Manually Reset the Password on a Catalyst Switch
Introduction      Requirements      Connect to the Switch      Reset the Switch Password           Reset the Password with Password Recovery Enabled           Reset the Password with Password Recovery Disabled (Catalyst 3560 only)      Next Step      Troubleshoot the Procedure      Related Information	Download PDF   Manually Reset the Password on a Catalyst Switch

Introduction

If you have lost or forgotten the password for your Catalyst switch, you cannot retrieve your original password. Instead, you must connect to the switch and create a new password.

The SMB Support Assistant Client can help you reset the password and assign new passwords on the switch. For more information on the Client, refer to Download the SMB Support Assistant Client.

If you prefer to reset your password through the command-line interface, this document describes how to reset your password manually. This document applies to Catalyst 2940, 2950, 2960, 2970, 3500, 3550, 3560, and 3750 model Catalyst switches.

Note: This document uses a Catalyst 2950 for illustration purposes. The procedure is the same on all Catalyst switches unless otherwise noted.

Back to Top

Requirements

To perform the steps described in this document, you need to have this equipment:

• Physical access to the switch

• A Windows PC with terminal-emulation software, such as HyperTerminal

• A console cable or a rolled cable with an adapter. Refer to Cable Descriptions for further information.

  

• Approximately 1 hour of network downtime

Back to Top

Connect to the Switch

You will need console access to your switch in order to reset the password. To set up console access to the switch, follow these steps:

1. Connect the RJ-45 connector of the console cable into the console port on the rear panel of the switch. Connect the DB-9 connector to the PC serial port. On your PC choose Start > Programs > Accessories > Communications > HyperTerminal to open HyperTerminal. For additional information on how to connect a terminal to the console port, refer to Create a HyperTerminal Connection.

2. Create a connection with these terminal settings.

   • Bits per second (baud): 9600

   • Data bits: 8

   • Parity: None

   • Stop bits: 1

   • Flow Control: None

   

3. Unplug the switch's power cable.

4. Hold down the Mode button on the left side of the front panel and reconnect the power cable.

   

   Review this table to determine when to release the Mode button for your switch.

   Model Number	LED Behavior
   2940, 2950	Release the Mode button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.
   2960, 2970	Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.
   3550	Release the Mode button when the LED above Port1x goes out.
   3560, 3750	Release the Mode button after approximately 15 seconds when the SYST LED turns solid green. When you release the Mode button, the SYST LED blinks green.

5. As part of the boot process, the switch displays a message that indicates whether password recovery is enabled.

   • If the switch displays a message that begins with "The system has been interrupted prior to initializing the flash filesystem," see Reset the Password with Password Recovery Enabled for instructions.

   • If the switch displays a message that begins with "The password-recovery mechanism has been triggered, but is currently disabled," refer to Reset the Password with Password Recovery Disabled for instructions.

Back to Top

Reset the Switch Password

Most switches allow you to reset the password and retain the current configuration. The Catalyst 3560 does not have password recovery enabled, so you must reconfigure the switch after you reset the password.

• Reset the Password with Password Recovery Enabled

• Reset the Password with Password Recovery Disabled (Catalyst 3560 only)

Reset the Password with Password Recovery Enabled

To reset the switch password with password recovery enabled, follow these steps:

1. As part of the boot process, the switch displays this message:

   The system has been interrupted prior to initializing the
   flash filesystem.  The following commands will initialize
   the flash filesystem, and finish loading the operating
   system software:
   
       flash_init
       load_helper
       boot

2. When the switch: prompt appears, type flash_init and press Enter.

   The switch output indicates whether or not the flash has been initialized.

   • If the flash has been initialized, you will see output similar to this example:

     switch: flash_init
     Initializing Flash...
     ...The flash is already initialized.
     switch:

   • If the flash has not been initialized, you will see output similar to this example:

     switch: flash_init
     Initializing Flash...
     flashfs[0]: 90 files, 3 directories
     flashfs[0]: 0 orphaned files, 0 orphaned directories
     flashfs[0]: Total bytes: 7741440
     flashfs[0]: Bytes used: 6514176
     flashfs[0]: Bytes available: 1227264
     flashfs[0]: flashfs fsck took 8 seconds.
     ...done initializing flash.
     
     Boot Sector Filesystem (bs:) installed, fsid: 3
     Parameter Block Filesystem (pb:) installed, fsid: 4

3. Type load_helper and press Enter to load any boot helper images.

   switch: load_helper
   switch: 

4. Type dir flash: and press Enter to view the contents of the flash file system.

   Note: The dir flash command must end with a colon (:).

