Password Recovery for the Catalyst 4000 Supervisor III/IV Module
Contents
Introduction
Step-by-Step Procedure
Sample Output/Example Procedure
This document describes how to recover a lost or unknown password on
a Catalyst 4000 Switch with a Supervisor III (WS-X4014=) or Supervisor
IV (WS-X4515=) Module.
To recover your password, follow the steps below:
Note: Make sure that you have physical access to the switch
and that you are using console access to the Supervisor module while performing
the following steps.
-
Power cycle the device (turn it off, then back on) and Type control-C
(Ctl^C) within five (5) seconds to prevent autobooting. This puts
you in ROM Monitor Prompt mode.
!--- Switch being power cycled.
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe
IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 MBytes
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
!--- At this point Hit Ctl^C.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
!--- Module ended in the rommon.
rommon 1 > [interrupt]
-
Enter the confreg command at the rommon and make the
following selections for password recovery:
rommon 1 >confreg
Configuration Summary :
=> load ROM after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
-
Type reset so that the module reboots. Due to the changes
made in the previous step, the module reboots but ignores its saved
configuration.
rommon 2 >reset
Resetting .......
rommon 3 >
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
(... Output Suppressed)
Press RETURN to get started!
!--- Hit Return.
00:00:21: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch
is undergoing a cold start
Switch>
-
At this point, make sure that the configuration register value is
0x2142, which will make the module boot from Flash without
loading the saved configuration. Go to the enable mode by typing enable
at the Switch prompt, and then use the show version
command to check the configuration register value.
Switch>enable
Switch#show version
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, data-base: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of non-volatile configuration memory.
Configuration register is 0x2142
Switch#
-
Use the configure memory or copy startup-config running-config
command to copy the nonvolatile RAM (NVRAM) into memory. Do not type
configure terminal, or you will see the default configuration
on the module.
Switch#configure memory
Uncompressed configuration from 1307 bytes to 3014 bytes
Switch#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#
-
Use the show ip interface brief command to make sure that
the interfaces that were in use earlier are showing "up up"
status. If any of the interfaces that were in use before the password
recovery show "down," use the no shutdown command on that particular
interface to bring it up.
-
Use the write terminal or show running-config command
to display the saved configuration on the module.
c-4006-SUPIII#show running-config
Building configuration...
Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
(... Output Suppressed)
line con 0
stopbits 1
line vty 0 4
login
!
end
c-4006-SUPIII#
-
Now you are ready to change the password on the module. Use the following
commands to change the password:
c-4006-SUPIII#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret
!--- The above step is necessary if the switch had an enable
!--- secret password.
c-4006-SUPIII(config)#enable secret Cisco
!--- Setting the new password.
-
Make sure you change the configuration register value back to 0x2102.
Use the following steps at the config prompt to change and
verify the configuration register value.
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)#^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write mem
!--- Saving the configuration.
Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
!--- Verifying the value change.
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142 (will be 0x2102 at next reload)
c-4006-SUPIII#
At this point, the password has been changed.
The sample output shown here is the result of the password recovery procedure
on a Catalyst 4000 Supervisor III.
c-4006-SUPIII>enable
Password:
Password:
Password:
% Bad secrets
!--- Switch being power cycled.
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe
IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 Mbytes
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
!--- At this point, hit Ctrl^C.
Autoboot cancelled......... please wait!!!
Autoboot cancelled......... please wait!!!
rommon 1 > [interrupt]
rommon 1 > [interrupt]
rommon 1 >confreg
Configuration Summary :
=> load ROM after netboot fails
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]: n
disable "load ROM after netboot fails"? y/n [n]: n
enable "use all zero broadcast"? y/n [n]: n
enable "break/abort has effect"? y/n [n]: n
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: n
change the boot characteristics? y/n [n]: n
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
rommon 2 >reset
Resetting .......
rommon 3 >
**********************************************************
* *
* Welcome to ROM Monitor for WS-X4014 System. *
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc. *
* All rights reserved. *
* *
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address : 00-02-b9-83-af-fe
IP Address : 172.16.84.122
Netmask : 255.255.255.0
Gateway : 172.16.84.1
TftpServer : Not set.
Main Memory : 256 Mbytes
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
. . . . .
******** The system will autoboot now ********
config-register = 0x2142
Autobooting using BOOT variable specified file.....
Current BOOT file is --- bootflash:
Rommon reg: 0x2B004180
Decompressing the image : ###########################
#####################################################
####################################### [OK]
k2diags version 1.6
prod: WS-X4014 part: 73-6854-07 serial: JAB0546060Z
Power-on-self-test for Module 1: WS-X4014
Status: (. = Pass, F = Fail)
Traffic using serdes loopback (L2; one port at a time)...
switch port 0: . switch port 1: . switch port 2: .
switch port 3: . switch port 4: . switch port 5: .
switch port 6: . switch port 7: . switch port 8: .
(...Output Suppressed)
Module 1 Passed
Exiting to ios...
Rommon reg: 0x2B000180
Decompressing the image : ##########################
(...Output Suppressed)
######################################################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Press RETURN to get started!
00:00:21: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
00:00:21: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
Switch>enable
Switch#show ver
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
Switch uptime is 5 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142
Switch#
Switch#configure memory
Uncompressed configuration from 1307 bytes to 3014 bytes
c-4006-SUPIII#
00:13:52: %SYS-5-CONFIG_I: Configured from memory by console
c-4006-SUPIII#show running-config
Building configuration...
Current configuration : 3014 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!
vlan 20
private-vlan primary
!
vlan 100
!
vlan 202
private-vlan association 440
!
vlan 440
private-vlan isolated
!
vlan 500
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
!
!
interface GigabitEthernet1/1
no switchport
ip address 10.1.1.1 255.255.255.0
ip pim dense-mode
!
interface GigabitEthernet1/2
no switchport
ip address 20.1.1.1 255.255.255.0
!
(...Output Suppressed)
!
interface Vlan1
ip address 172.16.84.140 255.255.255.0
ip pim dense-mode
!
interface Vlan2
no ip address
shutdown
!
interface Vlan20
no ip address
shutdown
!
(...Output Suppressed)
!
line con 0
stopbits 1
line vty 0 4
login
!
end
c-4006-SUPIII#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
c-4006-SUPIII(config)#no enable secret
!--- The above step is necessary, if the switch had
!--- an enable secret password.
c-4006-SUPIII(config)#enable secret Cisco
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)#^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write mem
Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7) with 262144K bytes of memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
Configuration register is 0x2142 (will be 0x2102 at next reload)
c-4006-SUPIII#
|
