Password Recovery Procedure for the Catalyst 5500 Supervi
Table of Contents Password Recovery Procedure...1 for the Catalyst 5500 Supervisor RSFC...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Step by Step Procedure...1 Example of a Password Recovery on the Catalyst 5500 RSFC Module...7 Related Information...10 i
Password Recovery Procedure for the Catalyst 5500 Supervisor RSFC Introduction Before You Begin Conventions Prerequisites Step by Step Procedure Example of a Password Recovery on the Catalyst 5500 RSFC Module Related Information Introduction This document describes the password recovery procedure for the Catalyst 5500 Supervisor Route Switch Feature Card (RSFC). Before You Begin Conventions For more information on document conventions, see the Cisco Technical Tips Conventions. Prerequisites There are no specific prerequisites for this document. Step by Step Procedure Please follow the steps below to recover your password. 1. Attach a terminal or PC with terminal emulation to the console port of the RSFC. Use the following terminal settings: 9600 baud rate No parity 8 data bits 1 stop bit No flow control
2. 3. Note: Supervisor with RSFC has two console ports. The one on the left is the supervisor console port and the one on the right is the RSFC console port. Both ports are appropriately labeled on top. If you still have access to the router, issue the show version command and record the setting of the configuration register, which is usually 0x2102 or 0x102. RSFC>show version Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC JS M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986 2000 by cisco Systems, Inc. Compiled Wed 12 Jan 00 19:20 by integ Image text base: 0x60009900, data base: 0x60CF0000 ROM: System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Router uptime is 4 hours, 11 minutes System restarted by power on Running default software cisco Cat5k RSFC (R5000) processor with 122880K/8192K bytes of memory. Processor board ID 15934105 R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 123K bytes of non volatile configuration memory. 4096K bytes of packet SRAM memory. 32768K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 If you don't have access to the router (because of a lost login or TACACS password), you can safely consider that your configuration register is set to 0x2102. 4. Move the console cable to the supervisor console port 5. Issue the show module command once in the enable mode on the supervisor to determine the RSFC card on which to do password recovery. The RSFC module will be in slot 15 or 16. Switch (enable) show module Mod Slot Ports Module Type Model Status 1 1 2 1000BaseX Supervisor IIIG WS X5550 ok 15 1 1 Route Switch Feature Card WS F5541 ok 4 4 2 MM OC 3 Dual Phy ATM WS X5158 ok 8 8 24 10/100BaseTX Ethernet WS X5224 ok 10 10 12 100BaseTX Ethernet WS X5113 ok 13 13 ASP/SRP Mod Module Name Serial Num 1 00022123313 15 15934105
6. 4 00017991354 8 00010911529 10 00002203857 Mod MAC Address(es) Hw Fw Sw 1 00 50 53 7e 10 00 to 00 50 53 7e 13 ff 1.2 5.1(1) 5.2(4) 15 00 30 f2 c9 57 00 to 00 30 f2 c9 57 3f 1.0 12.0(7)W5( 12.0(7)W5(16) 4 00 10 7b 42 ef 73 2.4 1.3 12.0(16)W5(21) 8 00 10 7b e9 fd e0 to 00 10 7b e9 fd f7 1.4 3.1(1) 5.2(4) 10 00 40 0b d5 0e 10 to 00 40 0b d5 0e 1b 1.4 1.2 5.2(4) Reset the RSFC module you want to do password recovery on. Issue the reset <mod> command to do this. Switch(enable) reset 15 cs c5500 11a (enable) RSFC (mod 15, slot 1) is being reset RSFC (mod 15, slot 1) present 7. Move the console cable to the RSFC console. 8. Issue the break sequence on the terminal keyboard within the first few seconds of the power up to put the RSFC into ROM monitor (ROMmon). If the break sequence doesn't work, refer to Possible Key Combinations for Break Sequence During Password Recovery for other key combinations. The RSFC will boot to a rommon> prompt. System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat5k RSFC platform with 131072 Kbytes of main memory! A break sequence has been sent here. monitor: command "boot" aborted due to user interrupt rommon 1 > 9. Issue the set command at the rommon> prompt to show the current boot variable settings. 10. 11. rommon 1 > set PS1=rommon! > BOOT=bootflash:c5rsfc js mz_120 7_W5_16.bin,1;?=0 Issue the dir bootflash: command at the rommon> prompt to display the files present in the bootflash device. Verify that the BOOT variable matches the image filename you want the RSFC to execute. rommon 2 > dir bootflash: File size Checksum File name 5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc js mz_120 7_W5_16.bin
