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch
is undergoing a cold start
Switch>
4. Make sure that the configuration register value is 0x2142.
This value makes the module boot from Flash without a load of the saved configuration.
Issue the enable command at the Switch prompt to go to enable mode. Then, issue the
show version command to check the configuration register value.
Switch> enable
Switch#show version
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Image text-base: 0x00000000, data-base: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes

of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of non-volatile configuration memory.
Configuration register is 0x2142
Switch#
5. Issue the configure memory command or the copy startup-config running-config

command to copy the NVRAM into memory.
Do not issue the configure terminal command, which shows the default configuration on
the module.
Switch#configure memory
Uncompressed configuration from 1307 bytes to 3014 bytes

Switch#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#
6. Issue the show ip interface brief command to make sure that the interfaces that were in
use earlier show an "up up" status.
If any of the interfaces that were in use before the password recovery show "down", issue
the no shutdown command on that interface to bring the interface up.
7. Issue the write terminal command or the show running-config command to display the
saved configuration on the module.
8. c-4006-SUPIII#show running-config
9. Building configuration...
10.
11. Current configuration : 3014 bytes
12. !
13. version 12.1
14. no service pad
15. service timestamps debug uptime
16. service timestamps log uptime
17. no service password-encryption
18. service compress-config
19. !
20. hostname c-4006-SUPIII
21. !
22. boot system flash bootflash:
23. !
24. vtp mode transparent
25.
26. !--- Output suppressed.
27.
28. line con 0
29. stopbits 1
30. line vty 0 4
31. login
32. !
33. end
34.
c-4006-SUPIII#
Now you are ready to change the password on the module.
35. Issue these commands to change the password:

36. c-4006-SUPIII#configure terminal
37. Enter configuration commands, one per line. End with CNTL/Z.
38. c-4006-SUPIII(config)#no enable secret
39.
40. !--- This step is necessary if the switch had an enable !---
secret password.
41.
42.
43. c-4006-SUPIII(config)#enable secret < password >
44. [Choose a strong password with at least one capital letter,
45. one number, and one special character.]
46.
47. !--- This command sets the new password.
48.
49. Make sure that you change the configuration register value back to 0x2102.
Complete these steps at the config prompt to change and verify the configuration
register value.
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)# ^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write memory
!--- This step saves the configuration.
Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
!--- This step verifies the value change.

Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes

of memory.
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142 (will be 0x2102 at next reload)
c-4006-SUPIII#
At this point, you have changed the password.
Sample Output/Example Procedure

This sample output is the result of the password recovery procedure on a Catalyst 4000
Supervisor Engine III.
c-4006-SUPIII> enable
Password:
Password:
Password:
% Bad secrets
!--- Here, you power cycle the switch.
**********************************************************
* *
* *
**********************************************************


IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
Main Memory : 256 Mbytes
!--- At this point, press Ctrl-C.

rommon 1 > confreg
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n [n]: y

enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
=> ignore system config info
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y

You must reset or power cycle for new configuration to take effect
rommon 2 > reset
Resetting .......
rommon 3 >
**********************************************************
* *
* *
**********************************************************


IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
Main Memory : 256 Mbytes

. . . . .
******** The system will autoboot now ********

config-register = 0x2142
Autobooting using BOOT variable specified file.....
Current BOOT file is --- bootflash:
Rommon reg: 0x2B004180

Decompressing the image : ###########################
#####################################################
####################################### [OK]
k2diags version 1.6
prod: WS-X4014 part: 73-6854-07 serial: JAB0546060Z
Power-on-self-test for Module 1: WS-X4014

Status: (. = Pass, F = Fail)
Traffic using serdes loopback (L2; one port at a time)...

switch port 0: . switch port 1: . switch port 2: .
Module 1 Passed
Exiting to ios...
Rommon reg: 0x2B000180

Decompressing the image : ##########################
######################################################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.

170 West Tasman Drive
San Jose, California 95134-1706

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.

