Solved: 3650 Password recovery

PeterXiong1168 · ‎07-12-2019

I'm having issues with getting a 3650 through the password recovery process.

I got it into the password reset mode, but i don't have load_helper as an option and don't have a config.text. file to rename. I tried another process, which consist of boot flash:packages.conf command. That doesn't work either.

I'm stumped and need some ideas

balaji.bandi · ‎07-12-2019

From My Notes (worked many times)

Hope this helps.

Here is a link that points to performing a password recovery on a 3650 switch.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/system_management/configuration_guide/b_sm_3se_3650_cg.pdf

SUMMARY STEPS
1. Connect a terminal or PC to the switch.
2. Set the line speed on the emulation software to 9600 baud.
3. Power off the standalone switch or the entire switch stack.
4. Reconnect the power cord to the or the active switch. Within 15 seconds, press the Mode button while
the System LED is still flashing green. Continue pressing the Mode button until all the system LEDs turn
on and remain solid; then release the Mode button.
5. After recovering the password, reload the switch or the active switch .
6. Power on the remaining switches in the stack.

DETAILED STEPS
Step 1 Connect a terminal or PC to the switch.
• Connect a terminal or a PC with terminal-emulation software to the switch console port. If you are recovering the
password for a switch stack, connect to the console port of the active switch or
• Connect a PC to the Ethernet management port. If you are recovering the password for a switch stack, connect to
the Ethernet management port of a stack member .
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the standalone switch or the entire switch stack.
Step 4 Reconnect the power cord to the or the active switch. Within 15 seconds, press the Mode button while the System LED
is still flashing green. Continue pressing the Mode button until all the system LEDs turn on and remain solid; then release
the Mode button.
•
Switch:
Xmodem file system is available.
Base ethernet MAC Address: 20:37:06:4d:e9:80
Verifying bootloader digital signature.
The system has been interrupted prior to loading the operating
system software, console will be reset to 9600 baud rate.

proceed to the Procedure with Password Recovery Enabled section, and follow the steps.

Procedure with Password Recovery Enabled

Step 1 Initialize the flash file system.
Switch: flash_init
Step 2 Ignore the startup configuration with the following command:
Switch: SWITCH_IGNORE_STARTUP_CFG=1
Step 3 Boot the switch with the packages.conf file from flash.
Switch: boot flash:packages.conf
Step 4 Terminate the initial configuration dialog by answering No.
Would you like to enter the initial configuration dialog? [yes/no]: No
Step 5 At the switch prompt, enter privileged EXEC mode.
Switch> enable
Switch#
Step 6 Copy the startup configuration to running configuration.
Switch# copy startup-config running-config Destination filename [running-config]?

Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the
password.
Step 7 Enter global configuration mode and change the enable password.
Switch# configure terminal
Switch(config)#
Step 8 Write the running configuration to the startup configuration file.
Switch# copy running-config startup-config
Step 9 Confirm that manual boot mode is enabled.
Switch# show boot
BOOT variable = flash:packages.conf;
Manual Boot = yes
Enable Break = yes
Step 10 Reload the switch.
Switch# reload
Step 11 Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.
Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0
Step 12 Boot the switch with the packages.conf file from flash.
Switch: boot flash:packages.conf
Step 13 After the switch boots up, disable manual boot on the switch.
Switch(config)# no boot manual

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎07-12-2019

From My Notes (worked many times)

Hope this helps.

Here is a link that points to performing a password recovery on a 3650 switch.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/system_management/configuration_guide/b_sm_3se_3650_cg.pdf

SUMMARY STEPS
1. Connect a terminal or PC to the switch.
2. Set the line speed on the emulation software to 9600 baud.
3. Power off the standalone switch or the entire switch stack.
4. Reconnect the power cord to the or the active switch. Within 15 seconds, press the Mode button while
the System LED is still flashing green. Continue pressing the Mode button until all the system LEDs turn
on and remain solid; then release the Mode button.
5. After recovering the password, reload the switch or the active switch .
6. Power on the remaining switches in the stack.

