Password Recovery Procedure For Catalyst 4500
Password Recovery Procedure For Catalyst 4500
II+/II+TS/II+10GE/III/IV/V/V 10GE Module and Catalyst 4900 Switches that Run Cisco
IOS Software
Contents
Introduction
Prerequisites
Requirements
Conventions
Step-by-Step
Procedure
Sample
Output/Example
Procedure
Cisco Support Community - Featured Conversations
Related Information
Introduction
This document describes how to recover a lost or unknown password on a Catalyst 4500/4000 switch with a Supervisor
Engine II-Plus (WS-X4013+), Supervisor Engine II-Plus-TS (WS-X4013+TS), Supervisor Engine II-Plus-10GE (WSX4013+10GE), Supervisor Engine III (WS-X4014), Supervisor Engine IV (WS-X4515), Supervisor Engine V (WS-X4516),
Supervisor Engine V-10GE (WS-X4516-10GE) module, Cisco Catalyst 4948, Cisco Catalyst 4948 10GE, and Cisco Catalyst
4900M switches.
Note: In Catalyst 4500/4000 Series Switches, Supervisor Engines II+, II+10GE, II+TS, III, IV, V, and V-10GE support only
Cisco IOS Software and Supervisor Engines I and II support only the Catalyst OS Software. In order to recover the
password on the Supervisor Engines I or II, refer to Password Recovery Procedure for the Catalyst 1200, 1400, 2901, 2902,
2926T/F, 2926GS/L, 2948G, 2980G, 4000, 5000, 5500, 6000, 6500 Running CatOS.
Prerequisites
Requirements
There are no specific requirements for this document.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Step-by-Step Procedure
Complete these steps to recover your password:
Note: Make sure that you have physical access to the switch and that you use console access to the Supervisor Engine
module while you perform these steps. For details on the switch console connection, refer to Connecting a Modem to the
Console Port on Catalyst Switches.
Tip: Configuration of the switch is not lost if the procedure is followed as mentioned. As a best practice, Cisco recommends
that you have a backup copy of the configuration of all Cisco devices at the TFTP server or a Network Management server.
1. Power cycle the device.
In order to power cycle, turn the device off, then back on.
Press Ctrl-C within 5 seconds to prevent autoboot. This action puts you in ROM monitor (ROMmon) prompt
mode.
:
:
:
:
:
:
00-02-b9-83-af-fe
172.16.84.122
255.255.255.0
172.16.84.1
Not set.
256 MBytes
[n]:
n
[n]:
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
with
262144K
bytes
of
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50. Make sure that you change the configuration register value back to 0x2102.
Complete these steps at the config prompt to change and verify the configuration register value.
c-4006-SUPIII(config)#config-register 0x2102
c-4006-SUPIII(config)# ^Z
c-4006-SUPIII#
00:19:01: %SYS-5-CONFIG_I: Configured from console by console
c-4006-SUPIII#write memory
!--- This step saves the configuration.
Building configuration...
Compressed configuration from 3061 bytes to 1365 bytes[OK]
c-4006-SUPIII#show version
!--- This step verifies the value change.
Cisco Internetwork Operating System Software
IOS (TM) Catalyst 4000 L3 Switch Software (cat4000-IS-M),
Version 12.1(8a)EW, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 24-Jan-02 17:34 by ccai
Image text-base: 0x00000000, database: 0x00AA2B8C
ROM: 12.1(10r)EY(1.21)
c-4006-SUPIII uptime is 20 minutes
System returned to ROM by reload
Running default software
cisco WS-C4006 (MPC8245) processor (revision 7)
memory.
Processor board ID FOX04183666
Last reset from Reload
32 Gigabit Ethernet/IEEE 802.3 interface(s)
467K bytes of nonvolatile configuration memory.
with
262144K
bytes
of
**********************************************************
*
*
* Welcome to ROM Monitor for WS-X4014 System.
*
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.
*
* All rights reserved.
*
*
*
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address
IP Address
Netmask
Gateway
TftpServer
Main Memory
:
:
:
:
:
:
00-02-b9-83-af-fe
172.16.84.122
255.255.255.0
172.16.84.1
Not set.
256 Mbytes
Configuration Summary :
=> load ROM after netboot fails
=> ignore system config info
=> console baud: 9600
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
rommon 2 > reset
Resetting .......
rommon 3 >
**********************************************************
*
*
* Welcome to ROM Monitor for WS-X4014 System.
*
* Copyright (c) 1999-2000, 2001 by Cisco Systems, Inc.
*
* All rights reserved.
*
*
*
**********************************************************
ROM Monitor Program Version 12.1(10r)EY(1.21)
Board type 1, Board revision 7
Swamp FPGA revision 16, Dagobah FPGA revision 43
Timer interrupt test passed.
MAC Address
IP Address
Netmask
Gateway
TftpServer
Main Memory
:
:
:
:
:
:
00-02-b9-83-af-fe
172.16.84.122
255.255.255.0
172.16.84.1
Not set.
256 Mbytes
part: 73-6854-07
serial: JAB0546060Z
WS-X4014
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname c-4006-SUPIII
!
boot system flash bootflash:
!
vtp mode transparent
!
vlan 20
private-vlan primary
!
vlan 100
!
vlan 202
private-vlan association 440
!
vlan 440
private-vlan isolated
!
vlan 500
ip subnet-zero
no ip domain-lookup
!
ip multicast-routing
!
!
interface GigabitEthernet1/1
no switchport
ip address 10.1.1.1 255.255.255.0
ip pim dense-mode
!
interface GigabitEthernet1/2
no switchport
ip address 20.1.1.1 255.255.255.0
!
!--- Output suppressed.
!
interface Vlan1
ip address 172.16.84.140 255.255.255.0
ip pim dense-mode
!
interface Vlan2
no ip address
shutdown
!
interface Vlan20
no ip address
shutdown
!
!--- Output suppressed.
!
line con 0
stopbits 1
line vty 0 4
login
!
end
c-4006-SUPIII#configure terminal
Enter configuration commands, one per line.
c-4006-SUPIII(config)#no enable secret