This document describes how to recover a password on Catalyst 6500/6000 Series Switches and Cisco 7600 Series Routers that run Cisco IOS® System Software.
There are no specific requirements for this document.
This document applies to the Supervisor 1, Supervisor 2, Supervisor 720, and Virtual Switching System (VSS) 1440 based systems. For Supervisor 720 based systems, this document applies when it runs Cisco IOS Software Release12.2(17)SX or later. If your Supervisor 720 runs a version prior to this, refer to Password Recovery Procedure for the Catalyst 6500 with Supervisor 720 Running Cisco IOS System Software Software Prior to 12.2(17)SX.
Note: The supported software for Virtual Switching System (VSS) 1440 based systems is Cisco IOS® Software Release 12.2(33)SXH1 or later.
The boot sequence is different on the Catalyst 6500/6000 and Cisco 7600 that run Cisco IOS System Software than the Cisco 7200 Series Router because the hardware is different. After you power-cycle the box, the switch processor (SP) boots up first. After a short amount of time (approximately 25 to 60 seconds) it transfers console ownership to the route processor (RP (MSFC)). The RP continues to load the bundled software image. It is crucial that you press Ctrl-brk just after the SP gives over control of the console to the RP. If you send the break sequence too soon, you end up in the ROMMON of the SP, which is not where you should be. Send the break sequence after you see this message on the console:
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor
After this point, the password recovery is the same as a normal router.
Note: From this point onward, the Catalyst 6000 Series Switch that runs Cisco IOS System Software is referred to as a router.
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
The switch is configured like a router because of the operating system that runs on the switch. The password recovery procedure follows the same steps as a Cisco 7200 Series Router, except that you have to wait approximately 25 to 60 seconds longer before you start the break sequence.
Attach a terminal or PC with terminal emulation to the console port of the router. Use these terminal settings:
9600 baud rate No parity 8 data bits 1 stop bit No flow control
The required console cable specifications are described in the Cable Specifications document. Instructions on how to connect to the console port are in the Module Installation Guide. The Connecting to the Console Port—Supervisor Engine Only section provides useful information.
If you still have access to the router, issue the show version command, and record the setting of the configuration register. It is usually 0x2102 or 0x102. Click here to see the output of a show version command.
If you do not have access to the router (because of a lost login or TACACS password), your configuration register is set to 0x2102.
Turn off the router and then turn it back on with the help of the power switch.
Caution: The break sequence must be initiated only after the RP gains control of the console port.
Press Break on the terminal keyboard right after the RP gains control of the console port. On the Catalyst 6000 that runs Cisco IOS Software, the SP boots first. After it has booted, it turns control over to the RP. After the RP gains control, initiate the break sequence. The RP gains control of the console port when you see this message. (Do not initiate the break sequence until you see this message):
00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor
From this point on, the password recovery procedure is the same as for any other router. If the break sequence does not work, refer to the Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
Type confreg 0x2142 at the rommon 1> prompt to boot from Flash without loading the configuration.
Type reset at the rommon 2> prompt.
The router reboots. However, it ignores the saved configuration.
Type no after each setup question or press Ctrl-C to skip the initial setup procedure.
Type enable at the Router> prompt.
You are in enable mode and see the Router# prompt.
Important: Issue the configure memory or copy start running commands to copy the Nonvolatile RAM (NVRAM) into memory. Do not issue the configure terminal command.
Issue the write terminal or show running command.
The show running and write terminal commands show the configuration of the router. In this configuration, you see under all the interfaces the shutdown command. This means that all the interfaces are currently shut down.You see the passwords either in encrypted or unencrypted format.
Issue the configure terminal command to enter global configuration mode and make the changes.
The prompt is now hostname(config)#.
Issue the enable secret < password > command in global configuration mode to change the enable password.
Issue the config-register 0x2102 command, or the value you recorded in Step 2 in global configuration mode (Router(config)#) to set the configuration value back to its original value.
