12-05-2013 01:49 PM - edited 03-01-2019 05:00 PM
Power cycle the switch. Immediatly press and hold the Mode button. Hold the button for approximately 12 seconds, the Status LED will go amber. On the console you should be in Boot Loader.
Switch:
Add the following variables.
Switch: SWITCH_IGNORE_STARTUP_CFG=1
Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=0
Then boot the switch.
Switch: boot
Once the switch has booted you can copy the saved config back into the running config.
Switch# copy start runn
Next set your password(s). Finally we want to remove the variables we set while in Boot Loader.
Switch# no system ignore startupconfig switch all
Switch# system disable password recovery switch all
Save your new config.
Switch# copy runn start
Since we are on the topic of passwords, I beleive you should configure AAA even if you're using local credentials. Here's an example of how easy it is to setup.
Switch(config)# aaa new-model
Switch(config)# aaa authentication login default local
Switch(config)# username mmessier privilege 15 secret StAnLeYcUp
Switch(config)# line vty 0 4
Switch(config-line)# login authentication default
It's that easy! You can now remove the passwords from under the VTY. Those passwords are easily reversible and should not be used. Instead use AAA and the secret keyword in configuring the username. It encrypts the password and is not reversible (yet). For even more security use the service-password encrypt aes command.
Following step is outdated and does not work on later releases. I tried on 3850 running 3.3.4 and saw this:
switch: SWITCH_DISABLE_PASSWORD_RECOVERY=0
Can't set variable "SWITCH_DISABLE_PASSWORD_RECOVERY" -- is readonly.
Please be aware of this bug that causes entire startup config to get wiped out when user attempts pwd recovery.
Conditions:
cat3850, 3650
15.0(1)EZ and 15.0(1)EZ1
Workaround:
There is no workaround
Further Problem Description:
When we do password recovery, a new certificates is created by http component. After the certificate creation, the startup-config is overwritten with default running-config. so, the startup-config is lost.
Fixed in 3.6.1 and 3.7.0
So how do I recover password now?
idk what version of IOS the password recovery commands were used on but it doesn't work for v3.2 and above. This doc needs to be removed.
I´ve had same problem but I solved doing this:
Switch: SWITCH_IGNORE_STARTUP_CFG=1
Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=0 ---- Message Read Only
Switch: BOOT=flash:packages.conf
Switch: boot
Once the switch has booted you can copy the saved config back into the running config.
Switch# copy start runn
Next set your password(s). Finally we want to remove the variables we set while in Boot Loader.
Switch# no system ignore startupconfig switch all
Switch# system disable password recovery switch all
Save your new config.
Switch# copy runn start
Hello world (privet partizany)
I had this issue today. Glad was able to find this instructions. The beauty is that I recovered password and not lost config. It was exactly what I want == password recovery. Re-typed username / password statement then followed the steps. At the end I reboot 3850 just to have peace of mind. No issues. I have VERY happy.
However, need to note that instructions above are not 100% accurate. I figured it out ;)
You need to be in config mode, not in enabled mode for the following commands:
Switch(config)# no system ignore startupconfig switch all
Switch(config)# system disable password recovery switch all
Thank you and good luck // vsem poka
Roman
this password recovery seems to be dependable on your iso version; there is no consistency on the c3850 models
The step from edu290386 actually work. I was able to get in to the switch successfully, but to to 100%
Switch(config)# no system ignore startupconfig switch all
Switch(config)# system disable password recovery switch all
Need to be in config mode.
Great post.
WARNING : please don't use:
Switch(config)# system disable password recovery switch all
you are basically disabling password recovery in future, hence you won't be able do it after doing it for the first time, eventually if you don't have configs as backup you will loose everything.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: