To perform password recovery on most Cisco devices, you will need console access to it. The same goes with the Cisco ACE Service Modules as well. If the ACE is not local to you or if you cannot establish a console connection for any other reason, and if you are required to gain admin access to the module, use the following procedure to recover the admin password.
This document describes the procedure to perform password recovery on ACE SM using the Catalyst6500 platform's EOBC Channel, but can also be used for ACE on 7600 Routing Platform. (More about EOBC at the end of this document).
NOTE: If you have console access and if you need to recover ACE SM password, please follow this link.
Step-1: Login to the Catalyst 6500 Switch where the ACE module is slotted.
Step-2: From the CAT65K, issue command "hw-module module x boot rom-monitor" to force the ACE module in slot x to boot into ROMMON.
In this example, the module is in slot 7of the Catalyst 6500 switch.
Cat6K#hw-module module 7 boot rom-monitor Boot option for module 7 is set to 3 Cat6K#
Step-3: Login to the console of the supervisor engine of the CAT65k switch.
Cat6K#remote login switch Trying Switch ... Entering CONSOLE for Switch Type "^C^C^C" to end this session
Step-4: From the supervisor console, establish remote console to the ACE module. (You should wait long enough for the module to shutdown and then boot into ROMMON - from Step-2)
NOTE: For this console to work, the module has to be in ROMMON mode. If not, the switch will return "Card in slot X is not in ROMMON" message.
Cat6K-sp#svclc console 7 Entering svclc ROMMON of slot 7 ...
Type "end" to end the session.
Step-5: Once you get in to the ACE module’s ROMMON, you can issue the command "confreg", and go with options y, y, n, n for the prompts. By doing this we are trying to bypass the start-up configuration.
do you wish to change the configuration? y/n [n]: y enable "ignore system config info"? y/n [n]: y change the boot characteristics? y/n [n]: n Configuration Summary (Virtual Configuration Register: 0x1) enabled are: console baud: 9600 boot: the file specified in BOOT variable
do you wish to change the configuration? y/n [n]: n
Step-6: Now boot the module into the ACE software that is stored stored on disk by issuing "boot" command.
rommon 2 > boot End of tunneling command.
Step-7: The module should boot into the ACE software stored on the disk, but it will bypass the startup configuration. Once the module boots up you can login with default (admin/admin) credentials.
Cat6K#session slot 7 processor 0 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.70 ... Open
switch login: admin Password:
Step-8: Copy the startup-config from NVRAM to running-config and change the Admin credentials.
switch/Admin# copy startup-config running-config
NOTE: Processing has started for applied config
ACE/Admin# ACE/Admin# configure Enter configuration commands, one per line. End with CNTL/Z. ACE/Admin(config)# username admin password ? 0 Password for the user (clear text) 5 Strongly encrypted password <WORD> Password for the user (clear text) (Max Size - 64)
EOBC (Ethernet Out-Of-Band Channel)
EOBC is a type of control bus used more for administrative communication between supervisors and line cards / service modules. It is used for Line Control Processor (LCP) code download and communication between the Network Management Processor (NMP) and LCP's. Serial Control Protocol (SCP) is used for supervisor and line cards communication over this channel while Serial Link Protocol (SLP) is used for communication between redundant supervisors.
- Santhosh S
To receive the latest information on Cisco online tools, certifications, support documentation, insights from Cisco experts and peers, and upcoming events, check out the Cisco Technical Services Newsletter today.
Greetings, out of curiosity how long does it take your APIC device to boot to the APIC screen?I'm seeing anywhere from 20-30 minutes. Sometimes requiring me to reboot multiple times to get it to appear.Working with C220 M5. More often then not I get ...
Hi all, after port change from fc to ethernet and restared N5K I have a problem with second N5K, this two devices are connected via peer-link and I´m receiving error log: %VPC-2-VPC_DELAY_RESTORE_TIMER: Delay restore timer will be overwritten to...
Hello, The question is the following i have 2 DC:Site1 - PrincipalSite2 - Secondary The thing is my principal internet connection will be on Site1 and i have a network with multisite (192.168.120.0/24) and a server 1 on site 1 (.10) and a Server...