How to recover Cisco catalyst L2 and L3 switch password

Step1: Connect a PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch using the following terminal settings:

  • Bits per second (baud): 9600
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow Control: Xon/Xoff

Unplug the power cable and hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch. Hold down for 5 seconds for Cisco 2950/2960 and 15 seconds for Cisco 3550/3750.

Step 2: Now you will be presented with Switch: Issue the flash_init command on switch: flash_init

Step3: Issue the load_helper command switch: load_helper

Step4: Type switch: dir flash: to see config file and .bin file of switch.

Step5: Type rename flash:config.text flash:config.old to rename the configuration file. It will keep existing config intact.

Step6: Issue the boot command to boot the system. switch: boot Now switch will start booting as it does normally. Enter “n” at the prompt to abort the initial configuration dialog. Continue with configuration dialog? [yes/no]: n  No initial configuration required as it is already configured.

Step7: At the switch prompt, type en to enter enable mode. Issue following command.



Switch#rename flash:config.old flash:config.text

Press Enter

Switch#copy flash:config.text system:running-config

Press Enter


Sw1# conf t

Sw1(config)#enable secret <your_secret_password>

Sw1(config)#enable password <Your_enable_password>

To reset VTY password

Sw1(config)#line vty 0 15

Sw1(config-line)#password <your_vty_password>


To Reset Console Password

Sw1(config-line)#line con 0

Sw1(config-line)#password <your_console_password>


Note: This procedure works for for 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches.

Keywords: Cisco, Layer 3 switch, Layer 2 switch, password recovery.

Cisco command references for Cisco 2960, 3550, 3750, 4506

Enter the enable command to access privileged EXEC mode:

Switch> enable


Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Enable Telnet

Switch(config-if)#Line vty 5 15

Switch(config-if)#password yourpassword

Switch(config-if)#transport input telnet



Switch(config-if)#snmp-server community public RO

add NTP

Switch(config-if)#ntp peer IP-address

add name server

Switch(config-if)#ip name-server IP-address

Switch(config-if)#ip domain-name domain name

Create new VLAN

Switch(config-if)#vlan vlan-id

Switch(config-if)#name vlan-name

Switch(config-if)#interface vlan vlan-id

Switch(config-if)#description vlan-name

Adding IP helper

Switch(config-if)#interface vlan vlan-id

Switch(config-if)#ip helper-address IP-address

Adding sppaning-tree

Switch(config-if)#interface eth0/port-number

Switch(config-if)#spanning-tree portfast

delete VLAN

Switch#VLAN database

Switch(config-if)#no vlan vlan-id

Access List

This example shows how to configure an extended IP ACL that allows only TCP traffic to the destination IP address with a TCP port number of 25 and how to apply it to an interface: 
 Switch(config)#access-list 102 permit tcp any host eq 25  

Switch(config)#interface fastethernet0/8



Switch(config-if)#ip access-group 102 in 


This is an example of an extended ACL that allows TCP traffic only from two specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the ACL statements is denied.

access-list 104 permit tcp any

access-list 104 permit tcp any

Switch(config-if)#access-list 101 deny   ip

Switch(Config-if)#access-list 101 permit ip any any

IP Routing

ip default-gateway x.x.x.1
ip route x.x.x.1
ip route x.x.x.x  x.x.x.1
ip route x.x.x.0 VlanX
ip route x.x.x.0 VlanX

VLAN IP setup

 interface VlanX
 description Server VLAN
 ip address x.x.x.1

ip helper-address x.x.x.x

view config

Switch#show vlan brief

Switch#show vlan

Switch#show running-config

Switch#show startup-config

write config permanently


How to Backup Startup-Configuration?



switch#copy startup-config tftp:

Address or name of remote host []?

Destination filename [dhaka-confg]?


1558 bytes copied in 0.248 secs


How to Backup IOS?


switch#copy flash: tftp:

Source filename []? flash:c2500-jk8os-l.122-1d.bin

Address or name of remote host []?

Destination filename [c2500-jk8os-l.122-1d.bin]?

How to Restore Startup-Configuration?


switch#copy tftp: startup-config

Address or name of remote host []?

Source filename []? switch-confg

Destination filename [startup-config]?

How to Erase the NVRAM?


switch#write erase

Erasing the nvram filesystem will remove all files! Continue? [confirm]


Erase of nvram: complete



Proceed with reload? [confirm]