Password Recovery Cat 9200

There are two ways to proceed with password recovery:

1. If the password-recovery mechanism is enabled:

• Reload the switch in order to boot it in ROMMON:

Switch> reload

 

• Enable manual boot made:

Switch: MANUAL_BOOT=yes

 

• Ignore the startup configuration with the following command:

Switch: SWITCH_IGNORE_STARTUP_CFG=1

 

• Boot the switch with the packages.conf file from the flash:

Switch: boot flash:packages.conf

 

• Terminate the initial configuration dialog by answering No

Would you like enter the initial configuration dialog? [yes/no]: No

 

• At the switch prompt, enter privileged EXEC mode

Switch> enable

Switch#

 

• Copy the startup configuration to running configuration:

Switch# copy startup-config running-config destination filename [running-config]?

 

Press return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.

 

• Enter global configuration mode and change the enable password.

Switch# configure terminal

Switch(config)# enable secret [password]

 

• Set the SWITCH_IGNORE_STARTUP_CFG parameter to 0.

Switch(config)# no system ignore startupconfig switch all

Switch(config)# end

 

• Write the running configuration to the startup file and save the configuration:

Switch# copy running-config startup-config

Switch# write memory

 

• Confirm that manual boot mode is enabled

Switch# show boot

Boot variable = flash:packages.conf;

Manual Boot = yes

Enable Break = yes

 

• Reload the device:

Switch# reload

 

• Boot the device with the packages.conf file from flash:

Switch: boot flash:packages.conf

 

• After the device boots up, disable manual boot on the device:

Switch(config)# no boot manual

 

2. If the password-recovery mechanism is disabled, this message appears:

 

The password-recovery mechanism has been triggered, but

is currently disabled.  Access to the boot loader prompt

through the password-recovery mechanism is disallowed at

this point.  However, if you agree to let the system be

reset back to the default system configuration, access

to the boot loader prompt can still be allowed.

 

Would you like to reset the system back to the default configuration (y/n)?

 

Please note: Returning the device to the default configuration results in the loss of all existing configurations. We recommend that you contact your system administrator to verify if there are backup device and VLAN configuration files.

 

If you enter n (no), the normal boot process continues as if the Mode button had not been pressed; you cannot access the boot loader prompt, and you cannot enter a new password. You see the message:

 

Press Enter to continue........

 

If you enter y (yes), the configuration file in flash memory and the VLAN database file are deleted. When the default configuration loads, you can reset the password.

 

• Choose to continue with password recovery and delete the existing configuration:

Would you like to reset the system back to the default configuration (y/n)? Y

 

• Display the contents of flash memory:

Switch: dir flash:

The device file system appears.

 

• Boot up the system:

Switch: boot

 

You are prompted to start the setup program. To continue with password recovery, enter N at the prompt:

 

Continue with the configuration dialog? [yes/no]: N

 

• At the device prompt, enter privileged EXEC mode:

Switch> enable

 

• Enter global configuration mode:

Switch# configure terminal

 

• Change the password:

Switch(config)# enable secret password

 

The secret password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, and allows spaces but ignores leading spaces.

 

• Return to privileged EXEC mode:

Switch(config)# exit

Switch#

 

Please note: Before continuing to Step 9, power on any connected stack members and wait until they have completely initialized.

 

• Write the running configuration to the startup configuration file:

Switch# copy running-config startup-config

The new password is now in the startup configuration.

 

• You must now reconfigure the device. If the system administrator has the backup device and VLAN configuration files available, you should use those.