Factory Reset Cisco Catalyst 1000 24port GE, 4x1G SFP (Remotely)

DN1982 · ‎08-08-2024

Hi,

We have a site that is a 4 hour drive away. It has a Catalyst 1000 24port GE, 4x1G SFP. The switch is functioning in that it passes through data and clients are connecting but we cannot find the IP Address of the switch anywhere and think it has been misconfigured.

This is only a 6 person office so shouldnt be hard to find on a network scan - its not like we're sifting through hundreds of devices. Also note the users on site are not technical - just standard users. So asking them to assist is difficult although they will assist.

We can talk to the switch in a sense through putty. We have a device on site that has a cable connected between itself and the switch. This PC has both wired LAN connectivity and also Wi-Fi Connectivity that "should" remain active due to the WAP being plugged directly into the FireWall - not the switch.

Do we have any chance or factory resetting this device remotley to let it get a new DHCP address to then reconfigure.

I'm very new to the Cisco switch world. I can connect to the sense where it shows:

SWITCHNAME>

But I have no knowledge to progress beyond this. This is what Putty outputs every so often:

%Error opening tftp://255.255.255.255/network-confg (Socket error)
%Error opening tftp://255.255.255.255/cisconet.cfg (Socket error)
%Error opening tftp://255.255.255.255/SWITCHNAME-confg (Socket error)
%Error opening tftp://255.255.255.255/SWITCHNAME (Socket error)
*Aug 8 14:49:57.326: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/network-confg) failed
*Aug 8 14:49:57.327: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/cisconet.cfg) failed
*Aug 8 14:49:57.742: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/SWITCHNAME-confg) failed
*Aug 8 14:49:57.743: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/SWITCHNAME .cfg) failed

Any (basic-level) help would be very much appreciated.

Thanks in advance.

marce1000 · ‎08-08-2024

>....Do we have any chance or factory resetting this device remotley
Totally impossible , because you need to press a reset button

M

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

DN1982 · ‎08-08-2024

Thanks M. Although not technical; there are users on site to power cycle the switch / press reset if needed. Does that change things?

marce1000 · ‎08-08-2024

>...Thanks M. Although not technical; there are users on site to power cycle the switch / press reset if needed. Does that change things?
If they can do all of that , that may help but then you need a console connection for initial configuring ('there is no ip address then')

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎08-08-2024

- As far as finding the IP address is concerned ; what can help is , simply connect another (little) switch to it ,
and then issue the command show cdp neighbors detail on that switch and look at the device info' for the port
that 'your device' is connected to ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Joseph W. Doherty · ‎08-08-2024

"We can talk to the switch in a sense through putty. We have a device on site that has a cable connected between itself and the switch"

Possibly, your Putty connection is to the console port. (Seems likely as you mention not having an IP for the switch.)

At your SWITCHNAME> prompt, try (w/o quotes) "show line". This to tell us how you're accessing the device.

Then try "en". If prompt changes to SWITCHNAME#, you're now in admin mode, and you should be able to see the current configuration and reconfigure the switch, as needed.

You should be able to do both a "show conf" and "show run" (which normally are one and the same). If you attach the show run output, we can discuss possible changes.

DN1982 · ‎08-08-2024

Thanks Joseph. Yes through Putty on a USB > Ethenet Cable on COM Port 3 within Putty.

This is the "show line" output.

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 CTY - - - - - 0 2 0/0 -
1 VTY - - - - - 0 0 0/0 -
2 VTY - - - - - 0 0 0/0 -
3 VTY - - - - - 0 0 0/0 -
4 VTY - - - - - 0 0 0/0 -
5 VTY - - - - - 0 0 0/0 -
6 VTY - - - - - 0 0 0/0 -
7 VTY - - - - - 0 0 0/0 -
8 VTY - - - - - 0 0 0/0 -
9 VTY - - - - - 0 0 0/0 -
10 VTY - - - - - 0 0 0/0 -
11 VTY - - - - - 0 0 0/0 -
12 VTY - - - - - 0 0 0/0 -
13 VTY - - - - - 0 0 0/0 -
14 VTY - - - - - 0 0 0/0 -
15 VTY - - - - - 0 0 0/0 -
16 VTY - - - - - 0 0 0/0 -

Unfortunately, as I type "en" I get asked for a PW and it is neither the one we have documented from the person that set this up nor is it the default one of "cisco".