Change the virtual terminal passwords, if present:
Router(config)#line vty 0 4 Router(config-line)#password cisco Router(config-line)#^Z Router#
Issue the no shutdown command on every interface that is normally in use. Issue a show ip interface brief command to see a list of interfaces and their current status. You must be in enable mode (Router#) to execute the show ip interface brief command. Here is an example for one interface:
Router#show ip interface brief Interface IP-Address OK? Method Status Prol Vlan1 172.17.10.10 YES TFTP administratively down dow Vlan10 10.1.1.1 YES TFTP administratively down dow GigabitEthernet1/1 unassigned YES unset administratively down dow GigabitEthernet1/2 unassigned YES TFTP administratively down dow GigabitEthernet2/1 unassigned YES TFTP administratively down dow GigabitEthernet2/2 unassigned YES TFTP administratively down dow FastEthernet3/1 172.16.84.110 YES TFTP administratively down dow <snip>... Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 3/1 Router(config-if)#no shutdown Router(config-if)#exit Router(config)# <do other interfaces as necessary...>
Press Ctrl-z to leave the configuration mode.
The prompt is now hostname#.
Issue the write memory or copy running startup commands to commit the changes.
The example here shows an actual password recovery procedure. This example is created with the help of a Catalyst 6000 Series switch. Begin with the show version and show module commands to see what components are used in this example.
Press RETURN to get started. Router>enable Password: Router#show version Cisco Internetwork Operating System Software IOS (tm) c6sup1_rp Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 17-Mar-01 00:14 by eaarmas Image text-base: 0x60020950, data-base: 0x6165E000 ROM: System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE BOOTFLASH: MSFC Software (C6MSFC-BOOT-M), Version 12.1(6)E, EARLY DEPLOYMENT RE) Router uptime is 14 minutes System returned to ROM by power-on (SP by reload) System image file is "sup-bootflash:c6sup11-jsv-mz.121-6.E" Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04281AF6 R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 24 Ethernet/IEEE 802.3 interface(s) 2 Virtual Ethernet/IEEE 802.3 interface(s) 48 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 4096K bytes of packet SRAM memory. 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 Router# Router#show module Slot Ports Card Type Model Serial Number ---- ----- ----------------------------------------- --------------------- ----------- 1 2 Cat 6000 sup 1 Enhanced QoS (active) WS-X6K-SUP1A-2GE SAD043301JS 2 2 Cat 6000 sup 1 Enhanced QoS (standby) WS-X6K-SUP1A-2GE SAD03510114 3 48 48 port 10/100 mb RJ45 WS-X6348-RJ-45 SAD04230FB6 6 24 24 port 10baseFL WS-X6024-10FL-MT SAD03413322 Slot MAC addresses Hw Fw Sw ---- ---------------------------------- ----- ------------ ---------- 1 00d0.c0d2.5540 to 00d0.c0d2.5541 3.2 unknown 6.1(0.105)OR 2 00d0.bcf1.9bb8 to 00d0.bcf1.9bb9 3.2 unknown 6.1(0.105)OR 3 0002.7ef1.36e0 to 0002.7ef1.370f 1.1 5.3(1) 1999- 6.1(0.105)OR 6 00d0.9738.5338 to 00d0.9738.534f 0.206 5.3(1) 1999- 6.1(0.105)OR Router# Router#reload Proceed with reload? [confirm] !--- Here you turn off the power and then turn it back on. !--- Here it is done with a reload instead of a hard power-cycle. 00:15:28: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging. 00:15:27: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (admin reque) 00:15:28: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (admin reque) 00:15:28: %C6KPWR-SP-4-DISABLED: power to module in slot 6 set off (admin reque) 00:15:28: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor 00:15:28: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co. 00:15:30: %SYS-SP-3-LOGGER_FLUSHING: System pausing to ensure console debugging. *** *** --- SHUTDOWN NOW --- *** 00:15:30: %SYS-SP-5-RELOAD: Reload requested 00:15:30: %OIR-SP-6-CONSOLE: Changing console ownership to switch processor 00:15:30: %SYS-SP-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure co. 00:15:31: %OIR-SP-6-REMCARD: Card removed from slot 1, interfaces disabled !