Guest

Cisco Catalyst 5000 Series Switches

Password Recovery Procedure for the Catalyst 5500 Supervisor RSFC

Document ID: 22402

Updated: Apr 10, 2006

   Print

Introduction

This document describes the password recovery procedure for the Catalyst 5500 Supervisor Route Switch Feature Card (RSFC).

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Step-by-Step Procedure

Please follow the steps below to recover your password.

  1. Attach a terminal or PC with terminal emulation to the console port of the RSFC. Use the following terminal settings:

    • 9600 baud rate

    • No parity

    • 8 data bits

    • 1 stop bit

    • No flow control

    A Supervisor with RSFC has two console ports. The console port on the left is the supervisor console port and the one on the right is the RSFC console port. Both ports are appropriately labeled on top.

    Note: For additional information on cabling and connecting a terminal to the console port, refer to Connecting a Terminal to the Console Port on Catalyst Switches.

  2. If you still have access to the router, issue the show version command and record the setting of the configuration register, which is usually 0x2102 or 0x102.

    RSFC>show version
    
    Cisco Internetwork Operating System Software
    IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE
    Copyright (c) 1986-2000 by cisco Systems, Inc.
    Compiled Wed 12-Jan-00 19:20 by integ
    Image text-base: 0x60009900, data-base: 0x60CF0000
    
    ROM: System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE
    
    Router uptime is 4 hours, 11 minutes
    System restarted by power-on
    Running default software
    cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory.
    Processor board ID 15934105
    R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
    Last reset from power-on
    Bridging software.
    X.25 software, Version 3.0.0.
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    TN3270 Emulation software.
    1 Virtual Ethernet/IEEE 802.3 interface(s)
    123K bytes of non-volatile configuration memory.
    4096K bytes of packet SRAM memory.
    
    32768K bytes of Flash internal SIMM (Sector size 256K).
    Configuration register is 0x2102
    
  3. If you don't have access to the router (because of a lost login or TACACS password), you can safely consider that your configuration register is set to 0x2102.

  4. Move the console cable to the supervisor console port

  5. Issue the show module command once in the enable mode on the supervisor to determine which slot the RSFC card on. The RSFC module will be in slot 15 or 16.

    Switch (enable) show module
    Mod Slot Ports Module-Type               Model               Status
    --- ---- ----- ------------------------- ------------------- --------
    1   1    2     1000BaseX Supervisor IIIG WS-X5550            ok
    15  1    1     Route Switch Feature Card WS-F5541            ok
    4   4    2     MM OC-3 Dual-Phy ATM      WS-X5158            ok
    8   8    24    10/100BaseTX Ethernet     WS-X5224            ok
    10  10   12    100BaseTX Ethernet        WS-X5113            ok
    13  13         ASP/SRP                   
    
    Mod Module-Name         Serial-Num
    --- ------------------- --------------------
    1                       00022123313
    15                      15934105   
    4                       00017991354
    8                       00010911529
    10                      00002203857
    
    Mod MAC-Address(es)                        Hw     Fw         Sw
    --- -------------------------------------- ------ ---------- -----------------
    1   00-50-53-7e-10-00 to 00-50-53-7e-13-ff 1.2    5.1(1)     5.2(4)
    15  00-30-f2-c9-57-00 to 00-30-f2-c9-57-3f 1.0    12.0(7)W5( 12.0(7)W5(16)
    4   00-10-7b-42-ef-73                      2.4    1.3        12.0(16)W5(21) 
    8   00-10-7b-e9-fd-e0 to 00-10-7b-e9-fd-f7 1.4    3.1(1)     5.2(4)
    10  00-40-0b-d5-0e-10 to 00-40-0b-d5-0e-1b 1.4    1.2        5.2(4)
  6. Reset the RSFC module you want to do password recovery on. Issue the reset <mod> command to do this.

