Guest

Cisco Catalyst 4000 Series Switches

Password Recovery Procedure for the Catalyst WS-X4232-L3 Router Module

Document ID: 22424

Updated: Apr 10, 2006

   Print

Introduction

This document describes the procedure for recovering an enable password or enable secret password for the WS-X4232-L3 Layer 3 (L3) services module for the Catalyst 4000. These passwords are used to protect access to privileged EXEC and configuration modes. The enable password can be recovered, but the enable secret password is encrypted and can only be replaced with a new password using the following procedure.

Prerequisites

Requirements

There are no specific requirements for this document.

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Step-by-Step Procedure

Follow these instructions for password recovery.

  1. This procedure requires that the 4232-L3 module be reset and for you to break into ROM Monitor mode (ROMmon). You can not issue the reload command on the L3 module because this can only be done from the router enable prompt (Router#), and that requires the missing enable password, as shown in the following example:

    Router>enable 
    Password: 
    Password: 
    Password: 
    % Bad secrets
    
    !-- The output after three failed attempts to enter the correct password.
    
    

    This means you must either reset the module from the switch (preferred method), or physically reseat the L3 module, which is more involved. For this reason, it is recommended that you have both of the following:

    • a console connection or Telnet session to the Catalyst 4000 supervisor engine.

    • a console connection to the L3 module.

    Attach a terminal or PC with terminal emulation to the console port of the 4232-L3 router module. Either attach a console cable to the Catalyst 4000 supervisor engine, or telnet to it.

    Use the following terminal settings for the console connections:

    • 9600 bps

    • No parity

    • Eight data bits

    • One stop bit

    • No flow control

    For more information on the required console cable specifications, refer to the following document:

  2. If you still have access to the Router> prompt, issue the show version command and record the setting of the configuration register, as shown in the following example. It is usually 0x2102 or 0x102, as shown in the following example:

    Router>show version
     
    Cisco Internetwork Operating System Software 
    IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(18)W5(22b) REL 
    Copyright (c) 1986-2002 by cisco Systems, Inc. 
    Compiled Fri 08-Feb-02 11:40 by integ 
    Image text-base: 0x60010928, data-base: 0x60616000 
    
    ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE 
    
    Router uptime is 4 days, 23 hours, 4 minutes 
    System restarted by power-on 
    Running default software 
    
    cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory. 
    R5000 processor, Implementation 35, Revision 2.1 
    Last reset from power-on 
    1 FastEthernet/IEEE 802.3 interface(s) 
    4 Gigabit Ethernet/IEEE 802.3z interface(s) 
    123K bytes of non-volatile configuration memory. 
    
    16384K bytes of Flash internal SIMM (Sector size 256K). 
    
    Configuration register is 0x2102
    
  3. If you do not have access to the Router> prompt (because of a lost login or TACACS password), you can safely consider that your configuration register is set to 0x2102.

  4. Assuming you have a console connection or Telnet session to the supervisor as recommended previously, you can now issue the show module command to determine the slot number of the L3 module, followed by a reset < x >, where < x > is the slot number.

    Switch> (enable) show module
    Mod Slot Ports Module-Type               Model               Sub Status
    --- ---- ----- ------------------------- ------------------- --- --------
    1   1    2     1000BaseX Supervisor      WS-X4013            no  ok
    2   2    34    10/100/1000 Ethernet      WS-X4232-GB-RJ      no  OK
    3   3    34    Router Switch Card        WS-X4232-L3         no  OK
    
    Mod Module-Name         Serial-Num
    --- ------------------- --------------------
    1                       JAB043300MG
    2                       JAE042921NV
    3                       JAB054306MQ
    
    Mod MAC-Address(es)                        Hw     Fw         Sw
    --- -------------------------------------- ------ ---------- -----------------
    1   00-02-fd-4c-52-00 to 00-02-fd-4c-55-ff 1.2    5.4(1)     6.1(3a)
    2   00-02-4b-a0-78-7e to 00-02-4b-a0-78-9f 2.3
    3   00-07-0e-b5-4c-3c to 00-07-0e-b5-4c-5d 1.7    12.0(7)W5( 12.0(18)W5(22b)
     
    Switch> (enable) reset 3
    This command will reset module 3.
    Do you want to continue (y/n) [n]? y
    2002 Apr 05 15:55:40 %SYS-5-MOD_RESET:Module 3 reset from Console//
    Resetting module 3...
    Switch> (enable)
    

    Now, either move the cable over to the L3 module console port, or if you already have a separate connection to the L3 module console port, proceed directly to the next step.

