Catalyst Switch Password Reset


Lab Prerequisites:

  • You’ll need an active Console session with the switch you’re unable to access.
  • You’ll need to be physically located near the switch to perform this procedure.

Lab Objectives:

  • Boot the switch into SWITCH ROM by holding the MODE button down and plugging in the power to the switch.
  • Rename the configuration file in flash to a different name such as; config.old
  • Boot the switch and copy the contents of flash:config.old into the running configuration after you’ve obtained privilege level access.
  • Copy the updated configuration to NVRAM by syncing the running config with the start-up config.

Lab Instruction:

Step 1. Boot the switch into SWITCH ROM by holding down the MODE button on the front left hand side of the switch and plugging the power into the switch. Note that different switches require you to hold the MODE button for different periods of time.

Shown below is a table showing the time you’re required to hold down the MODE button after powering plugging in the power to the switch.


Cisco Catalyst Switch Series LED Behavior and Mode Button Release Action
2900XL, 3500XL, 3550 Release the Mode button after the LED above port FastEthernet0/1 goes out.
2940, 2950 Release the Mode button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.
2960, 2970 Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.
3560, 3750 Release the Mode button after approximately 15 seconds when the SYST LED turns solid green. When you release the Mode button, the SYST LED blinks green.


Step 2. Once you’ve successfully booted into SWITCH ROM, you’ll see the following dispatch.


Boot Sector Filesystem (bs) installed, fsid: 2

Base ethernet MAC Address: 00:14:f2:d2:41:80

Xmodem file system is available.

The password-recovery mechanism is enabled.

The system has been interrupted prior to initializing the flash filesystem.  The following commands will initialize the flash filesystem, and finish loading the operating
system software:





Step 3. Once your at the SWITCH ROM prompt you’ll need to initialize the flash by typing the flash_init command.



Initializing Flash…

flashfs[0]: 5 files, 1 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 15998976

flashfs[0]: Bytes used: 12282368

flashfs[0]: Bytes available: 3716608

flashfs[0]: flashfs fsck took 10 seconds.

…done Initializing Flash.



Step 4. List the files stored in flash to view the avaliable configuration text files. By default the configuration file name is config.text;


switch:dir flash:

Directory of flash:/

1  -rwx  10573494                 c3560-advipservicesk9-mz.122-44.SE6.bin
2  -rwx  684                      vlan.dat
3  -rwx  1938                     private-config.text
4  -rwx  1654                     config.text
5  -rwx  3096                     multiple-fs

3716608 bytes available (10508886 bytes used)



Step 5. You’ll see in the given example above the config.text file which is 1654 bytes, rename this file to config.old

If you wish to just erase the configuration instead of resetting the password you can use the delete flash:config.text command.


switch:rename flash:config.text flash:config.old


Step 6. After you’ve renamed the config.text file to config.old verify that the file was indeed renamed correctly by doing the dir flash: command. Once you’ve verified that the config file has been renamed boot the switch with the boot command.


Step 7. Once the switch has booted you will be prompted by the initial configuration setup prompt, disregard this to gain user mode access.


         — System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: n



Step 8. OPTIONAL – If you do not intend to reset the password as stated by the NOTE in step 5, you can stop now. If you wish to reset the password on the previous configuration continue to step 9.


Step 9. Change to privileged mode and copy the contents of the old start-up configuration to the running config using the command copy flash:config.old run



Switch#copy flash:config.old run

Destination filename [running-config]?

1654 bytes copied in 9.647 secs (171 bytes/sec)



Step 10. After you’ve loaded the old configuration file as the running configuration and you’re in privileged mode you’ll be able to change the passwords such as enable secret or line passwords. Once you’ve changed these passwords you can save the configuration by issuing the copy run start command.


Switch#configure terminal

Switch(config)#enable password NEWENABLEPASSWORD

Switch(config)#line con0

Switch(config-line)#password NEWCONSOLELINEPASSWORD


Switch#copy run start

Destination filename [startup-config]?

Building configuration…


0 bytes copied in 1.309 secs (0 bytes/sec)




Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.