Password Recovery Cisco Catalyst 3850

If you are locked out of your 3850 switch and need to perform Password recovery on a Cisco Catalyst 3850 switch this short tutorial will guide you along the way.

You will need

• One Cisco Catalyst 3850 switch or switch stack which you have forgotton or do not know the password for.
• A laptop with a console cable
• An assistant to help (if the switch is in a rack)

Password Recovery Cisco Catalyst 3850 – Step 1

Connect your console cable to the 3850 and ensure you can get a command prompt.

The first step is to power your switch off, if you are running a 3850 stack ensure to remove all power cables and if using stack power disconnect the stack power so you can isolate the top switch of the stack.

You need to be able to power on one switch and hold down the mode button at the same time, if the switch is in a rack you might need someone to help you with this bit!

The mode button is shown below

Step 2

Now you have powered off your switch / switches and located the Mode Button and got a helper (if needed) to assist with the power you are set.

Hold the Mode Button down and connect the power – after about 12 seconds the SYST LED will go Amber along with all the other four LEDS. Release the Mode Button

If this step has gone well, you should be looking at the following on your laptop

The system has been interrupted prior to initializing some
filesystems and loading the operating system software.
Console will be reset to 9600 baud rate, need to change terminal setting first.
The following commands will initialize the remaining filesystems, 
and finish loading the operating system software:

 flash_init
 boot

switch:

You now need to enter the two following command

switch: SWITCH_IGNORE_STARTUP_CFG=1

Next reboot the switch with the following command

switch: boot         --- System Configuration Dialog ---

Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]:

Answer No to this and you should be looking at a blank switch config

Switch>

Step 3

You now need to copy your startup-config to the running-config so that you keep the configuration on the switch.

Use the command

copy startup-config running-config

You should now see the hostname of your switch and all the configuration should be there.

Now you either need to add another username

username roger privilige 15 password <your password here>

or change the enable secret

enable secret <new enable secret password>

Or disable AAA

no aaa new-model

Once you have performed those steps you just need to tell the 3850 to check it’s startup config on the next boot again, you do this with the command you used earlier to ignore it.

conf t

no system ignore startupconfig switch all

Save the running config to the startup

copy run start

or

wr m

Then reload your switch and you should be able to log back in with your newly created password.

The command to reload the switch is simply

reload

HTH

Roger