Password Recovery for the Cisco Virtual Security Gateway

This document describes how to recover a lost network administrator password for the Cisco VSG.

Creating a New Network Administrator Password

This section describes how to recover a lost password. This section includes the following topics:

Flow Chart: Password Recovery with a Single Cisco VSG

The following flow chart (see Figure 2-1) is designed to guide you through the password recovery process for a Cisco VSG that is not in high availability mode. After completing each procedure, return to the flow chart to make sure that you complete all required procedures in the correct sequence.

Figure 2-1 Password Recovery with a Single Cisco VSG

 

 

Flow Chart: Password Recovery with Dual Cisco VSGs

The following flow chart (see Figure 2-2) is designed to guide you through the password recovery process for Cisco VSGs that are in high availability mode. After completing each procedure, return to the flow chart to make sure you that complete all required procedures in the correct sequence.

Figure 2-2 Password Recovery with Dual Cisco VSGs

 

 

Verifying User Privileges

You can verify that your username has network admin privileges that let you create a new password.

BEFORE YOU BEGIN

Before beginning this procedure, log in to the CLI in EXEC mode.

DETAILED STEPS

 

Command
Purpose

Step 1

show user-account

 

Example:

vsg# show user-account
user:admin
this user account has no expiry date
roles:network-admin
user:adminbackup
this user account has no expiry date
roles:network-operator
user:test
this user account has no expiry date
roles:network-operator

vsg#

Displays usernames and their roles.

Only users with the network-admin role can change the network administrator password.

Creating a Password When You Have Network-Admin Privileges

You can create a network administrator password when you have network-admin privileges.

BEFORE YOU BEGIN

Before beginning this procedure, make sure that:

  • You are logged in to the CLI in EXEC mode.
  • Your username has network-admin privileges. To verify your privileges, see Verifying User Privileges.

SUMMARY STEPS

1. config t

2. username admin password new password

3. exit

4. copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

config t

 

Example:

vsg# config t

vsg(config)#

Places you into CLI global configuration mode.

Step 2

username admin password <new password>

 

Example:

vsg(config)# username admin password <new password>

Changes the network admin password in the running configuration.

Step 3

exit

 

Example:

vsg(config)# exit

vsg#

Exits global configuration mode and returns you to EXEC mode.

Step 4

copy running-config startup-config

 

Example:

vsg# copy running-config startup-config

Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Creating a New Password By Booting from the CD-ROM on the Active Cisco VSG

You can create a new password if you cannot start a session on the device with a username that has network-admin privileges. In this case, you must create the network administrator password by booting the Cisco Virtual Security Gateway from the CD-ROM.

BEFORE YOU BEGIN

Before beginning this procedure, make sure that the VM is booting from the CD-ROM. For more information, see your VMware documentation.

Caution This procedure disrupts all traffic on the device. All connections to the device will be lost for 2 to 3 minutes.

Step 1 Power off the Cisco VSG.

Step 2 Open the Cisco VSG console and map the.iso file.

Step 3 In the Edit Settings for the VSG window, under hardware, choose CD/DVD drive and check the connect at power on check box.

Step 4 Under the Options tab, choose Boot Options and check the Force BIOS Setup check box.

Step 5 Power on the VM and change the boot order to boot from the CD-ROM. Press F10 to save and exit.

Step 6 Choose Install Cisco VSG and go to vsh shell.

 

Note It might take up to 5 minutes for the VM to power on.

Step 7 Create a new password:

switch(boot)# config terminal
switch(boot-config)# admin-password new_password
switch(boot-config)# exit
 

Step 8 Load the Cisco VSG image.

In the following example, the image filename is nexus-1000v.5.2.1.VSG2.1.2c.bin :

switch(boot)# load bootflash:nexus-1000v.5.2.1.VSG2.1.2c.bin
Uncompressing system image: bootflash:/nexus-1000v.5.2.1.VSG2.1.2c.bin
 
Load plugins that defined in image conf: /isan/plugin_img/img.conf
Loading plugin 0: core_plugin...
 
User Access verification

switch login:

Step 9 Use the new administrator password to log in to the Cisco VSG CLI:

User Access Verification
vsg login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
Copyright (c) 2002-2015, Cisco Systems, Inc. All rights reserved.
TAC support: http://www.cisco.com/tac
Copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at
http:/www.opensource.org/licenses/gpl-2.0.php and
http:/www.opensource.org/licenses/lgpl-2.1.php
vsg#
 

Step 10 Save the running configuration to the startup configuration so that the new password persists across reboots and restarts:

vsg# copy running-config startup-config
[#######################################] 100%
vsg#
 

Step 11 Using your VMware documentation, restore the VM boot settings so that it boots from the hard disk.

You have completed this procedure and restored the admin user password. If needed, you can create a new password. See Creating a Password When You Have Network-Admin Privileges.