    Switch(enable) reset 15
    cs-c5500-11a (enable) RSFC (mod 15, slot 1) is being reset
    RSFC (mod 15, slot 1) present
  7. Move the console cable to the RSFC console.

  8. Issue the break sequence on the terminal keyboard within the first few seconds of the power-up to put the RSFC into ROM monitor (ROMmon) mode. If the break sequence doesn't work, refer to Possible Key Combinations for Break Sequence During Password Recovery for other key combinations.

    The RSFC will boot to a rommon> prompt.

    System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE 
    Copyright (c) 1998 by cisco Systems, Inc.
    Cat5k-RSFC platform with 131072 Kbytes of main memory
    
    
    !--- A break-sequence has been sent here.
    
    
    monitor: command "boot" aborted due to user interrupt
    rommon 1 > 
  9. Issue the set command at the rommon> prompt to show the current boot variable settings.

    rommon 1 > set
    PS1=rommon ! > 
    BOOT=bootflash:c5rsfc-js-mz_120-7_W5_16.bin,1;
    ?=0
  10. Issue the dir bootflash: command at the rommon> prompt to display the files present in the bootflash device. Verify that the BOOT variable matches the image filename you want the RSFC to execute.

    rommon 2 > dir bootflash:
             File size           Checksum   File name
       5295636 bytes (0x50ce14)   0x8567ca43    c5rsfc-js-mz_120-7_W5_16.bin 
  11. Type confreg 0x2142 at the rommon> prompt to configure the RSFC to boot without its configuration.

    rommon 2 > confreg 0x2142
    You must reset or power cycle for new config to take effect.
  12. At this point, the RSFC needs to be reset with the new configuration register. If your boot string matched the file name in Step 10, proceed to Step 16. If not, continue on to Step 13.

    Type reset at the rommon> prompt.

    rommon 3 > reset
    
  13. Issue the break sequence again to break into ROMmon mode.

    System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE 
    Copyright (c) 1998 by cisco Systems, Inc.
    Cat5k-RSFC platform with 131072 Kbytes of main memory
    
    
    !--- A break-sequence has been sent here.
    
    monitor: command "boot" aborted due to user interrupt
    rommon 1 >
  14. Display the current software in bootflash by issuing the dir bootflash: command and record the valid software image filename you intend to use.

    rommon 1 > dir bootflash:
             File size           Checksum   File name
       5295636 bytes (0x50ce14)   0x8567ca43    c5rsfc-js-mz_120-7_W5_16.bin
    
  15. Boot the system with the boot bootflash:<IMAGE filename> command.

    rommon 2 > boot bootflash:c5rsfc-js-mz_120-7_W5_16.bin
    
  16. After the system boots, answer No to all the set-up questions or press Ctrl-C to skip the initial set-up procedure.

    Self decompressing the image : ######################################################################
    ##############################]
    
                  Restricted Rights Legend
    
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
    
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    
    Cisco Internetwork Operating System Software 
    IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16)  RELEASE SOFTWARE 
    Copyright (c) 1986-2000 by cisco Systems, Inc.
    Compiled Wed 12-Jan-00 19:20 by integ
    Image text-base: 0x60009900, data-base: 0x60CF0000
    
    cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory.
    Processor board ID 15934105
    R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
    Last reset from power-on
    Bridging software.
    X.25 software, Version 3.0.0.
    SuperLAT software (copyright 1990 by Meridian Technology Corp).
    TN3270 Emulation software.
    1 Virtual Ethernet/IEEE 802.3  interface(s)
    123K bytes of non-volatile configuration memory.
    4096K bytes of packet SRAM memory.
    
    32768K bytes of Flash internal SIMM (Sector size 256K).
    
             --- System Configuration Dialog ---
    
    Would you like to enter the initial configuration dialog? [yes/no]: 
    
    
    !--- Ctrl-C pressed.
    
    
    Press RETURN to get started!
    