Press RETURN to get started!
00:00:21: %SYS-5-RESTART: System restarted --

00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold
start
Switch> enable
Switch# show version
ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes

Configuration register is 0x2142
Switch#
Switch#configure memory
Uncompressed configuration from 1307 bytes to 3014 bytes

c-4006-SUPIII#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#show running-config
Current configuration : 3014 bytes

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!
vlan 20
private-vlan primary
!
vlan 100
!
vlan 202
private-vlan association 440
!
vlan 440
private-vlan isolated
!
vlan 500
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
!
!
interface GigabitEthernet1/1
no switchport
ip address 10.1.1.1 255.255.255.0
ip pim dense-mode
!
interface GigabitEthernet1/2
no switchport
ip address 20.1.1.1 255.255.255.0
!
!
interface Vlan1
ip address 172.16.84.140 255.255.255.0
ip pim dense-mode
!
interface Vlan2
no ip address
shutdown
!
interface Vlan20
no ip address
shutdown
!
!
line con 0
stopbits 1
line vty 0 4
login
!
end
c-4006-SUPIII#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret
!--- This step is necessary if the switch had !--- an enable secret password.
c-4006-SUPIII(config)#enable secret < password >

[Choose a strong password with at least one capital letter,
one number, and one special character.]
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)#^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write memory
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes

Configuration register is 0x2142 (will be 0x2102 at next reload)
c-4006-SUPIII#

Password Recovery Procedure For Catalyst 4500

Uploaded by

Copyright:

Available Formats

Password Recovery Procedure For Catalyst 4500

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Password Recovery Procedure For Catalyst 4500

Uploaded by

Copyright:

Available Formats

Password Recovery Procedure for Catalyst 4500/4000 Supervisor Engine II+/II+TS/II+10GE/III/IV/V/V

There are no specific requirements for this document.

1. Power cycle the device.

!--- Here, you power cycle the switch.

ROM Monitor Program Version 12.1(10r)EY(1.21)

Board type 1, Board revision 7

Timer interrupt test passed.

MAC Address : 00-02-b9-83-af-fe

***** The system will autoboot in 5 seconds *****

Type control-C to prevent autobooting.

!--- At this point, press Ctrl-C.

Autoboot cancelled......... please wait!!!

!--- The module ended in the ROMmon.

rommon 1 > [interrupt]

2. Issue the confreg command at the rommon prompt.

rommon 1 > set

do you wish to change the configuration? y/n [n]: y

change console baud rate? y/n [n]: n

change the boot characteristics? y/n [n]: n

do you wish to save this configuration? y/n [n]: y

rommon 1 >confreg 0x2142

3. Issue the reset command so that the module reboots.

rommon 2 > reset

!--- Output suppressed.

!--- Press Return.

00:00:21: %SYS-5-RESTART: System restarted --

4. Make sure that the configuration register value is 0x2142.

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes

Configuration register is 0x2142

5. Issue the configure memory command or the copy startup-config running-config

Uncompressed configuration from 1307 bytes to 3014 bytes

Now you are ready to change the password on the module.

35. Issue these commands to change the password:

!--- This step saves the configuration.

!--- This step verifies the value change.

Cisco Internetwork Operating System Software

cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes

Configuration register is 0x2142 (will be 0x2102 at next reload)

At this point, you have changed the password.

Sample Output/Example Procedure

!--- Here, you power cycle the switch.

ROM Monitor Program Version 12.1(10r)EY(1.21)

Board type 1, Board revision 7

Timer interrupt test passed.

MAC Address : 00-02-b9-83-af-fe

***** The system will autoboot in 5 seconds *****

Type control-C to prevent autobooting.

!--- At this point, press Ctrl-C.

Autoboot cancelled......... please wait!!!

rommon 1 > [interrupt]

rommon 1 > confreg

do you wish to change the configuration? y/n [n]: y

change console baud rate? y/n [n]: n

change the boot characteristics? y/n [n]: n

do you wish to save this configuration? y/n [n]: y

rommon 2 > reset

ROM Monitor Program Version 12.1(10r)EY(1.21)

Board type 1, Board revision 7

Timer interrupt test passed.

* The system will autoboot in 5 seconds *

* The system will autoboot in 5 seconds *

* The system will autoboot in 5 seconds *

The system will autoboot now