Cisco Catalyst 6000 Series Switches

Document ID: 14982

Contents

Introduction
Before You Begin
      Conventions
      Prerequisites
Step-by-Step Procedure
      Example of a Password Recovery on the Catalyst 6000 MSFC Module
Related Information

Introduction

This document describes the password recovery procedure for the Catalyst 6000 Multilayer Switch Feature Card (MSFC). This procedure applies to both the MSFC1 and MSFC2.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Step-by-Step Procedure

To recover your password, follow the steps below:

1. Attach a terminal or PC with terminal emulation to the console port of the switch. Use the following terminal setting:

   • 9600 baud rate

   • No parity

   • 8 data bits

   • 1 stop bit

   • No flow control

   Note: For additional information on cabling and connecting a terminal to the console port, refer to Connecting a Terminal to the Console Port on Catalyst Switches.

2. Type the show module command to determine which slot the MSFC card is in.

   The MSFC module will be in slot 15 or 16.

   The MSFC is a daughter card that is installed on the supervisor engine. Slots 15 and 16 are logical slot numbers for the MSFCs, which are installed on the supervisors in Slot 1and 2 respectively.

   Note: If you are running in redundant mode the MSFC, which needs a password recovery, must be the active supervisor engine.

3. Reset the MSFC module you want to do password recovery on.

   Use the reset mod command to do this.

4. Wait five seconds and then connect to the MSFC console using the switch console command.

5. After seeing the message "Connected to Router", issue a break sequence.

   The break key is a unique sequence that will break the MSFC into rommon mode. If this does not work, refer to the break sequence page.

   The MSFC will boot up in ROMmon mode with a rommon> prompt.

6. Type confreg 0x42 at the rommon> prompt to configure the MSFC to boot without its configuration.

7. Type the reset command to reset the device to boot with the new configuration register value.

8. After the system boots, answer "No" to the set-up question: "Would you like to enter the initial configuration dialog?" or press Ctrl-C to skip the initial set-up procedure.

9. Type enable at the Router> prompt. This will put you in enable mode and you will see the Router# prompt.

10. Type config mem or copy startup-config running-config to copy the nonvolatile RAM (NVRAM) into memory.

    This is a crucial step. DO NOT save the configuration (do not use write mem or copy running-config startup-config).

11. Type write terminal or show running-config.

    At this point, you should see the full configuration with the unknown enable password or enable secret. All other interfaces are shut down.

12. Type configure terminal to make the necessary changes.

    The prompt is now hostname(config)#.

13. Type enable secret password . Replace password with your new password.

14. Use the show ip interface brief command to make sure that the interfaces that were in use earlier are showing "up/up" status. If any of the interfaces that were in use before the password recovery show "down/down", use the no shutdown command on that particular interface to bring it up.

15. Type config-register 0x2102.

16. Press Ctrl-Z to leave the configuration mode. The prompt is now hostname#.

17. Type write memory or copy running-config startup-config to commit the changes.

18. Type show version and check for the following line - Configuration register is 0x42 (will be 0x2102 at next reload).

19. Type reload, so that the config-register value will be changed from 0x42 to 0x2102 after the next reboot.

20. Type "^C^C^C" or "exit" to return to the switch console.

Example of a Password Recovery on the Catalyst 6000 MSFC Module

switch (enable) show module
Mod Slot Ports Module-Type               Model               Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1   1    2     1000BaseX Supervisor      WS-X6K-SUP2-2GE     yes ok
15  1    1     Multilayer Switch Feature WS-F6K-MSFC2        no  ok
2   2    2     1000BaseX Supervisor      WS-X6K-SUP2-2GE     yes standby
16  2    1     Multilayer Switch Feature WS-F6K-MSFC2        no  ok
4   4    48    10/100BaseTX Ethernet     WS-X6348-RJ-45      yes ok

Mod Module-Name          Serial-Num
--- -------------------- -----------
1                        SAL06152FX9
15                       SAL06152DGG
2                        SAL06152HSY
16                       SAL06121CNL
4                        SAL0618026C

Mod MAC-Address(es)                        Hw     Fw         Sw
--- -------------------------------------- ------ ---------- -----------------
1   00-09-11-e0-40-c6 to 00-09-11-e0-40-c7 3.7    7.1(1)     6.3(8)
    00-09-11-e0-40-c4 to 00-09-11-e0-40-c5
    00-09-e9-19-94-80 to 00-09-e9-19-98-7f
15  00-09-11-e9-81-00 to 00-09-11-e9-81-3f 2.3    12.1(13)E6 12.1(13)E6
2   00-05-74-85-aa-0a to 00-05-74-85-aa-0b 3.7    7.1(1)     6.4(2)
    00-05-74-85-aa-08 to 00-05-74-85-aa-09
16  00-09-11-e8-da-00 to 00-09-11-e8-da-3f 2.3    12.1(11b)E 12.1(11b)E
4   00-09-11-b9-10-18 to 00-09-11-b9-10-47 6.1    5.4(2)     6.3(8)

Mod Sub-Type                Sub-Model           Sub-Serial  Sub-Hw
--- ----------------------- ------------------- ----------- ------
1   L3 Switching Engine II  WS-F6K-PFC2         SAL0607JD6K 3.2
2   L3 Switching Engine II  WS-F6K-PFC2         SAL06152HN7 3.2
4   Inline Power Module     WS-F6K-VPWR                     1.0

switch(enable) reset 15
This command will reset module 15.
Unsaved configuration on module 15 will be lost
Do you want to continue (y/n) [n]? y
2003 May 22 04:00:22 %SYS-5-MOD_RESET:Module 15 reset from Console//
Resetting module 15...


