Document ID: 22402
Updated: Apr 10, 2006
Contents
Introduction
This document describes the password recovery procedure for the Catalyst 5500 Supervisor Route Switch Feature Card (RSFC).
Before You Begin
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Prerequisites
There are no specific prerequisites for this document.
Step-by-Step Procedure
Please follow the steps below to recover your password.
-
Attach a terminal or PC with terminal emulation to the console port of the RSFC. Use the following terminal settings:
-
9600 baud rate
-
No parity
-
8 data bits
-
1 stop bit
-
No flow control
A Supervisor with RSFC has two console ports. The console port on the left is the supervisor console port and the one on the right is the RSFC console port. Both ports are appropriately labeled on top.
Note: For additional information on cabling and connecting a terminal to the console port, refer to Connecting a Terminal to the Console Port on Catalyst Switches.
-
-
If you still have access to the router, issue the show version command and record the setting of the configuration register, which is usually 0x2102 or 0x102.
RSFC>show version Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 12-Jan-00 19:20 by integ Image text-base: 0x60009900, data-base: 0x60CF0000 ROM: System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Router uptime is 4 hours, 11 minutes System restarted by power-on Running default software cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory. Processor board ID 15934105 R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 123K bytes of non-volatile configuration memory. 4096K bytes of packet SRAM memory. 32768K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102
-
If you don't have access to the router (because of a lost login or TACACS password), you can safely consider that your configuration register is set to 0x2102.
-
Move the console cable to the supervisor console port
-
Issue the show module command once in the enable mode on the supervisor to determine which slot the RSFC card on. The RSFC module will be in slot 15 or 16.
Switch (enable) show module Mod Slot Ports Module-Type Model Status --- ---- ----- ------------------------- ------------------- -------- 1 1 2 1000BaseX Supervisor IIIG WS-X5550 ok 15 1 1 Route Switch Feature Card WS-F5541 ok 4 4 2 MM OC-3 Dual-Phy ATM WS-X5158 ok 8 8 24 10/100BaseTX Ethernet WS-X5224 ok 10 10 12 100BaseTX Ethernet WS-X5113 ok 13 13 ASP/SRP Mod Module-Name Serial-Num --- ------------------- -------------------- 1 00022123313 15 15934105 4 00017991354 8 00010911529 10 00002203857 Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------- 1 00-50-53-7e-10-00 to 00-50-53-7e-13-ff 1.2 5.1(1) 5.2(4) 15 00-30-f2-c9-57-00 to 00-30-f2-c9-57-3f 1.0 12.0(7)W5( 12.0(7)W5(16) 4 00-10-7b-42-ef-73 2.4 1.3 12.0(16)W5(21) 8 00-10-7b-e9-fd-e0 to 00-10-7b-e9-fd-f7 1.4 3.1(1) 5.2(4) 10 00-40-0b-d5-0e-10 to 00-40-0b-d5-0e-1b 1.4 1.2 5.2(4)
-
Reset the RSFC module you want to do password recovery on. Issue the reset <mod> command to do this.
Switch(enable) reset 15 cs-c5500-11a (enable) RSFC (mod 15, slot 1) is being reset RSFC (mod 15, slot 1) present
-
Move the console cable to the RSFC console.
-
Issue the break sequence on the terminal keyboard within the first few seconds of the power-up to put the RSFC into ROM monitor (ROMmon) mode. If the break sequence doesn't work, refer to Possible Key Combinations for Break Sequence During Password Recovery for other key combinations.
The RSFC will boot to a rommon> prompt.
System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat5k-RSFC platform with 131072 Kbytes of main memory !--- A break-sequence has been sent here. monitor: command "boot" aborted due to user interrupt rommon 1 >
-
Issue the set command at the rommon> prompt to show the current boot variable settings.
rommon 1 > set PS1=rommon ! > BOOT=bootflash:c5rsfc-js-mz_120-7_W5_16.bin,1; ?=0
-
Issue the dir bootflash: command at the rommon> prompt to display the files present in the bootflash device. Verify that the BOOT variable matches the image filename you want the RSFC to execute.
rommon 2 > dir bootflash: File size Checksum File name 5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc-js-mz_120-7_W5_16.bin -
Type confreg 0x2142 at the rommon> prompt to configure the RSFC to boot without its configuration.
rommon 2 > confreg 0x2142 You must reset or power cycle for new config to take effect.