    00:00:19: %LINK-3-UPDOWN: Interface IBC0, changed state to up
    00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface IBC0, changed state to up
    00:01:40: %SYS-5-RESTART: System restarted --
    Cisco Internetwork Operating System Software 
    IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16)  RELEASE SOFTWARE 
    Copyright (c) 1986-2000 by cisco Systems, Inc.
    Compiled Wed 12-Jan-00 19:20 by integ
    Router>
  17. Issue the enable command at the Router> prompt. This will put you in enable mode and you will see the Router# prompt.

    Router>
    Router>enable 
  18. Issue the config mem or copy startup-config running-config command to copy the Nonvolatile RAM (NVRAM) into memory.

    This is a crucial step. DO NOT save the configuration 
    (do not use write mem or copy running-config startup-config)
    
    Router#copy startup-config running-config
    Destination filename [running-config]? 
    729 bytes copied in 0.168 secs
  19. Issue the write terminal or show running-config commands.

    At this point, you should see the full configuration with the unknown enable password or enable secret.

  20. Issue the configure terminal command to make the necessary changes. The prompt is now hostname(config)# .

    RSFC#configure terminal        
    Enter configuration commands, one per line.  End with CNTL/Z.
    RSFC(config)#
  21. Issue the enable secret <PASSWORD>. Replace <PASSWORD> with your new password.

    RSFC(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.]
    
  22. Type config-register 0x2102 to change the RSFC to boot using the configuration with the new password.

    RSFC(config)#config-register 0x2102
    
  23. Press Ctrl-Z to leave the configuration mode. The prompt is now hostname# .

    RSFC(config)#^Z
    RSFC#
    00:02:45: %SYS-5-CONFIG_I: Configured from console by console
  24. Issue the show ip interface brief command to make sure that the interfaces that were in use earlier are showing up/up status. If any of the interfaces that were in use before the password recovery show down/down, issue the no shutdown inteface configuration command on that particular interface to bring it up

    RSFC#show ip interface brief
    Interface                  IP-Address      OK? Method Status                Protocol
    IBC0                       unassigned      YES unset  up                    up      
    Vlan1                      10.1.1.1        YES TFTP   administratively down down    
    Vlan2                      20.1.1.1        YES TFTP   administratively down down    
    RSFC#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    RSFC(config)#interface vlan 1
    RSFC(config-if)#no shutdown
    
  25. Press Ctrl-Z to leave the configuration mode. The prompt is now hostname# .

    RSFC(config-if)#^Z
    RSFC#
    00:03:03: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
    00:03:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
    00:03:14: %SYS-5-CONFIG_I: Configured from console by console
  26. Issue the write memory or copy running-config startup-config commands to commit the changes.

    RSFC#write memory
    Building configuration...
    [OK]
  27. At this point, the password has been changed. Move the console cable back to supervisor console port to get back to supervisor if needed.

Example of a Password Recovery on the Catalyst 5500 RSFC Module


!--- Console cable is initially in RSFC console port.

RSFC>show version
Cisco Internetwork Operating System Software
IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 12-Jan-00 19:20 by integ
Image text-base: 0x60009900, data-base: 0x60CF0000
ROM: System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE
Router uptime is 4 hours, 11 minutes
System restarted by power-on
Running default software
cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory.
Processor board ID 15934105
R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Virtual Ethernet/IEEE 802.3 interface(s)
123K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
 
32768K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102

!--- Console cable is moved back to supervisor console from RSFC console port.

Switch (enable) show module
Mod Slot Ports Module-Type               Model               Status
--- ---- ----- ------------------------- ------------------- --------
1   1    2     1000BaseX Supervisor IIIG WS-X5550            ok
15  1    1     Route Switch Feature Card WS-F5541            ok  
4   4    2     MM OC-3 Dual-Phy ATM      WS-X5158            ok
8   8    24    10/100BaseTX Ethernet     WS-X5224            ok
10  10   12    100BaseTX Ethernet        WS-X5113            ok
13  13         ASP/SRP                   