--- First, the switch processor comes up. System Bootstrap, Version 5.3(1) Copyright (c) 1994-1999 by cisco Systems, Inc. c6k_sup1 processor with 65536 Kbytes of main memory Autoboot executing command: "boot bootflash:c6sup11-jsv-mz.121-6.E" Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (TM) c6sup1_sp Software (c6sup1_sp-SPV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 17-Mar-01 00:52 by eaarmas Image text-base: 0x60020950, database: 0x605FC000 Start as Primary processor 00:00:03: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging ou. 00:00:03: %OIR-6-CONSOLE: Changing console ownership to route processor !--- The RP now has control of the console. !--- This is when you send the break sequence. System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. *** Address Error (Load/Fetch) Exception *** Access address = 0x5e PC = 0x5e, Cause = 0x10, Status Reg = 0x3040d003 ROM Monitor Can Not Recover From Exception A Board Reset Is Issued *** Software NMI *** PC = 0xbfc0b6b0, SP = 0x00002a90 Cat6k-MSFC platform with 131072 Kbytes of main memory Self decompressing the image : ################################################] *** System received an abort due to Break Key *** signal= 0x3, code= 0x0, context= 0x6049ed68 PC = 0x601011ac, Cause = 0x20, Status Reg = 0x34008002 !--- You are now in ROMMON mode on the RP. Continue the password !--- recovery procedure just as on any router. Changing the configuration !--- register from 0x2102 to 0x2142 causes the router to ignore the existing !--- configuration. You want it to be ignored because it has passwords that you do not !--- know. rommon 1 > confreg 0x2142 You must reset or power cycle for new config to take effect rommon 2 > reset System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat6k-MSFC platform with 131072 Kbytes of main memory Self decompressing the image : ################################################] Attempt to download 'sup-bootflash:c6sup11-jsv-mz.121-6.E' ... okay Starting download of 'sup-bootflash:c6sup11-jsv-mz.121-6.E': 8722810 bytes!!!!!! Chksum: Verified! Self decompressing the image : ################################################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (TM) c6sup1_RP Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by Cisco Systems, Inc. Compiled Sat 17-Mar-01 00:14 by eaarmas Image text-base: 0x60020950, database: 0x6165E000 Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04281AF6 R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 24 Ethernet/IEEE 802.3 interface(s) 1 Virtual Ethernet/IEEE 802.3 interface(s) 48 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of nonvolatile configuration memory. 4096K bytes of packet SRAM memory. 16384K bytes of Flash internal SIMM (Sector size 256K). --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: n !--- The router ignores the saved configuration and enters !--- the initial configuration mode. Press RETURN to get started! 00:00:03: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure conso. 00:00:04: %C6KPWR-4-PSINSERTED: power supply inserted in slot 1. 00:00:04: %C6KPWR-4-PSOK: power supply 1 turned on. 00:02:08: %SYS-SP-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (TM) c6sup1_SP Software (c6sup1_sp-SPV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 17-Mar-01 00:52 by eaarmas 00:02:13: L3-MGR: l2 flush entry installed 00:02:13: L3-MGR: l3 flush entry installed 00:02:14: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (TM) c6sup1_RP Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by Cisco Systems, Inc. Compiled Sat 17-Mar-01 00:14 by eaarmas 00:02:17: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (admin reque) 00:02:18: %C6KPWR-SP-4-ENABLED: power to module in slot 3 set on 00:02:18: %C6KPWR-SP-4-ENABLED: power to module in slot 6 set on 00:02:28: sm_set_moduleFwVersion: nonexistent module (1) 00:02:38: %SNMP-5-MODULETRAP: Module 1 [Up] Trap 00:02:38: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online 00:02:56: %SNMP-5-MODULETRAP: Module 6 [Up] Trap 00:02:56: %OIR-SP-6-INSCARD: Card inserted in slot 6, interfaces are now online 00:02:59: SP: SENDING INLINE_POWER_DAUGHTERCARD_MSG SCP MSG 00:02:59: %SNMP-5-MODULETRAP: Module 3 [Up] Trap 00:02:59: %OIR-SP-6-INSCARD: Card inserted in slot 3, interfaces are now online Router>enable Router# !