If you are locked out of your 3850 switch and need to perform Password recovery on a Cisco Catalyst 3850 switch this short tutorial will guide you along the way.
You will need
- One Cisco Catalyst 3850 switch or switch stack which you have forgotton or do not know the password for.
- A laptop with a console cable
- An assistant to help (if the switch is in a rack)
Password Recovery Cisco Catalyst 3850 – Step 1
Connect your console cable to the 3850 and ensure you can get a command prompt.
The first step is to power your switch off, if you are running a 3850 stack ensure to remove all power cables and if using stack power disconnect the stack power so you can isolate the top switch of the stack.
You need to be able to power on one switch and hold down the mode button at the same time, if the switch is in a rack you might need someone to help you with this bit!
The mode button is shown below
Step 2
Now you have powered off your switch / switches and located the Mode Button and got a helper (if needed) to assist with the power you are set.
Hold the Mode Button down and connect the power – after about 12 seconds the SYST LED will go Amber along with all the other four LEDS. Release the Mode Button
If this step has gone well, you should be looking at the following on your laptop
The system has been interrupted prior to initializing some filesystems and loading the operating system software. Console will be reset to 9600 baud rate, need to change terminal setting first. The following commands will initialize the remaining filesystems, and finish loading the operating system software: flash_init boot switch:
You now need to enter the two following command
switch: SWITCH_IGNORE_STARTUP_CFG=1
Next reboot the switch with the following command
switch: boot --- System Configuration Dialog --- Enable secret warning ---------------------------------- In order to access the device manager, an enable secret is required If you enter the initial configuration dialog, you will be prompted for the enable secret If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret, please set an enable secret using the following CLI in configuration mode- enable secret 0 ---------------------------------- Would you like to enter the initial configuration dialog? [yes/no]:
Answer No to this and you should be looking at a blank switch config
Switch>
Step 3
You now need to copy your startup-config to the running-config so that you keep the configuration on the switch.
Use the command
copy startup-config running-config
You should now see the hostname of your switch and all the configuration should be there.
Now you either need to add another username
username roger privilige 15 password <your password here>
or change the enable secret
enable secret <new enable secret password>
Or disable AAA
no aaa new-model
Once you have performed those steps you just need to tell the 3850 to check it’s startup config on the next boot again, you do this with the command you used earlier to ignore it.
conf t
no system ignore startupconfig switch all
Save the running config to the startup
copy run start
or
wr m
Then reload your switch and you should be able to log back in with your newly created password.
The command to reload the switch is simply
reload
HTH
Roger
Roger Perkin - CCIE #50038 is a Network Automation Engineer & CCIE Consultant based in the UK, currently working for Softcat Plc as a Senior Network & Security Consultant.
Rogers' CCIE Journey | About Roger | Contact | Twitter | Linkedin
