Scriblings Of A GEEK: Cisco 2900XL Catalyst switch password recovery Procedure

Wednesday, September 22, 2004

Cisco 2900XL Catalyst switch password recovery Procedure

Just did the password break for a 2924 (Cisco 2900XL Catalyst switch) switch yesrterday as usual i keep on forgetting it :).

Heres how i did it :

Step 1 .

How to connect to the Switch :

Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch. Use the following terminal settings:

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control

Step 2 .

Unplug the power cable.

Hold down the mode button located on the left side of the front panel, while reconnecting the power cord to the switch. You can release the mode button a second or two after the LED above port 1x is no longer illuminated.

You would get the output below on the Hyperterminal window :

The system has been interrupted prior to initializing the flash file system.
The following commands will initialize the flash file system, and finish loading
the operating system software:

flash_init
load_helper
boot

Step 3 .

Type flash_init.

Type load_helper.

Type dir flash:.

!--- Make sure to type a colon ":" after the dir flash

You would get the output below on the Hyperterminal window :

Directory of flash:
2 -rwx 843947 Mar 01 1993 00:02:18 C2900XL-h-mz-112.8-SA
4 drwx 3776 Mar 01 1993 01:23:24 html
66 -rwx 130 Jan 01 1970 00:01:19 env_vars
68 -rwx 1296 Mar 01 1993 06:55:51 config.text
1728000 bytes total (456704 bytes free)

config.text is the startup-configuration file which is stored in the flash and loaded when the switch loads.

Step 4 .

Type rename flash:config.text flash:config.old to rename the configuration file.

This file contains the password definition.

Type boot to boot the system

Step 5 .

This would load the IOS on the switch and get you to the configuration script as it cannot find a copy of the normal start-configuration.

Enter N at the prompt to start the Setup program,

Continue with the configuration dialog? [yes/no] : N

Step 6 .

At the switch prompt type en to turn on enable mode.

Type rename flash:config.old flash:config.text to rename the configuration file with its original name.

Copy the configuration file into memory:

Switch# copy flash:config.text system:running-config
Source filename [config.text]? (press Return)
Destination filename [running-config]? (press Return)

Step 7 .

myswitch#configure terminal
myswitch(config)#no enable secret
!-- This step is necessary if the switch had an enable secret password
myswitch(config)#enable password Cisco
myswitch#(config)#^Z
!--Control/Z

Remove any console and line vty (telnet / emulation) passwords if set.

Step 8 .

Write the running configuration to the configuration file:

switch#write memory

The Catalyst 2955 series switches do not use an external mode button for password recovery

The switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm running on Windows 2000 uses Ctrl + Break. On a workstation running UNIX, Ctrl-C is the break key

The example below uses Hyperterm to break into switch: mode on a 2955.

C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO DEVELOPMENT TEST
VERSION
Compiled Fri 13-Dec-02 17:38 by madison
WS-C2955T-12 starting...
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 19 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4510720
flashfs[0]: Bytes available: 3230720
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4

*** The system will autoboot in 15 seconds ***
Send break character to prevent autobooting.