12. Type confreg 0x2142 at the rommon> prompt to configure the RSFC to boot without its configuration. rommon 2 > confreg 0x2142 You must reset or power cycle for new config to take effect. At this point, the RSFC needs to be reset with the new configuration register. If your boot string matched the file name in Step 10, proceed to Step 16. If not, continue on to Step 13. Type reset at the rommon> prompt. rommon 3 > reset 13. Issue the break sequence again to break into ROMmon. System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat5k RSFC platform with 131072 Kbytes of main memory 14.! A break sequence has been sent here. monitor: command "boot" aborted due to user interrupt rommon 1 > Display the current software in bootflash by issuing the dir bootflash: command and record the valid software image filename you intend to use. rommon 1 > dir bootflash: File size Checksum File name 5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc js mz_120 7_W5_16.bin 15. Boot the system with the boot bootflash:<image filename> command. 16. rommon 2 > boot bootflash:c5rsfc js mz_120 7_W5_16.bin After the system boots, answer No to all the set up questions or press Ctrl C to skip the initial set up procedure. Self decompressing the image : ##################################################### ##############################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software Restricted Rights clause at FAR sec. 52.227 19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227 7013. cisco Systems, Inc. 170 West Tasman Drive
San Jose, California 95134 1706 Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC JS M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986 2000 by cisco Systems, Inc. Compiled Wed 12 Jan 00 19:20 by integ Image text base: 0x60009900, data base: 0x60CF0000 cisco Cat5k RSFC (R5000) processor with 122880K/8192K bytes of memory. Processor board ID 15934105 R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 123K bytes of non volatile configuration memory. 4096K bytes of packet SRAM memory. 32768K bytes of Flash internal SIMM (Sector size 256K). System Configuration Dialog Would you like to enter the initial configuration dialog? [yes/no]:! Ctrl C pressed. Press RETURN to get started! 17. 18. 00:00:19: %LINK 3 UPDOWN: Interface IBC0, changed state to up 00:00:20: %LINEPROTO 5 UPDOWN: Line protocol on Interface IBC0, changed state to up 00:01:40: %SYS 5 RESTART: System restarted Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC JS M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986 2000 by cisco Systems, Inc. Compiled Wed 12 Jan 00 19:20 by integ Router> Issue the enable command at the Router> prompt. This will put you in enable mode and you will see the Router# prompt. Router> Router>enable Issue the config mem or copy startup config running config command to copy the Nonvolatile RAM (NVRAM) into memory. This is a crucial step. DO NOT save the configuration (do not use write mem or copy Router#copy startup config running config Destination filename [running config]? 729 bytes copied in 0.168 secs 19. Issue the write terminal or show running config commands.
20. At this point, you should see the full configuration with the unknown enable password or enable secret. All other interfaces are shut down. Issue the configure terminal command to make the necessary changes. The prompt is now hostname(config)#. RSFC#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RSFC(config)# 21. Issue the enable secret <PASSWORD>. Replace <PASSWORD> with your password. RSFC(config)#enable secret cisco 22. Type config register 0x2102. RSFC(config)#config register 0x2102 23. Press Ctrl Z to leave the configuration mode. The prompt is now hostname#. 24. RSFC(config)#^Z RSFC# 00:02:45: %SYS 5 CONFIG_I: Configured from console by console Issue the show ip interface brief command to make sure that the interfaces that were in use earlier are showing up/up status. If any of the interfaces that were in use before the password recovery show down/down, issue the no shutdown inteface configuration command on that particular interface to bring it up RSFC#show ip interface brief Interface IP Address OK? Method Status Protocol IBC0 unassigned YES unset up up Vlan1 10.1.1.1 YES TFTP administratively down down Vlan2 20.1.1.1 YES TFTP administratively down down RSFC#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RSFC(config)#interface vlan 1 RSFC(config if)#no shutdown 25. Press Ctrl Z to leave the configuration mode. The prompt is now hostname#. RSFC(config if)#^z RSFC# 00:03:03: %LINK 3 UPDOWN: Interface Vlan1, changed state to up 00:03:04: %LINEPROTO 5 UPDOWN: Line protocol on Interface Vlan1, changed state to up 00:03:14: %SYS 5 CONFIG_I: Configured from console by console 26. Issue the write memory or copy running config startup config commands to commit the changes. RSFC#write memory