--- You go right into privilege mode without needing a password. !--- At this point, the configuration running-config is a default configuration !--- with all the ports administratively down (shutdown). Router#copy startup-config running-config Destination filename [running-config]? <press enter> !--- This pulls in the original configuration. Since you are already in privilege !--- mode, the passwords in this configuration do not affect you. 4864 bytes copied in 2.48 secs (2432 bytes/sec) Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret < password > [Choose a strong password with at least one capital letter, one number, and one special character.] !--- Overwrite the password that you do not know. This is your new enable password. Router(config)#^Z Router# Router#show ip interface brief Interface IP-Address OK? Method Status Prol Vlan1 172.17.10.10 YES TFTP administratively down dow Vlan10 10.1.1.1 YES TFTP administratively down dow GigabitEthernet1/1 unassigned YES unset administratively down dow GigabitEthernet1/2 unassigned YES TFTP administratively down dow GigabitEthernet2/1 unassigned YES TFTP administratively down dow GigabitEthernet2/2 unassigned YES TFTP administratively down dow FastEthernet3/1 172.16.84.110 YES TFTP administratively down dow <snip>... !--- Issue the no shut command on all interfaces that you want to bring up. Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 3/1 Router(config-if)#no shutdown Router(config-if)#exit !--- Overwrite the virtual terminal passwords. Router(config)#line vty 0 4 Router(config-line)#password cisco Router(config-line)#^Z Router# !--- Restore the configuration register to its normal state so that it !--- no longer ignores the stored configuration file. Router#show version Cisco Internetwork Operating System Software IOS (tm) c6sup1_rp Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 17-Mar-01 00:14 by eaarmas Image text-base: 0x60020950, data-base: 0x6165E000 ROM: System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE BOOTFLASH: MSFC Software (C6MSFC-BOOT-M), Version 12.1(6)E, EARLY DEPLOYMENT RE) Router uptime is 7 minutes System returned to ROM by power-on (SP by reload) System image file is "sup-bootflash:c6sup11-jsv-mz.121-6.E" Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04281AF6 R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 24 Ethernet/IEEE 802.3 interface(s) 2 Virtual Ethernet/IEEE 802.3 interface(s) 48 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 4096K bytes of packet SRAM memory. 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2142 Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#config-register 0x2102 Router(config)#^Z Router# !--- Verify that the configuration register is changed for the next reload. Router#show version Cisco Internetwork Operating System Software IOS (tm) c6sup1_rp Software (c6sup1_rp-JSV-M), Version 12.1(6)E, EARLY DEPLOYME) TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Sat 17-Mar-01 00:14 by eaarmas Image text-base: 0x60020950, data-base: 0x6165E000 ROM: System Bootstrap, Version 12.0(3)XE, RELEASE SOFTWARE BOOTFLASH: MSFC Software (C6MSFC-BOOT-M), Version 12.1(6)E, EARLY DEPLOYMENT RE) Router uptime is 8 minutes System returned to ROM by power-on (SP by reload) System image file is "sup-bootflash:c6sup11-jsv-mz.121-6.E" Cisco Catalyst 6000 (R5000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04281AF6 R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 24 Ethernet/IEEE 802.3 interface(s) 2 Virtual Ethernet/IEEE 802.3 interface(s) 48 FastEthernet/IEEE 802.3 interface(s) 4 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 4096K bytes of packet SRAM memory. 16384K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2142 (will be 0x2102 at next reload) Router# Router#copy running-config startup-config Destination filename [startup-config]? <press enter> Building configuration... [OK] Router# !--- Optional: If you want to test that the router !--- operates properly and that you have changed !--- the passwords, then reload and test. Router#reload Proceed with reload? [confirm] <press enter>
Revision | Publish Date | Comments |
---|---|---|
1.0 |
24-Apr-2009 |
Initial Release |