Recover Password of a Cisco Switch

Posted On 2009-12-28 by FortyPoundHead
Tags: Cisco Software Hack/Tweak Tip 
Views: 2007

We've all done it - Forgotten or misplaced a password. This happens quite a bit with equipment or systems that are not accessed regularly.

Being a crafty kind of person, as most Sysadmins or network admins are, you've made the password extra strong, and not written it down, or perhaps you've misplaced the your hint sheet.

With the procedure outlined below, you can recover the password of as Cisco switch. You'll need physical access to the switch, and connect your laptop or crash cart PC to the console port of the switch. So don't get any ideas that you can do this remotely, and mess with your friends switch.

Now turn the power switch off and back on to recycle the power then release the mode button for few seconds after the LED above port 1 turns off.

Now your switch first prompt will look like this:

First run the flash_init command to initialize the flash.
switch: flash_init

After running the flash_init command, the following information will appear:

  1. switch: flash_init
  2. Initializing Flash...
  3. flashfs[0]: 21 files, 2 directories
  4. flashfs[0]: 0 orphaned files, 0 orphaned directories
  5. flashfs[0]: Total bytes: 7741440
  6. flashfs[0]: Bytes used: 4499456
  7. flashfs[0]: Bytes available: 3241984
  8. flashfs[0]: flashfs fsck took 7 seconds.
  9. ...done initializing flash.
  10. Boot Sector Filesystem (bs:) installed, fsid: 3
  11. Parameter Block Filesystem (pb:) installed, fsid: 4

Next, load any helper images
switch: load_helper

In order to get the name of the configuration file, get a directory of the flash device. Make note of the filename, which should be config.text.
switch: dir flash:

Now, you can rename the file. Make it simple, and just add the .old extension to the filename
switch: rename flash:config.text flash:config.text.old

Next, reboot the switch, utilizing the boot command.
switch: boot

Since your switch now does not have a configuration, you'll be at the default prompt. Type enable to enter enable mode at the switch prompt.
Switch> enable

Guess what? Now we can change the name for the configuration file back to the original, restoring our configuration.
Switch# rename flash:config.old flash:config.text

Now, we've got to make the config file into the running config. Just a simple file copy to running-config.
Switch# copy flash:config.text system:running-config

By entering config t mode (global config), we can now set the secret password to anything. In the example below, MyPassword is shown. If you are copying and pasting this text, be sure to change MyPassword to your password of choice. Be sure to write it down this time!
Switch# configure terminal
Switch (config)# enable secret MyPassword

Be sure to save the current configuration, which includes the new password. If you don't, you'll be back in the same boat you were before, trying to remember the password.
Switch# write memory

About the Author

FortyPoundHead has posted a total of 1974 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links