Password Recovery Procedure for Cisco NX-OS
This document describes how to recover a lost network administrator password from the console port of a device that operates with Cisco NX-OS.
The Cisco NX-OS software is a data center-class operating system that is based on the Cisco SAN-OS software. The Cisco NX-OS software fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) that is similar to Cisco IOS software.
This document includes the following sections:
Prerequisites
This section describes the prerequisites to performing the recovery procedure and includes the following topics:
Requirements
On a device with two supervisor modules, you must perform the password recovery procedure on the supervisor module that will become the active module after you complete the recovery procedure. To ensure that the other supervisor module does not become active, perform one of the following tasks:
-
Remove the other supervisor module from the chassis.
-
Change the console prompt of the other supervisor module to one of the following two prompts until the recovery procedure completes:
-
loader >
-
switch(boot) #
-
For more information about these prompts, see the documentation for your device.
Conventions
For more information about document conventions, see the Cisco Technical Tips Conventions at http://www.cisco.com/application/pdf/paws/17016/techtip_conventions.pdf
Recovering the Network Administrator Password
You can recover the network administrator password using one of these methods:
-
From the CLI with a username that has network-admin privileges
-
By power cycling the device
This section includes the following topics:
Using the CLI with Network-Admin Privileges
To use the command line-interface (CLI) with network-admin privileges, follow these steps:
Procedure
Step 1 |
Verify that your username has network-admin privileges.
|
Step 2 |
Assign a new network administrator password if your username has network-admin privileges.
|
Step 3 |
Save the configuration.
|
Power Cycling the Device
If you cannot start a session on the device that has network-admin privileges, you must recover the network administrator password by power cycling the device by following these two methods:
Caution |
The password recovery procedure disrupts all traffic on the device. All connections to the device will be lost for 2 to 3 minutes. |
Note |
|
Method One
To recover the network administrator password by power cycling the device, follow these steps:
Procedure
Step 1 |
Establish a terminal session on the console port of the active supervisor module.
|
||
Step 2 |
If you use SSH or a terminal emulator to access the console port or you are recovering the password on a Cisco Nexus 5000 Series switch running Cisco NX-OS Release 4.0(0)N1(2a) or earlier releases, go to Step Step 6. |
||
Step 3 |
If you use Telnet to access the console port, press Ctrl-] (right square bracket) to verify that it does not conflict with the Telnet escape sequence.
If the Cisco NX-OS login prompt remains and the Telnet prompt does not appear, go to Step Step 6. |
||
Step 4 |
If the Telnet prompt appears, change the Telnet escape sequence to a character sequence other than Ctrl-] (right square bracket). The following example shows how to set the Ctrl-\ as the escape key sequence in Microsoft Telnet:
|
||
Step 5 |
Press Enter one or more times to return to the Cisco NX-OS login prompt.
|
||
Step 6 |
Power cycle the device. |
||
Step 7 |
Press Ctrl-] (right square bracket) from the console port session when the device begins the Cisco NX-OS software boot sequence to enter the
|
||
Step 8 |
Reset the network administrator password.
|
||
Step 9 |
Display the
|
||
Step 10 |
Load the Cisco NX-OS system software image. In the following example, the system image filename is
|
||
Step 11 |
Log in to the device using the new administrator password.
The running configuration indicates that local authentication is enabled for logins through a console. You should not change the running configuration in order for the new password to work for the future logins. You can enable remote authentication after you reset and remember the administrator password that is configured on the AAA servers.
|
||
Step 12 |
Reset the new password to ensure that is it is also the Simple Network Management Protocol (SNMP) password.
|
||
Step 13 |
Insert the previously removed standby supervisor module into the chassis, if necessary. |
||
Step 14 |
Boot the Cisco NX-OS kickstart image on the standby supervisor module, if necessary. In the following example, the kickstart image filename is
|
||
Step 15 |
Load the Cisco NX-OS system software on the standby supervisor module, if necessary. In the following example, the system image filename is
|
||
Step 16 |
Save the configuration.
|
Method Two
You can reset the network administrator password by reloading the device.
Caution |
This procedure disrupts all traffic on the device. All connections to the device will be lost for 2 to 3 minutes. |
Note |
|
To reset the network administrator password by reloading the device, follow these steps:
Procedure
Step 1 |
Establish a terminal session on the console port of the active supervisor module. |
||||
Step 2 |
Reload the device to reach the loader prompt by using the reload command. You need to press Ctrl-C when the following appears:
Booting kickstart image:
|
||||
Step 3 |
Input the below command and press Enter.
|
||||
Step 4 |
Restart the device with only the kickstart image to reach the switch boot prompt.
|
||||
Step 5 |
Reset the network administrator password by following Step 8 through Step 16 described in the “Method One” section. |
Recovery from the loader> Prompt
Use the help command at the loader>
prompt to display a list of commands available at this prompt or to obtain more information about a specific command in that
list.
Before you begin
This procedure uses the init system command, which reformats the file system of the device. Be sure that you have made a backup of the configuration files before you begin this procedure.
The loader> prompt is different from the regular switch# or switch(boot)# prompt. The CLI command completion feature does not work at the loader> prompt and might result in undesired errors. You must type the command exactly as you want the command to appear.
If you boot over TFTP from the loader> prompt, you must supply the full path to the image on the remote server.
Procedure
Step 1 |
Specify the local IP address and the subnet mask for the system.
|
||
Step 2 |
Specify the IP address of the default gateway.
|
||
Step 3 |
Configure the boot process to stop at the switch(boot)# prompt.
|
||
Step 4 |
Boot the NX-OS image file from the required server. The switch(boot)# prompt indicates that you have a usable nx-os image.
|
||
Step 5 |
Enter the NX-OS system.
|
||
Step 6 |
Complete the reload of the NX-OS image file.
|
Related Documentation
You can find documentation for the Cisco NX-OS software on Cisco.com :
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html