Joseph W. Doherty · ‎08-08-2024

Haven't found the defaults for a Catalyst 1000, but the most common ones are: "cisco/cisco", "admin/admin", "Cisco/Cisco" and "admin/". Have you tried all of those?

If none of those work, then you're into password recovery, but the later IOSs appears to have two different recovery modes (the default mode and a more secure mode), depending on what's been previously configured.

As it appears your putty is connected to the console, and assuming your remote access doesn't depend on the switch itself, then perhaps you can get a user to "break into" the boot process and you should be able to do the rest via the remote console connection.

Giuseppe Larosa · ‎08-09-2024

Hello @DN1982 ,

try at the switch>

prompt to type

show ip interface brief

if the command is executed you can see the IP address configured on it. It can be out of context for the remote site IP subnet.

Another possible option I used is to have a PC with wireshark connected to the switch and perfoming packet capture .

Hopefully the switch can send out CDP or LLDP MED L2 Frames that contain its own management IP address.

The issue can also be a wrong network mask.

Edit:

As noted by @Joseph W. Doherty if the PC with the console cable connected to it has an IP connectivity that is indipendent from the switch ( you have mentioned an AP directly connected to the Firewall) you are probably in the condition to perform a password recovery procedure to recover the enable password ( or secret that is more safe) .

As explained by @marce1000 you need cooperation of someone onsite to have him/her to press the Mode or reset button during reboot of the switch.

Hope to help

Giuseppe

Richard Burts · ‎08-09-2024

This is an interesting discussion. As a first point I would agree with Giuseppe that show ip interface brief should reveal the IP address the switch uses. But I wonder how important that really is. If I am correctly understanding your situation the switch is working ok. Why do you need the IP address? Typically you need the IP address to have access to the switch but you already have access to the switch.

As I understand the situation the really important issue is that you do not know the password for privilege level access. To resolve that issue you will need to reset the switch and start over. And I do not believe that this could be done remotely. I believe that at some point someone with technical skills will need to go to where the switch is and work on it.

Addressing another point: you asked "Do we have any chance or factory resetting this device remotley to let it get a new DHCP address to then reconfigure" If you were able to reset the switch I do not believe that DHCP would provide a new IP address for the switch. If you do reset the switch I believe that it will need a person on site to configure the switch with an IP address - and all the other things that the switch might need.

HTH

Rick

Joseph W. Doherty · ‎08-10-2024

I disagree with Rick that you must have a technical person on-site. But, it would be a very, very good thing for dealing with unexpected issues that might arise doing a password recovery procedure.

BTW, I've reset enabled passwords on a running system using SNMP, but SNMP needs to be active, you need SNMP write access, and an on-net IP.

BTW, you mentioned local PC providing console access has both wired and wireless access. You could have someone disconnect the wired connection to insure you still have console access.

Richard Burts · ‎08-11-2024

Joseph are we dealing with degrees of difference? I said "someone with technical skills will need to go". You disagree and then say "But, it would be a very, very good thing for dealing with unexpected issues that might arise".

HTH

Rick

Joseph W. Doherty · ‎08-11-2024

Yes, Rick, possibly a matter of degree.

Unless I misunderstood your earlier reply, I took you point as a technical person must be on-hand, otherwise remote configuration is not possible.

My view is remote configuration is possible without a technical person being on-site, yet having a technical person on-site is definitely a good idea; but again, not a necessity.