    Note: If for some reason you do not have Telnet or console access to the supervisor, you will have to establish a console connection to the L3 module, physically unscrew the captive installation screws, pull back the ejector levers to unseat it, push back in the L3 module, and tighten it back down. This will also cause the module to reset. However, be aware that no access to the Catalyst 4000 supervisor could indicate a more serious problem with the switch. For more information on troubleshooting procedures, refer to the following document:

  5. Press Break on the terminal keyboard within 60 seconds of the power-up to put the router into ROMmon, as shown in the following example:

    
    !-- The 4232-L3 was just reset from the switch, and during bootup a 
    !-- break sequence was sent to the 4232-L3. 
    
    
    ! 
    
    *** System received an abort due to Break Key *** 
      
    
    signal= 0x3, code= 0x500, context= 0x813ac158 
    
    PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030
    

    If the break sequence does not work, refer to the following document for other key combinations:

  6. Issue the confreg 0x2142 command at the rommon 1> prompt to boot from Flash without loading the configuration, as in the following example:

    rommon 1> confreg 0x2142
    
  7. Issue the reset command at the rommon 2> prompt. The 4232-L3 reboots, but ignores its saved configuration, as in the following example:

    rommon 2> reset 
      
      
    ROMMON: Entered init 
    ROMMON: Cold Reset frame @0x00000000 
    ROMMON: Reading reset reason register 
    ROMMON: Valid NVRAM config 
    
    System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE 
    Copyright (c) 2000 by cisco Systems, Inc. 
    
    ROMMON: Initializing exceptions 
    ROMMON: Initializing TLB 
    ROMMON: Initializing cache 
    ROMMON: Sizing and zeroing main memory ... 64 MBytes 
    ROMMON: Sizing nonvolatile memory ... 128 KBytes 
    ROMMON: Exiting init 
    
    Catalyst-4232 platform with 65536 Kbytes of main memory 
      
    
    Self decompressing the image : ################################################[OK] 
      
      
    
    Inside platform_power_on_main() 
    Inside platform_main() 
    
    Initializing GT64120 and FX1000 Subsystem ... done. 
    Downloading TCAM FPGA ... done. 
    Initializing Temperature Monitoring Subsystem ... done. 
    Self decompressing the image : ################################################[OK] 
    Inside platform_power_on_main() 
    Inside platform_main() 
      
    
     Restricted Rights Legend 
      
      
    
    Use, duplication, or disclosure by the Government is 
    
    subject to restrictions as set forth in subparagraph 
    
    (c) of the Commercial Computer Software - Restricted 
    
    Rights clause at FAR sec. 52.227-19 and subparagraph 
    
    (c) (1) (ii) of the Rights in Technical Data and Computer 
    
    Software clause at DFARS sec. 252.227-7013. 
      
      
    
     cisco Systems, Inc. 
    
     170 West Tasman Drive 
    
     San Jose, California 95134-1706 
      
      
    
    Cisco Internetwork Operating System Software 
    IOS (TM) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(18)W5(22b) REL 
    Copyright (c) 1986-2002 by cisco Systems, Inc. 
    Compiled Fri 08-Feb-02 11:40 by integ 
    Image text-base: 0x60010928, database: 0x60616000 
      
    
    Initializing GT64120 and FX1000 Subsystem ... done. 
    Downloading TCAM FPGA ... done. 
    Initializing Switch Fabric Driver Subsystem ... done. 
    Initializing Temperature Monitoring Subsystem ... done. 
    cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory. 
    R5000 processor, Implementation 35, Revision 2.1 
    Last reset from power-on 
    1 FastEthernet/IEEE 802.3 interface(s) 
    4 Gigabit Ethernet/IEEE 802.3z interface(s) 
    123K bytes of nonvolatile configuration memory. 
    
    16384K bytes of Flash internal SIMM (Sector size 256K). 
      
