Solved: Re: C3850 - Disabled Password Recovery not vissible in configuration

danielbarri · ‎05-31-2018

When a 3850 is configured with:

Switch(config)# system disable password recovery switch all

This configuration line is not visible when running "show running-config [all]" or "show bootvar"

How do I figure it out if the password recovery is enabled or disabled?

The c3850 "Disabling Password Recovery" documentation says:

----------

This setting is saved in an area of the flash memory that is accessible
by the boot loader and the Cisco IOS image, but it is not part of the
file system and is not accessible by any user.

----------

Does it mean that the password recovery configuration won't be visible anywhere? But still I need to know if "password recovery" is on/off

danielbarri · ‎06-04-2018

It seems that the "password recovery" settings are only visible at rommon:

--------------------------

When we disable password recovery on switch, the ROMMON variable “SWITCH_DISABLE_PASSWORD_RECOVERY” indicates 1 and when we enable password recovery, it indicates 0. By default password recovery is enabled on switch.

Disabling password recovery-

Switch(config)#system disable password recovery switch all
Applying config on Switch 1...[DONE]
Applying config on Switch 2...[DONE]
Applying config on Switch 3...[DONE]
!

Switch: set
<SNIP>
SWITCH_DISABLE_PASSWORD_RECOVERY=1 <<<<< This indicates password recovery is disabled
SWITCH_IGNORE_STARTUP_CFG=0
SWITCH_NUMBER=1
<SNIP>
!

Now trying to enable password recovery

Switch(config)#no system disable password recovery switch all
Applying config on Switch 1...[DONE]
Applying config on Switch 2...[DONE]
Applying config on Switch 3...[DONE]
!
!

switch: set
<SNIP>
SWITCH_DISABLE_PASSWORD_RECOVERY=0 <<<<< This indicates password recovery is enabled
SWITCH_IGNORE_STARTUP_CFG=0
SWITCH_NUMBER=1
<SNIP>
!
Switch-3850s#sh run | i password recove
Switch-3850s#sh run all | i password re
Switch-3850s#

View solution in original post

Georg Pauwen · ‎05-31-2018

Hello,

check which files and directories are in your flash. You might be able to read the content with the sample command below. This from GNS3, the flash is flash0, the directory boot, the subdirectory grub, and the file grubenv

3850#more flash0:/boot/grub/grubenv

danielbarri · ‎05-31-2018

There's no any "boot" folder under flash:/

Georg Pauwen · ‎05-31-2018

Hello,

'boot' was just an example. What is the output of 'dir flash" ?

danielbarri · ‎06-04-2018

It seems that the "password recovery" settings are only visible at rommon:

--------------------------

When we disable password recovery on switch, the ROMMON variable “SWITCH_DISABLE_PASSWORD_RECOVERY” indicates 1 and when we enable password recovery, it indicates 0. By default password recovery is enabled on switch.

Disabling password recovery-

Switch(config)#system disable password recovery switch all
Applying config on Switch 1...[DONE]
Applying config on Switch 2...[DONE]
Applying config on Switch 3...[DONE]
!

Switch: set
<SNIP>
SWITCH_DISABLE_PASSWORD_RECOVERY=1 <<<<< This indicates password recovery is disabled
SWITCH_IGNORE_STARTUP_CFG=0
SWITCH_NUMBER=1
<SNIP>
!

Now trying to enable password recovery

Switch(config)#no system disable password recovery switch all
Applying config on Switch 1...[DONE]
Applying config on Switch 2...[DONE]
Applying config on Switch 3...[DONE]
!
!

switch: set
<SNIP>
SWITCH_DISABLE_PASSWORD_RECOVERY=0 <<<<< This indicates password recovery is enabled
SWITCH_IGNORE_STARTUP_CFG=0
SWITCH_NUMBER=1
<SNIP>
!
Switch-3850s#sh run | i password recove
Switch-3850s#sh run all | i password re
Switch-3850s#