   The contents of the switch file system should look similar to this example.

   switch: dir flash:
   Directory of flash:/
   
   2    -rwx  109       <date>               info
   3    -rwx  57        <date>               env_vars
   4    -rwx  1228      <date>               config.text.renamed
   5    -rwx  5         <date>               private-config.text.renamed
   82   -rwx  109       <date>               info.ver
   6    -rwx  141       <date>               a.cli
   7    -rwx  3081999   <date>               c2950-i6q4l2-mz.121-22.EA1.bin
   8    drwx  2688      <date>               html
   91   -rwx  1376      <date>               vlan.dat.renamed
   
   92   -rwx  1275      <date>               config.text
   93   -rwx  5         <date>               private-config.text
   
   1227264 bytes available (6514176 bytes used)

5. Type rename flash:config.text flash:config.old and press Enter to rename the configuration file. The configuration file contains the password.

   switch: rename flash:config.text flash:config.old
   switch: 

6. Type boot and press Enter to boot the system.

   This example shows the first few lines of the output.

   switch: boot
   Loading "flash:c2950-i6q4l2-mz.121-19.EA1.bin"...###############################
   ################################################################################
   ############################################################################
   
   File "flash:/c2950-i6q4l2-mz.121-22.EA1.bin" uncompressed and installed, entry
   point: 0x80010000
   executing...

7. If you have a 3750 switch, type y and press Enter at the autoinstall prompt.

   Would you like to terminate autoinstall? [yes]: y
   

8. When you are prompted to enter the initial configuration dialog (setup program), type n to abort. Press Enter when the switch prompt "Press Return to get started" appears.

   Would you like to enter the initial configuration dialog? [yes/no]: n
   
   Press Return to get started.
   
   switch>

9. At the switch> prompt, type enable and press Enter to enter enable mode.

   switch> enable
   switch#

10. Type rename flash:config.old flash:config.text to rename the configuration file with its original name. Press Enter in response to the confirmation prompts.

    Switch#rename flash:config.old flash:config.text
    Destination filename [config.text]?
    Switch#

11. Type copy flash:config.text run to copy the configuration file into memory. Press Enter in response to the confirmation prompts.

    Switch#copy flash:config.text run
    Destination filename [running-config]?
    1275 bytes copied in 1.048 secs (1217 bytes/sec)
    switch#

    The configuration file is now reloaded.

12. At the switch# prompt, type configure terminal and press Enter to enter configuration mode.

    switch#configure terminal
    
    Enter configuration commands, one per line.  End with CNTL/Z.
    switch#(config)

13. Type no enable secret and press Enter.

    switch#(config)#no enable secret
    

14. Type enable secret password to change the switch password (field B12 on your Internet worksheet). Press Enter.

    switch#(config)#enable secret
    password
    

15. Type exit to return to enable mode.

    switch#(config)#exit
    

16. Type write memory and press Enter to write the running configuration to the startup configuration.

    switch#write memory
    Building configuration...
    [OK]
    switch#

Reset the Password with Password Recovery Disabled (Catalyst 3560 only)

Password recovery is disabled on the Catalyst 3560, so you must reset the switch to its default configuration. You can then reconfigure the switch and set a new password. To reset the switch password with password recovery disabled, follow these steps:

Warning: This procedure will delete your current switch configuration.

1. As part of the boot process, the switch displays this message:

   The password-recovery mechanism has been triggered, but
   is currently disabled. Access to the boot loader prompt
   through the password-recovery mechanism is disallowed at
   this point.  However, if you agree to let the system be
   reset back to the default system configuration, access
   to the boot loader prompt can still be allowed.
   
   Would you like to reset the system back to the default configuration (y/n)?

   Warning: This will cause you to lose your current configuration

2. Enter y (yes) to reset the switch to the default configuration.

   This means that the configuration file in Flash memory and the VLAN database file will be deleted. When the default configuration loads, you will be able to reset the password.

   Note: If you enter n (no) the normal boot process will continue as if the Mode button had not been pressed.

3. Type load_helper and press Enter to load any boot helper images.

   switch: load_helper
   switch: 

4. Type boot and press Enter to boot the system.

   This example shows the first few lines of the output.

   The system has been interrupted, and the config file
   has been deleted.  The following command will finish
   loading the operating system software:
   
       boot
   
   switch: boot
   

5. When you are prompted to start the setup program, enter n at the prompt.

   Continue with the configuration dialog? [yes/no]: n
   

6. You have completed setting your Catalyst 3560 switch to the default configuration. Please refer to Configure a Catalyst Switch with Cisco Network Assistant for instructions on how to reconfigure the switch and create a new password.

Back to Top

Next Step

You have completed password recovery for your Catalyst switch.

To make further changes to your switch, refer to the Switch Support Page.

To configure other devices in your network, refer to the Configuration Overview Page.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

no such file or directory....Error loading
"flash:c2950-i6q4l2-mz.121-19.EA1.bin

Back to Top

Related Information

• Cable Descriptions
• Create a HyperTerminal Connection
• Configure a Catalyst Switch with Cisco Network Assistant