EN 
11.09.2024 WELCOME IN MY WORLD

This website is originally written in the Czech language. Only part of the content is machine (AI) translated into English. The translation may not be exact and may contain errors.

Tento článek si můžete zobrazit v originální české verzi. You can view this article in the original Czech version.
Cisco IOS 4 - reset, password recovery

Cisco IOS 4 - reset, password recovery

| Petr Bouška - Samuraj |
In the next part of the description of Cisco IOS, I will focus on methods to delete the existing configuration of the switch and thus bring it to the default state. The second part describes the procedure for recovering the password if we forget the original one.
displayed: 54 019x (54 005 CZ, 14 EN) | Comments [15]

Reset to Factory Settings

There are many reasons why we might need to reset a device (its configuration) to factory settings. For switches, we have two methods available: hardware (requiring physical access to the switch) and software (requiring login with sufficient permissions).

Note: Before resetting switches, it is recommended to back up the configuration. I would also recommend making a backup of the IOS for each switch (or rather product line) as described in the second part.

Hardware Method

I would recommend this method; it seems simpler to me.

  1. Press and hold the MODE button on the switch. After about 3 seconds, the LED lights will start flashing.
  2. After about 7 seconds, the lights will stop flashing, release the button, and the switch will restart.
  3. After starting, the configuration is erased.

Software Method

To reset the switch, we need to delete its configuration. It is stored in NVRAM memory in startup-config, plus VLAN information is stored in the vlan.dat file. Deletion can be done in several ways, considering what we want to delete.

To delete files in flash memory (file system), use the delete command. To delete the file system, use the erase command, which can delete bootflash:, flash:, or nvram:.

Note: When deleting files, they are only marked as deleted and can be recovered with the undelete command, or permanently deleted with the squeeze command. However, after using the erase command, everything is permanently deleted.

Previously, these two commands were used:

SWITCH#erase startup-config // deletes only the startup configuration
SWITCH#write erase // deletes NVRAM memory

They are still functional but have been replaced by the command:

SWITCH#erase nvram: // deletes NVRAM memory

With the erase command, we can also delete flash memory, where the IOS and VLAN configuration are stored. There are few situations where this is necessary. I warn again that using the following command will delete the IOS, and the switch will boot only into the limited RxBoot environment after a restart!

SWITCH#erase flash: // complete deletion of flash memory

If needed, we can delete the VLAN configuration from flash memory:

SWITCH#delete vlan.dat // deletes the vlan.dat file

After deleting the switch configuration, we need to restart it. This can be done with the command:

SWITCH#reload // restart the switch

Note: If the system asks whether to save changes to the configuration during reload, you must choose no. Otherwise, the current running configuration would be saved to the startup configuration.

Password Recovery - Lost Password

It may happen that we forget the password to the switch and need to log in. Of course, we do not want to lose the current configuration. The following procedure is for the Catalyst series 2900, 3500, 3700 (but may work elsewhere). We need physical access to the switch.

The principle is:

  • Start the switch without the startup configuration
  • Log in to privileged mode (without a password)
  • Copy our original configuration to the running configuration
  • Set the password
  • Save the configuration

Here is the detailed procedure:

  1. Connect to the switch via console (serial cable)
  2. Disconnect the power from the switch
  3. Press and hold the MODE button
  4. Reconnect the power
  5. The switch will stop at the beginning of the boot process
  6. Then enter these commands
SWITCH:flash_init
SWITCH:load_helper
SWITCH:dir flash: // list memory
SWITCH:rename flash:config.text flash:config.old // rename the startup configuration
SWITCH:boot // boot
SWITCH>enable // started without password and config, privileged mode
SWITCH#rename flash:config.old flash:config.text // rename back
SWITCH#copy flash:config.text system:running-config // copy to running configuration (append)
Switch#configure terminal
Switch(config)#no enable secret // remove the password (or password)
Switch(config)#enable secret Cisco // set a new one
Switch(config)#exit
Switch#copy running-config startup-config // save the configuration

From a security perspective, we may want to disable this password recovery option. In newer IOS versions, this is possible with the command:

Switch(config)#no service password-recovery

Then, if someone attempts the password recovery procedure, the memory will be erased.

Author:

Related articles:

Cisco IOS

A large series about the operating system of Cisco's active elements. It contains some of the most read articles on this site. The articles describe the configuration of switches and routers, primarily with Cisco IOS. Things about ports, VLANs, STP, ACLs, QoS, etc.

If you want write something about this article use comments.