-
At this point, the RSFC needs to be reset with the new configuration register. If your boot string matched the file name in Step 10, proceed to Step 16. If not, continue on to Step 13.
Type reset at the rommon> prompt.
rommon 3 > reset
-
Issue the break sequence again to break into ROMmon mode.
System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat5k-RSFC platform with 131072 Kbytes of main memory !--- A break-sequence has been sent here. monitor: command "boot" aborted due to user interrupt rommon 1 >
-
Display the current software in bootflash by issuing the dir bootflash: command and record the valid software image filename you intend to use.
rommon 1 > dir bootflash: File size Checksum File name 5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc-js-mz_120-7_W5_16.bin -
Boot the system with the boot bootflash:<IMAGE filename> command.
rommon 2 > boot bootflash:c5rsfc-js-mz_120-7_W5_16.bin
-
After the system boots, answer No to all the set-up questions or press Ctrl-C to skip the initial set-up procedure.
Self decompressing the image : ###################################################################### ##############################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 12-Jan-00 19:20 by integ Image text-base: 0x60009900, data-base: 0x60CF0000 cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory. Processor board ID 15934105 R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 123K bytes of non-volatile configuration memory. 4096K bytes of packet SRAM memory. 32768K bytes of Flash internal SIMM (Sector size 256K). --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: !--- Ctrl-C pressed. Press RETURN to get started! 00:00:19: %LINK-3-UPDOWN: Interface IBC0, changed state to up 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface IBC0, changed state to up 00:01:40: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 12-Jan-00 19:20 by integ Router> -
Issue the enable command at the Router> prompt. This will put you in enable mode and you will see the Router# prompt.
Router> Router>enable
-
Issue the config mem or copy startup-config running-config command to copy the Nonvolatile RAM (NVRAM) into memory.
This is a crucial step. DO NOT save the configuration (do not use write mem or copy running-config startup-config) Router#copy startup-config running-config Destination filename [running-config]? 729 bytes copied in 0.168 secs
-
Issue the write terminal or show running-config commands.
At this point, you should see the full configuration with the unknown enable password or enable secret.
-
Issue the configure terminal command to make the necessary changes. The prompt is now hostname(config)# .
RSFC#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RSFC(config)#
-
Issue the enable secret <PASSWORD>. Replace <PASSWORD> with your new password.
RSFC(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.]
-
Type config-register 0x2102 to change the RSFC to boot using the configuration with the new password.
RSFC(config)#config-register 0x2102
-
Press Ctrl-Z to leave the configuration mode. The prompt is now hostname# .
RSFC(config)#^Z RSFC# 00:02:45: %SYS-5-CONFIG_I: Configured from console by console
-
Issue the show ip interface brief command to make sure that the interfaces that were in use earlier are showing up/up status. If any of the interfaces that were in use before the password recovery show down/down, issue the no shutdown inteface configuration command on that particular interface to bring it up
RSFC#show ip interface brief Interface IP-Address OK? Method Status Protocol IBC0 unassigned YES unset up up Vlan1 10.1.1.1 YES TFTP administratively down down Vlan2 20.1.1.1 YES TFTP administratively down down RSFC#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RSFC(config)#interface vlan 1 RSFC(config-if)#no shutdown
-
Press Ctrl-Z to leave the configuration mode. The prompt is now hostname# .
RSFC(config-if)#^Z RSFC# 00:03:03: %LINK-3-UPDOWN: Interface Vlan1, changed state to up 00:03:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up 00:03:14: %SYS-5-CONFIG_I: Configured from console by console
-
Issue the write memory or copy running-config startup-config commands to commit the changes.
RSFC#write memory Building configuration... [OK]
-
At this point, the password has been changed. Move the console cable back to supervisor console port to get back to supervisor if needed.
Example of a Password Recovery on the Catalyst 5500 RSFC Module
!--- Console cable is initially in RSFC console port.
RSFC>show version
Cisco Internetwork Operating System Software
IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 12-Jan-00 19:20 by integ
Image text-base: 0x60009900, data-base: 0x60CF0000
ROM: System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE
Router uptime is 4 hours, 11 minutes
System restarted by power-on
Running default software
cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory.
Processor board ID 15934105
R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Virtual Ethernet/IEEE 802.3 interface(s)
123K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
32768K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
!--- Console cable is moved back to supervisor console from RSFC console port.
