To perform password recovery on most Cisco devices, you will need console access to it. The same goes with the Cisco ACE Service Modules as well. If the ACE is not local to you or if you cannot establish a console connection for any other reason, and if you are required to gain admin access to the module, use the following procedure to recover the admin password.
This document describes the procedure to perform password recovery on ACE SM using the Catalyst6500 platform's EOBC Channel, but can also be used for ACE on 7600 Routing Platform. (More about EOBC at the end of this document).
NOTE: If you have console access and if you need to recover ACE SM password, please follow this link.
Step-1: Login to the Catalyst 6500 Switch where the ACE module is slotted.
Step-2: From the CAT65K, issue command "hw-module module x boot rom-monitor" to force the ACE module in slot x to boot into ROMMON.
In this example, the module is in slot 7of the Catalyst 6500 switch.
Cat6K#hw-module module 7 boot rom-monitor
Boot option for module 7 is set to 3
Cat6K#
Step-3: Login to the console of the supervisor engine of the CAT65k switch.
Cat6K#remote login switch
Trying Switch ...
Entering CONSOLE for Switch
Type "^C^C^C" to end this session
Cat6K-sp#
Step-4: From the supervisor console, establish remote console to the ACE module. (You should wait long enough for the module to shutdown and then boot into ROMMON - from Step-2)
NOTE: For this console to work, the module has to be in ROMMON mode. If not, the switch will return "Card in slot X is not in ROMMON" message.
Cat6K-sp#svclc console 7
Entering svclc ROMMON of slot 7 ...
Type "end" to end the session.
Step-5: Once you get in to the ACE module’s ROMMON, you can issue the command "confreg", and go with options y, y, n, n for the prompts. By doing this we are trying to bypass the start-up configuration.
rommon 1 > confreg
Configuration Summary
(Virtual Configuration Register: 0x1)
enabled are:
console baud: 9600
boot: the file specified in BOOT variable
do you wish to change the configuration? y/n [n]: y
enable "ignore system config info"? y/n [n]: y
change the boot characteristics? y/n [n]: n
Configuration Summary
(Virtual Configuration Register: 0x1)
enabled are:
console baud: 9600
boot: the file specified in BOOT variable
do you wish to change the configuration? y/n [n]: n
Step-6: Now boot the module into the ACE software that is stored stored on disk by issuing "boot" command.
rommon 2 > boot
End of tunneling command.
Cat6K#
Step-7: The module should boot into the ACE software stored on the disk, but it will bypass the startup configuration. Once the module boots up you can login with default (admin/admin) credentials.
Cat6K#session slot 7 processor 0
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.70 ... Open
switch login: admin
Password:
switch/Admin#
Step-8: Copy the startup-config from NVRAM to running-config and change the Admin credentials.
switch/Admin# copy startup-config running-config
NOTE: Processing has started for applied config
ACE/Admin#
ACE/Admin# configure
Enter configuration commands, one per line. End with CNTL/Z.
ACE/Admin(config)# username admin password ?
0 Password for the user (clear text)
5 Strongly encrypted password
<WORD> Password for the user (clear text) (Max Size - 64)
< END-OF-PROCEDURE>
EOBC (Ethernet Out-Of-Band Channel)
EOBC is a type of control bus used more for administrative communication between supervisors and line cards / service modules. It is used for Line Control Processor (LCP) code download and communication between the Network Management Processor (NMP) and LCP's. Serial Control Protocol (SCP) is used for supervisor and line cards communication over this channel while Serial Link Protocol (SLP) is used for communication between redundant supervisors.
- Santhosh S
To receive the latest information on Cisco online tools, certifications, support documentation, insights from Cisco experts and peers, and upcoming events, check out the Cisco Technical Services Newsletter today.