      
    
    --- System Configuration Dialog ---
    
  8. Type no after the initial configuration question, as in the following example:

    Would you like to enter the initial configuration dialog? [yes/no]: no
    
    Force linkup done for GigabitEthernet4 
    Force linkup done for GigabitEthernet3 
    
    Press RETURN to get started! 
    
    00:00:06: %LINK-3-UPDOWN: Interface FX1000, changed state to up 
    00:00:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Controller5, changed p 
    00:00:07: %LINK-3-UPDOWN: Interface FastEthernet1, changed state to up 
    00:00:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FX1000, changed statep 
    00:00:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changep 
    00:00:55: %SYS-5-RESTART: System restarted -- 
    Cisco Internetwork Operating System Software 
    IOS (TM) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(18)W5(22b) REL 
    Copyright (c) 1986-2002 by cisco Systems, Inc. 
    Compiled Fri 08-Feb-02 11:40 by integ 
    00:00:57: %LINK-5-CHANGED: Interface FastEthernet1, changed state to administran 
    00:00:58: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changen 
    00:01:12: WARNING: This will force the link-up with 1000Mbps and Full Duplex se. 
    00:01:12:          Make sure the partner port is also forced link up. 
    
    00:01:12: WARNING: This will force the linkup with 1000Mbps and Full Duplex se. 
    00:01:12:          Make sure the partner port is also forced link up. 
    
    00:01:14: Shifting IPC's over to fx1000 
    
    00:01:16: %LINK-3-UPDOWN: Interface GigabitEthernet4, changed state to up 
    00:01:16: %LINK-3-UPDOWN: Interface GigabitEthernet3, changed state to up 
    00:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet4, chap 
    00:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, chan 
    00:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3, chap 
    00:01:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, chan 
    
    Router>
    
  9. Issue the enable command at the Router> prompt. You will be in enable mode and see the Router# prompt, as in the following example.

    Note: Issue the configure memory or copy startup-config running-config commands to copy the Nonvolatile RAM (NVRAM) into memory. Do not issue the configure terminal command.

    Router>enable 
    Router#copy startup-config running-config 
    Destination filename [running-config]? 
    
    1324 bytes copied in 2.35 secs (662 bytes/sec) 
      
    
    GigabitEthernet3 added as member-1 to port-channel1 
    
    GigabitEthernet4 added as member-2 to port-channel1 
     1153 bytes copied in 0.432 secs 
    Router# 
    00:02:10: %AUTOSTATE-6-SHUT_DOWN: Putting interface Port-channel1.99 into Autose 
    Router# 
    00:02:12: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 
    00:02:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changep 
    Router#
  10. Issue the write terminal or show running-config commands. These commands show the configuration of the router. In the following configuration you see the shutdown command under most of the interfaces, which means these interfaces are currently shutdown. The Gig 3 and Gig 4 interfaces on the 4232-L3 are the internal gig ports to the switch backplane and are up by default.

    Also, you can see the passwords such as enable password, enable secret, vty, and console passwords either in encrypted or unencrypted format. The unencrypted passwords can be reused, but the encrypted ones will have to be changed with a new one.

    Router#show run 
    Building configuration... 
    Current configuration: 
    ! 
    version 12.0 
    no service pad 
    service timestamps debug uptime 
    service timestamps log uptime 
    no service password-encryption 
    ! 
    hostname Router 
    ! 
    enable secret 5 $1$pNhP$nbIOeznhCqoGaFnymkqru/ 
    ! 
    ip subnet-zero 
    ! 
    ! 
    ! 
    interface FastEthernet1 
     no ip address 
     no ip directed-broadcast 
     shutdown 
    ! 
    interface GigabitEthernet1 
     no ip address 
     no ip directed-broadcast 
     shutdown 
    ! 
    interface GigabitEthernet2 
     no ip address 
     no ip directed-broadcast 
     shutdown 
    ! 
    interface GigabitEthernet3 
     no ip address 
     no ip directed-broadcast 
     no negotiation auto 
    ! 
    interface GigabitEthernet4 
     no ip address 
     no ip directed-broadcast 
     no negotiation auto 
    ! 
    ip classless 
    ! 
    ! 
    line con 0 
     transport input none 
    line aux 0 
    line vty 0 4 
    ! 
    end 
    
    Router#
    
  11. Issue the configure terminal command and make the changes. Issue the enable secret <password> command to change the enable secret password, as in the following example:

    Router#configure terminal 
    Enter configuration commands, one per line. End with CNTL/Z. 
    Router(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.] 
    Router(config)#^Z 
    00:01:54: %SYS-5-CONFIG_I: Configured from console by console
    
  12. Issue the no shutdown command on every interface that is used. If you issue a show ip interface brief command, every interface that you want to use should be "up up."