DETAILED STEPS
Step 1 Connect a terminal or PC to the switch.
• Connect a terminal or a PC with terminal-emulation software to the switch console port. If you are recovering the
password for a switch stack, connect to the console port of the active switch or
• Connect a PC to the Ethernet management port. If you are recovering the password for a switch stack, connect to
the Ethernet management port of a stack member .
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the standalone switch or the entire switch stack.
Step 4 Reconnect the power cord to the or the active switch. Within 15 seconds, press the Mode button while the System LED
is still flashing green. Continue pressing the Mode button until all the system LEDs turn on and remain solid; then release
the Mode button.
•
Switch:
Xmodem file system is available.
Base ethernet MAC Address: 20:37:06:4d:e9:80
Verifying bootloader digital signature.
The system has been interrupted prior to loading the operating
system software, console will be reset to 9600 baud rate.

proceed to the Procedure with Password Recovery Enabled section, and follow the steps.

Procedure with Password Recovery Enabled

Step 1 Initialize the flash file system.
Switch: flash_init
Step 2 Ignore the startup configuration with the following command:
Switch: SWITCH_IGNORE_STARTUP_CFG=1
Step 3 Boot the switch with the packages.conf file from flash.
Switch: boot flash:packages.conf
Step 4 Terminate the initial configuration dialog by answering No.
Would you like to enter the initial configuration dialog? [yes/no]: No
Step 5 At the switch prompt, enter privileged EXEC mode.
Switch> enable
Switch#
Step 6 Copy the startup configuration to running configuration.
Switch# copy startup-config running-config Destination filename [running-config]?

Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the
password.
Step 7 Enter global configuration mode and change the enable password.
Switch# configure terminal
Switch(config)#
Step 8 Write the running configuration to the startup configuration file.
Switch# copy running-config startup-config
Step 9 Confirm that manual boot mode is enabled.
Switch# show boot
BOOT variable = flash:packages.conf;
Manual Boot = yes
Enable Break = yes
Step 10 Reload the switch.
Switch# reload
Step 11 Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.
Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0
Step 12 Boot the switch with the packages.conf file from flash.
Switch: boot flash:packages.conf
Step 13 After the switch boots up, disable manual boot on the switch.
Switch(config)# no boot manual

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PeterXiong1168 · ‎07-12-2019

Got it. Thanks

Saeed199 · ‎03-10-2020

Tried Your way but after these Commands-

Switch: SWITCH_IGNORE_STARTUP_CFG=1
Switch: boot flash:packages.conf

switch starts Normally and Asking for Password, Means it can't bypass the startup Config, Any other way?

balaji.bandi · ‎03-11-2020

make sure you followed correct below steps :

The overall sequence of steps would be:

Break the boot process using the MODE button.
Enter the following sequence of commands:

flash_init
SWITCH_IGNORE_STARTUP_CFG=1
boot flash:packages.conf
After the switch finishes loading, enter "No" when prompted whether to enter the initial configuration dialog.
After getting into the normal command line, enter the following commands:

enable
configure replace nvram:startup-config
After this stage, the original configuration of the switch including the unknown passwords is reinstated but since you are still in the privileged mode, you can still modify the configuration. Now change the passwords in the configure terminal as usual - as I do not know what exact type of authentication is used in your configuration (per-line passwords, username/passwords combinations, AAA new-model), I am not suggesting any specific way of doing it but if you'd like, I can suggest a couple ways of finding that out.
After modifying the passwords and exiting the configuration mode, save the configuration and reload the switch again:

copy running-config startup-config
reload
Continue with Step 8 in the document linked above - reload the switch, set the SWITCH_IGNORE_STARTUP_CFG variable back to 0, and when the switch boots up again, set the manual boot to disabled.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

freemanj1 · ‎02-08-2024

switch: boot
flash:cat3k_caa-universalk9.16.12.06.SPA.bin: no such file or directory
Cannot open file flash:cat3k_caa-universalk9.16.12.06.SPA.bin
usage: boot [<filename>] [<cmdline>]