Type the switch console command immedialetly after the reset of the module, 
and send the break-sequence else the MSFC card will load the Cisco IOS.


switch(enable) switch console 
Trying Router-15...
Connected to Router-15.
Type ^C^C^C to switch back...


The break-sequence has been sent after the 'Connected to Router' was received.


(A break-sequence has been sent here) 

monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x42

You must reset or power cycle for new config to take effect
rommon 2 > reset

System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2002 by cisco Systems, Inc.
Cat6k-MSFC2 platform with 131072 Kbytes of main memory

Self decompressing the image : #################################################
################################################################################
############ [OK]
.
.
.
.

!--- Output suppressed.

.
.
Cisco Internetwork Operating System Software
IOS (tm) MSFC2 Software (C6MSFC2-PSV-M), Version 12.1(13)E6, EARLY DEPLOYMENT RE
LEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 17-Apr-03 19:46 by hqluong
Image text-base: 0x40008C00, data-base: 0x4187E000

cisco Cat6k-MSFC2 (R7000) processor with 114688K/16384K bytes of memory.
Processor board ID SAL06152DGG
R7000 CPU at 300Mhz, Implementation 39, Rev 3.3, 256KB L2, 1024KB L3 Cache
Last reset from power-on
X.25 software, Version 3.0.0.
Bridging software.
509K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K).

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:


!--- Ctrl-C pressed to exit the configuration dialog.


Press RETURN to get started!

00:00:02: RP: Currently running ROMMON from S (Gold) region
00:00:44: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) MSFC2 Software (C6MSFC2-PSV-M), Version 12.1(13)E6, 
EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 17-Apr-03 19:46 by hqluong
00:00:48: %SCP-5-ONLINE: Module online

Router>enable
Router#copy startup-config running-config
Destination filename [running-config]? 
1153 bytes copied in 0.236 secs

msfc-switch#show running-config
Building configuration...

Current configuration : 710 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname msfc-switch
!
boot system flash bootflash:c6msfc2-psv-mz.121-13.E6
boot bootldr bootflash:c6msfc2-boot-mz.121-13.E6
enable secret 5 $1$UraZ$G2YWa6wfanycnX.n8U0xM/


!--- Output suppressed.


msfc-switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z. 
msfc-switch(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.]
msfc-switch(config)#config-register 0x2102
msfc-switch(config)#^Z
msfc-switch#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
EOBC0/6                    127.0.0.12      YES unset  up                    up      
Vlan10                     10.1.1.2        YES TFTP   administratively down down    
Vlan20                     10.1.2.2        YES TFTP   administratively down down    
Vlan30                     10.1.3.2        YES TFTP   administratively down down    
Vlan40                     10.1.4.2        YES TFTP   administratively down down    
Vlan50                     10.1.5.2        YES TFTP   administratively down down    
msfc-switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
msfc-switch(config)#interface vlan10
msfc-switch(config-if)#no shutdown
msfc-switch(config-if)#^Z
00:02:16: %SYS-5-CONFIG_I: Configured from console by console
msfc-switch#write memory
Building configuration...
[OK]
msfc-switch#show version
Cisco Internetwork Operating System Software 
IOS (tm) MSFC2 Software (C6MSFC2-PSV-M), Version 12.1(13)E6, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 17-Apr-03 19:46 by hqluong
Image text-base: 0x40008C00, data-base: 0x4187E000

ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1)
BOOTLDR: MSFC2 Software (C6MSFC2-PSV-M), Version 12.1(13)E6, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Cat6KMSFC2 uptime is 45 minutes
System returned to ROM by power-on
System image file is "bootflash:c6msfc2-psv-mz.121-13.E6"

cisco Cat6k-MSFC2 (R7000) processor with 114688K/16384K bytes of memory.
Processor board ID SAL06152DGG
R7000 CPU at 300Mhz, Implementation 39, Rev 3.3, 256KB L2, 1024KB L3 Cache
Last reset from power-on
X.25 software, Version 3.0.0.
Bridging software.
3 Virtual Ethernet/IEEE 802.3  interface(s)
509K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x42 (will be 0x2102 at next reload)

msfc-switch#reload 

Related Information

• Password Recovery Procedure for Catalyst 6000 Series Switches Running Cisco IOS
• Password Recovery Procedure for the Catalyst 6000 LANE Module
• Support page - Catalyst 6000 Series Switches
• Technical Support - Cisco Systems