    Router#show ip interface brief
    Interface                 IP-Address      OK? Method Status                Protocol
    FX1000:1                  unassigned      YES unset  up                    up
     
    FastEthernet1             unassigned      YES unset  administratively      down down
     
    GigabitEthernet1          unassigned      YES unset  administratively      down down
    
    GigabitEthernet2          unassigned      YES unset  administratively      down down
    
    GigabitEthernet3          unassigned      YES unset  up                    up
    
    GigabitEthernet4          unassigned      YES unset  up                    up
    
    Controller5               unassigned      YES unset  up                    up
    
    Router#
    
    
    Router#configure terminal
    
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#interface GigabitEthernet 1
    Router(config-if)#no shutdown
    Router(config-if)#exit
    Router(config)#interface GigabitEthernet 2
    Router(config-if)#no shutdown
    
    Router(config-if)#
    
    00:02:14: %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
    
    00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Interface 
    GigabitEthernet1, changed state to up
    00:02:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Interface 
    GigabitEthernet1, changed state to up
    
    Router(config-if)#^Z
    
    Router#
    
    00:02:35: %SYS-5-CONFIG_I: Configured from console by console
    
  13. Issue the config-register 0x2102 command, or the value you recorded in Step 2 of this document, as in the following example:

    Router#show version 
    Cisco Internetwork Operating System Software 
    IOS (TM) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(18)W5(22b) REL 
    Copyright (c) 1986-2002 by cisco Systems, Inc. 
    Compiled Fri 08-Feb-02 11:40 by integ 
    Image text-base: 0x60010928, database: 0x60616000 
    
    ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE 
    
    Router uptime is 50 minutes 
    System restarted by power-on 
    Running default software 
    
    cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory. 
    R5000 processor, Implementation 35, Revision 2.1 
    Last reset from power-on 
    1 FastEthernet/IEEE 802.3 interface(s) 
    4 Gigabit Ethernet/IEEE 802.3z interface(s) 
    123K bytes of nonvolatile configuration memory. 
    
    16384K bytes of Flash internal SIMM (Sector size 256K). 
    Configuration register is 0x2142 
    
    Router#configure terminal 
    Enter configuration commands, one per line. End with CNTL/Z. 
    Router(config)#config-register 0x2102 
    Router(config)#
    
  14. Press Ctrl-z or End to leave the configuration mode. Issue the write memory or copy running-config startup-config commands to commit the changes, as in the following example:

    Router(config)#^Z 
    00:03:20: %SYS-5-CONFIG_I: Configured from console by console 
    Router#copy running-config startup-config
     
    Destination filename [startup-config]? 
     
    Building configuration... 
    
    [OK] 
    
    Router#show version 
    
    Cisco Internetwork Operating System Software 
    IOS (TM) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(18)W5(22b)  REL 
    Copyright (c) 1986-2002 by cisco Systems, Inc. 
    Compiled Fri 08-Feb-02 11:40 by integ 
    Image text-base: 0x60010928, database: 0x60616000 
    
    ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE 
    
    Router uptime is 50 minutes 
    System restarted by power-on 
    Running default software 
    
    cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory. 
    R5000 processor, Implementation 35, Revision 2.1 
    Last reset from power-on 
    1 FastEthernet/IEEE 802.3 interface(s) 
    4 Gigabit Ethernet/IEEE 802.3z interface(s) 
    123K bytes of nonvolatile configuration memory. 
    
    16384K bytes of Flash internal SIMM (Sector size 256K). 
    Configuration register is 0x2142 (will be 0x2102 at next reload) 
    
    Router#
    

Related Information

Updated: Apr 10, 2006
Document ID: 22424