27. Building configuration... [OK] At this point, the password has been changed. Move the console cable back to supervisor console port to get back to supervisor if needed. Example of a Password Recovery on the Catalyst 5500 RSFC Module! Console cable is initially in RSFC console port. RSFC>show version Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC JS M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986 2000 by cisco Systems, Inc. Compiled Wed 12 Jan 00 19:20 by integ Image text base: 0x60009900, data base: 0x60CF0000 ROM: System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Router uptime is 4 hours, 11 minutes System restarted by power on Running default software cisco Cat5k RSFC (R5000) processor with 122880K/8192K bytes of memory. Processor board ID 15934105 R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 123K bytes of non volatile configuration memory. 4096K bytes of packet SRAM memory. 32768K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102! Console cable is moved back to supervisor console from RSFC console port. Switch (enable) show module Mod Slot Ports Module Type Model Status 1 1 2 1000BaseX Supervisor IIIG WS X5550 ok 15 1 1 Route Switch Feature Card WS F5541 ok 4 4 2 MM OC 3 Dual Phy ATM WS X5158 ok 8 8 24 10/100BaseTX Ethernet WS X5224 ok 10 10 12 100BaseTX Ethernet WS X5113 ok 13 13 ASP/SRP Mod Module Name Serial Num 1 00022123313 15 15934105 4 00017991354 8 00010911529 10 00002203857 Mod MAC Address(es) Hw Fw Sw 1 00 50 53 7e 10 00 to 00 50 53 7e 13 ff 1.2 5.1(1) 5.2(4)
15 00 30 f2 c9 57 00 to 00 30 f2 c9 57 3f 1.0 12.0(7)W5( 12.0(7)W5(16) 4 00 10 7b 42 ef 73 2.4 1.3 12.0(16)W5(21) 8 00 10 7b e9 fd e0 to 00 10 7b e9 fd f7 1.4 3.1(1) 5.2(4) 10 00 40 0b d5 0e 10 to 00 40 0b d5 0e 1b 1.4 1.2 5.2(4) cs c5500 11a (enable) reset 15 Switch(enable) reset 15 cs c5500 11a (enable) RSFC (mod 15, slot 1) is being reset RSFC (mod 15, slot 1) present! Console cable is moved from switch console port to the RSFC console port. System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat5k RSFC platform with 131072 Kbytes of main memory! A break sequence has been sent here. monitor: command "boot" aborted due to user interrupt rommon 1 > rommon 1 > set PS1=rommon! > BOOT=bootflash:c5rsfc js mz_120 7_W5_16.bin,1;?=0 rommon 2 > dir bootflash: File size Checksum File name 5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc js mz_120 7_W5_16.bin rommon 3 > confreg 0x2142 You must reset or power cycle for new config to take effect. rommon 4 > reset System Bootstrap, Version 12.0(3c)W5(8), RELEASE SOFTWARE Copyright (c) 1998 by cisco Systems, Inc. Cat5k RSFC platform with 131072 Kbytes of main memory! A break sequence has been sent here. rommon 1 > dir bootflash: File size Checksum File name 5295636 bytes (0x50ce14) 0x8567ca43 c5rsfc js mz_120 7_W5_16.bin rommon 2 > boot bootflash:c5rsfc js mz_120 7_W5_16.bin Self decompressing the image : ############################################################ ############################] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software Restricted Rights clause at FAR sec. 52.227 19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227 7013.
cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134 1706 Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC JS M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986 2000 by cisco Systems, Inc. Compiled Wed 12 Jan 00 19:20 by integ Image text base: 0x60009900, data base: 0x60CF0000 cisco Cat5k RSFC (R5000) processor with 122880K/8192K bytes of memory. Processor board ID 15934105 R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache) Last reset from power on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 123K bytes of non volatile configuration memory. 4096K bytes of packet SRAM memory. 32768K bytes of Flash internal SIMM (Sector size 256K). System Configuration Dialog Would you like to enter the initial configuration dialog? [yes/no]:! Ctrl C pressed. Press RETURN to get started! 00:00:19: %LINK 3 UPDOWN: Interface IBC0, changed state to up 00:00:20: %LINEPROTO 5 UPDOWN: Line protocol on Interface IBC0, changed state to up 00:01:40: %SYS 5 RESTART: System restarted Cisco Internetwork Operating System Software IOS (tm) RSFC Software (C5RSFC JS M), Version 12.0(7)W5(16) RELEASE SOFTWARE Copyright (c) 1986 2000 by cisco Systems, Inc. Compiled Wed 12 Jan 00 19:20 by integ Router> Router> Router>enable Router#copy startup config running config Destination filename [running config]? 729 bytes copied in 0.168 secs RSFC#configure terminal Enter configuration commands, one per line. End with CNTL/Z. RSFC(config)#enable secret cisco RSFC(config)#config register 0x2102 RSFC(config)#^Z RSFC# 00:02:45: %SYS 5 CONFIG_I: Configured from console by console RSFC#show ip interface brief Interface IP Address OK? Method Status Protocol IBC0 unassigned YES unset up up Vlan1 10.1.1.1 YES TFTP administratively down down Vlan2 20.1.1.1 YES TFTP administratively down down RSFC#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. RSFC(config)#interface vlan 1 RSFC(config if)#no shutdown RSFC(config if)#^z RSFC# 00:03:03: %LINK 3 UPDOWN: Interface Vlan1, changed state to up 00:03:04: %LINEPROTO 5 UPDOWN: Line protocol on Interface Vlan1, changed state to up 00:03:14: %SYS 5 CONFIG_I: Configured from console by console RSFC#write memory Building configuration... [OK] Related Information Technical Support Cisco Systems All contents are Copyright 1992 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Updated: Dec 30, 2002 Document ID: 22402