Mod Module-Name         Serial-Num
--- ------------------- --------------------
1                       00022123313
15                      15934105   
4                       00017991354
8                       00010911529
10                      00002203857

Mod MAC-Address(es)                        Hw     Fw         Sw
--- -------------------------------------- ------ ---------- -----------------
1   00-50-53-7e-10-00 to 00-50-53-7e-13-ff 1.2    5.1(1)     5.2(4)
15  00-30-f2-c9-57-00 to 00-30-f2-c9-57-3f 1.0    12.0(7)W5( 12.0(7)W5(16)
4   00-10-7b-42-ef-73                      2.4    1.3        12.0(16)W5(21) 
8   00-10-7b-e9-fd-e0 to 00-10-7b-e9-fd-f7 1.4    3.1(1)     5.2(4)
10  00-40-0b-d5-0e-10 to 00-40-0b-d5-0e-1b 1.4    1.2        5.2(4)
cs-c5500-11a (enable)   reset 15

Switch(enable) reset 15
cs-c5500-11a (enable) RSFC (mod 15, slot 1) is being reset
RSFC (mod 15, slot 1) present

!--- Console cable is moved from switch console port to the RSFC console port. 


System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE 
Copyright (c) 1998 by cisco Systems, Inc.
Cat5k-RSFC platform with 131072 Kbytes of main memory


!--- A break-sequence has been sent here.

 
monitor: command "boot" aborted due to user interrupt
rommon 1 > 
rommon 1 > set
PS1=rommon ! > 
BOOT=bootflash:c5rsfc-js-mz_120-7_W5_16.bin,1; 
?=0
rommon 2 > dir bootflash:
         File size           Checksum   File name
   5295636 bytes (0x50ce14)   0x8567ca43    c5rsfc-js-mz_120-7_W5_16.bin

rommon 3 > confreg 0x2142

You must reset or power cycle for new config to take effect.
rommon 4 > reset

System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE 
Copyright (c) 1998 by cisco Systems, Inc.
Cat5k-RSFC platform with 131072 Kbytes of main memory


!--- A break-sequence has been sent here.

rommon 1 > dir bootflash:
         File size           Checksum   File name
   5295636 bytes (0x50ce14)   0x8567ca43    c5rsfc-js-mz_120-7_W5_16.bin

rommon 2 > boot bootflash:c5rsfc-js-mz_120-7_W5_16.bin

Self decompressing the image : ########################################################################
############################]

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco Internetwork Operating System Software 
IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16)  RELEASE SOFTWARE 
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 12-Jan-00 19:20 by integ
Image text-base: 0x60009900, data-base: 0x60CF0000

cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory.
Processor board ID 15934105
R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Virtual Ethernet/IEEE 802.3  interface(s)
123K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.

32768K bytes of Flash internal SIMM (Sector size 256K).

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: 


!--- Ctrl-C pressed.


Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface IBC0, changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface IBC0, changed state to up
00:01:40: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software 
IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16)  RELEASE SOFTWARE 
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 12-Jan-00 19:20 by integ
Router>
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]? 
729 bytes copied in 0.168 secs
RSFC#configure terminal        
Enter configuration commands, one per line.  End with CNTL/Z.
RSFC(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.]
RSFC(config)#config-register 0x2102
RSFC(config)#^Z
RSFC#
00:02:45: %SYS-5-CONFIG_I: Configured from console by console
RSFC#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
IBC0                       unassigned      YES unset  up                    up      
Vlan1                      10.1.1.1        YES TFTP   administratively down down    
Vlan2                      20.1.1.1        YES TFTP   administratively down down    
RSFC#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
RSFC(config)#interface vlan 1
RSFC(config-if)#no shutdown
RSFC(config-if)#^Z
RSFC#
00:03:03: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
00:03:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
00:03:14: %SYS-5-CONFIG_I: Configured from console by console
RSFC#write memory
Building configuration...
[OK]

Related Information

Updated: Apr 10, 2006
Document ID: 22402