Switch (enable) show module
Mod Slot Ports Module-Type Model Status
--- ---- ----- ------------------------- ------------------- --------
1 1 2 1000BaseX Supervisor IIIG WS-X5550 ok
15 1 1 Route Switch Feature Card WS-F5541 ok
4 4 2 MM OC-3 Dual-Phy ATM WS-X5158 ok
8 8 24 10/100BaseTX Ethernet WS-X5224 ok
10 10 12 100BaseTX Ethernet WS-X5113 ok
13 13 ASP/SRP
Mod Module-Name Serial-Num
--- ------------------- --------------------
1 00022123313
15 15934105
4 00017991354
8 00010911529
10 00002203857
Mod MAC-Address(es) Hw Fw Sw
--- -------------------------------------- ------ ---------- -----------------
1 00-50-53-7e-10-00 to 00-50-53-7e-13-ff 1.2 5.1(1) 5.2(4)
15 00-30-f2-c9-57-00 to 00-30-f2-c9-57-3f 1.0 12.0(7)W5( 12.0(7)W5(16)
4 00-10-7b-42-ef-73 2.4 1.3 12.0(16)W5(21)
8 00-10-7b-e9-fd-e0 to 00-10-7b-e9-fd-f7 1.4 3.1(1) 5.2(4)
10 00-40-0b-d5-0e-10 to 00-40-0b-d5-0e-1b 1.4 1.2 5.2(4)
cs-c5500-11a (enable) reset 15
Switch(enable) reset 15
cs-c5500-11a (enable) RSFC (mod 15, slot 1) is being reset
RSFC (mod 15, slot 1) present
!--- Console cable is moved from switch console port to the RSFC console port.
System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE
Copyright (c) 1998 by cisco Systems, Inc.
Cat5k-RSFC platform with 131072 Kbytes of main memory
!--- A break-sequence has been sent here.
monitor: command "boot" aborted due to user interrupt
rommon 1 >
rommon 1 > set
PS1=rommon ! >
BOOT=bootflash:c5rsfc-js-mz_120-7_W5_16.bin,1;
?=0
rommon 2 > dir bootflash:
File size Checksum File name
5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc-js-mz_120-7_W5_16.bin
rommon 3 > confreg 0x2142
You must reset or power cycle for new config to take effect.
rommon 4 > reset
System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE
Copyright (c) 1998 by cisco Systems, Inc.
Cat5k-RSFC platform with 131072 Kbytes of main memory
!--- A break-sequence has been sent here.
rommon 1 > dir bootflash:
File size Checksum File name
5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc-js-mz_120-7_W5_16.bin
rommon 2 > boot bootflash:c5rsfc-js-mz_120-7_W5_16.bin
Self decompressing the image : ########################################################################
############################]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 12-Jan-00 19:20 by integ
Image text-base: 0x60009900, data-base: 0x60CF0000
cisco Cat5k-RSFC (R5000) processor with 122880K/8192K bytes of memory.
Processor board ID 15934105
R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Virtual Ethernet/IEEE 802.3 interface(s)
123K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
32768K bytes of Flash internal SIMM (Sector size 256K).
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
!--- Ctrl-C pressed.
Press RETURN to get started!
00:00:19: %LINK-3-UPDOWN: Interface IBC0, changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface IBC0, changed state to up
00:01:40: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) RSFC Software (C5RSFC-JS-M), Version 12.0(7)W5(16) RELEASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 12-Jan-00 19:20 by integ
Router>
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
729 bytes copied in 0.168 secs
RSFC#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RSFC(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.]
RSFC(config)#config-register 0x2102
RSFC(config)#^Z
RSFC#
00:02:45: %SYS-5-CONFIG_I: Configured from console by console
RSFC#show ip interface brief
Interface IP-Address OK? Method Status Protocol
IBC0 unassigned YES unset up up
Vlan1 10.1.1.1 YES TFTP administratively down down
Vlan2 20.1.1.1 YES TFTP administratively down down
RSFC#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RSFC(config)#interface vlan 1
RSFC(config-if)#no shutdown
RSFC(config-if)#^Z
RSFC#
00:03:03: %LINK-3-UPDOWN: Interface Vlan1, changed state to up
00:03:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
00:03:14: %SYS-5-CONFIG_I: Configured from console by console
RSFC#write memory
Building configuration...
[OK]
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.