Guest

Cisco Catalyst 6500 Series Switches

Password Recovery Procedure for the Catalyst 1200, 1400, 2901, 2902, 2926T/F, 2926GS/L, 2948G, 2980G, 4000, 5000, 5500, 6000, 6500 Running CatOS

Cisco - Password Recovery Procedure for the Catalyst 1200, 1400, 2901, 2902, 2926T/F, 2926GS/L, 2948G, 2980G, 4000, 5000, 5500, 6000, 6500 Running CatOS

Introduction

This document describes how to recover a password on these Cisco products running Catalyst OS (CatOS) software on the Supervisor Engine:

  • Catalyst 1200
  • Catalyst 2926T/F
  • Catalyst 4500/4000
  • Catalyst 1400 FDDI concentrator
  • Catalyst 2926GS/L
  • Catalyst 5000
  • Catalyst 2901
  • Catalyst 2948G
  • Catalyst 5500
  • Catalyst 2902
  • Catalyst 2980G
  • Catalyst 6500/6000

If you run Cisco IOS® Software on Catalyst 4500/4000 or 6500/6000 series switches, or you need to recover a password on a router module, refer to this document:

Prerequisites

Requirements

There are no specific requirements for this document.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Step-by-Step Procedure

To recover your password, follow these steps:

  1. Attach a terminal or PC with terminal emulation to the console port of the switch.

    Use these terminal settings:

    • 9600 baud rate

    • No parity

    • 8 data bits

    • 1 stop bit

    Note: For additional information on cabling and the connection of a terminal to the console port, refer to the document Connecting a Terminal to the Console Port on Catalyst Switches.

  2. Turn off the switch, and then turn the switch back on.

    Wait a few minutes after the power reset, if necessary, for the switch to present the first password prompt.

    Important: After the presentation of the first password prompt, you have 30 seconds to complete the recovery procedure that follows in Steps 3–7. Because you only have 30 seconds to complete this procedure, press Enter whenever the switch prompts you for an old or new password. This action is the equivalent of the entry of a null character and allows you to complete the recovery quickly.

    A failure of any of the steps that follow indicates that you have exceeded the 30-second time limit. If you exceed the limit, you need to power off/on the switch again. You need to return to Step 3 and start the procedure over.

  3. Press Enter at the password prompt to enter a null password.

  4. Type enable at the prompt to enter enable mode.

  5. Press Enter at the password prompt to enter a null password.

  6. Change the password with the issue of the set password command or the set enablepass command.

  7. Press Enter at the prompt to enter the old password.

    Important: If you receive a "sorry password incorrect" message at any point during Steps 3–8, remember to only press the Enter key at a prompt for a password. The message indicates that you exceeded the 30-second time limit. You need to power off/on the switch again, then return to Step 3 to repeat the procedure.

  8. At the successful completion of the password recovery, use the set password and set enablepass commands to configure secure passwords of your choice.

Sample Output of a Password Recovery Procedure from a Catalyst 6500/6000 Running CatOS

Console> (enable) 
System Bootstrap, Version 5.3(1) 
Copyright (c) 1994-1999 by Cisco Systems, Inc. 
c6k_sup1 processor with 65536 Kbytes of main memory 
Autoboot executing command: "boot bootflash:cat6000-sup.6-3-3.bin" 

Uncompressing file:  ########################################################### 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
################################################################################ 
############################## 

System Power On Diagnostics 
DRAM Size ....................64 MB 
Testing DRAM..................Passed 
NVRAM Size ...................512 KB 
Level2 Cache .................Present 

System Power On Diagnostics Complete 

Boot image: bootflash:cat6000-sup.6-3-3.bin 

Running System Diagnostics from this Supervisor (Module 1) 
This may take up to 2 minutes....please wait 

Cisco Systems Console 


!--- The first password prompt appears approximately 
!--- in this area, which depends on the platform.  
!--- As the modules power up, other console output 
!--- surrounds the prompt. Pay attention here 
!--- because you only have 30 seconds to complete the password 
!--- recovery procedure from this point.


2002 Apr 08 16:08:13 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for 
Module 1
Enter password: 

!--- Press Enter.

2002 Apr 08 16:08:15 %SYS-1-SYS_ENABLEPS: Power supply 1 enabled
2002 Apr 08 16:08:15 %SYS-1-SYS_ENABLEPS: Power supply 2 enabled
2002 Apr 08 16:08:18 %SYS-5-MOD_PWRON:Module 3 powered up
2002 Apr 08 16:08:18 %SYS-5-MOD_PWRON:Module 4 powered up
2002 Apr 08 16:08:25 %MLS-5-NDEDISABLED:Netflow Data Export disabled
2002 Apr 08 16:08:26 %MLS-5-MCAST_STATUS:IP Multicast Multilayer Switching is 
enabled
2002 Apr 08 16:08:26 %SYS-5-MOD_OK:Module 1 is online

Console> enable

Enter password: 2002 Apr 08 16:08:37 %SYS-5-MOD_OK:Module 3 is online
2002 Apr 08 16:08:37 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for 
Module 3

Console> (enable) set password
Enter old password: 

!--- Press Enter.

Enter new password: 

!--- Press Enter.

Retype new password: 

!--- Press Enter.

Password changed.
Console> (enable) set enablepass
Enter old password: 

!--- Press Enter.

Enter new password: 

!--- Press Enter.

Retype new password: 

!--- Press Enter.

Password changed.
Console> (enable) 2002 Apr 08 16:09:12 %SYS-5-MOD_OK:Module 4 is online
2002 Apr 08 16:09:12 %SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for 
Module 4
2002 Apr 08 16:09:14 %SYS-5-MOD_OK:Module 15 is online

Console> (enable)

Software and Password Recovery Through the Short of Pins on the Catalyst 1200

Use this procedure if the software and password recovery procedure fails and your Catalyst 1200 does not reboot when the switch runs software. This procedure is similar to the access of ROM monitor (ROMmon) mode on a router. Essentially, this procedure provides you with enough switch functionality to download the software to the switch again.

  1. Remove the cover of the switch.

  2. Locate pins JP17 and short them.

    You find the pins to the right of all the LEDs and to the left of the RESET button.

  3. Reboot the switch.

    The switch comes back with the boot prompt.

  4. At the boot prompt, you can define an IP address with the ifconfig command and download Network Management Processor (NMP) and Data Movement Processor (DMP) software.

If these steps do not work, you probably need new hardware.

Related Information

Updated: Apr 10, 2006
Document ID: 12043