Comments
  1. [1] rocmen

    Vyborna serie clanku, jen tak dal!

    Monday, 14.05.2007 11:35 | answer
  2. [2] Samuraj

    respond to [1]rocmen: Děkuji :-). Mám naplánovaných ještě min. 5 částí, jen je potřeba najít čas na psaní.

    Monday, 14.05.2007 11:42 | answer
  3. [3] joshik

    [3]Koupili jsme do firmy Cisco Catalyst řadu 4500 a vaše stránka mi moc pomohla. Jen tak dál

    Sunday, 03.06.2007 11:14 | answer
  4. [4] Koumes

    Taky se mi to moc líbí.

    Zatím jsem tady našel jen pár nových informací a pár neúplných asi z důvodu zjednodušení, ale v dalších kapitolách bude určitě víc věcí co mi pomůžou s BCMSN.

    Dík za ně

    Tuesday, 11.09.2007 09:31 | answer
  5. [5] _knight

    Chyba mi tu password recovery v routroch, rommon,confreg 0x2142,boot,copy start running,enable secret ...,default confreg=0x2102,reload:>

    Sunday, 10.08.2008 21:31 | answer
  6. [6] _knight

    respond to [5]_knight: dufam,ze nedate dafault confreg=0x2102 :)

    Sunday, 10.08.2008 21:32 | answer
  7. [7] Karel

    Velice opatrně na "no password-recovery". Doporučuji odexperimentovat na konkrétním zařízení, u některých typů opravdu není cesta zpět (bez zásahu Cisca). Vůbec se nedostanete do ROM monitoru.

    Monday, 01.09.2008 10:11 | answer
  8. [8] Alex

    Jestli tomu dobře rozumím v návodu, při reset hesla, musím mít jakousi zazálohovanou konfiguraci? Když ji nemám?:-(

    Děkuji za info...

    Friday, 04.09.2009 12:53 | answer
  9. [9] Samuraj

    respond to [8]Alex: Kdepak. Pokud nemám heslo do zařízení, tak mohu provést Hard Reset, ale pak přijdu o aktuální konfiguraci. Pokud o ni nechci přijít (to znamená, že ji mám uloženou v zařízení), tak provedu postup na Password Recovery, kde se kopíruje ta konfigurace uvnitř zařízení a přepíše se v ní heslo.

    Friday, 04.09.2009 13:14 | answer
  10. [10] Alex

    O.K. výborně, děkuji za info...budu muset postup vyzkoušet, jeden switch (Cisco 2900 XL) jsem si zahesloval až moc!

    Ještě prosím o informaci, mám pocit, že jsem mu nastavil, zákaz přístupu přes TelNet, jakým příkazem dát enable acces TelNet...upsss ještě jeden dotaz na jaký port (číslo) se budu přes sériový port ke switchi připojovat, a v aplikaci psát příkazy Hyperterminál?

    Děkuji!

    hezký den!

    Friday, 04.09.2009 13:30 | answer
  11. [11] Samuraj

    respond to [10]Alex: Konfiguraci připojení přes telnet popisuji v 5 díle seriálu. Při připojení přes sériový port (třeba pomocí Hyperterminálu) se nepoužívají žádné porty, prostě se čte a zapisuje přímo do streamu (daného portu).

    Friday, 04.09.2009 13:56 | answer
  12. [12] Alex

    Dobře děkuji za cenné info...;-)

    Vyzkouším....

    Friday, 04.09.2009 14:02 | answer
  13. [13] Alex

    Postup vyzkoušen a heslo změněno, TelNet také zapnut:-) Jste borec;-)

    Sunday, 06.09.2009 20:27 | answer
  14. [14] johny

    Zravim,

    V clanku IOS 1 sa pise, ze startup-config sa nacita z NVRAM. Preco potom pri pass recovery, menime nazov cfg vo FLASH a nie v NVRAM?

    Saturday, 09.03.2013 11:08 | answer
  15. [15] Dominik

    Po recovery mě to vypíše:

    Username:

    Password:

    Pro jakého uživatele se změní heslo?

    Thursday, 20.08.2020 12:37 | answer
Add comment

Insert tag: strong em link

Insert Smiley: :-) ;-) :-( :-O

Help:
  • maximum length of comment is 2000 characters
  • HTML tags are not allowed (they will be removed), you can use only the special tags listed above the input field
  • new line (ENTER) ends paragraph and start new one
  • when you respond to a comment, put the original comment number in squar brackets at the beginning of the paragraph (line)