How to recover Cisco catalyst L2 and L3 switch password

Step1: Connect a PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch using the following terminal settings:

  • Bits per second (baud): 9600
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow Control: Xon/Xoff

Unplug the power cable and hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch. Hold down for 5 seconds for Cisco 2950/2960 and 15 seconds for Cisco 3550/3750.

Step 2: Now you will be presented with Switch: Issue the flash_init command on switch: flash_init

Step3: Issue the load_helper command switch: load_helper

Step4: Type switch: dir flash: to see config file and .bin file of switch.

Step5: Type rename flash:config.text flash:config.old to rename the configuration file. It will keep existing config intact.

Step6: Issue the boot command to boot the system. switch: boot Now switch will start booting as it does normally. Enter “n” at the prompt to abort the initial configuration dialog. Continue with configuration dialog? [yes/no]: n  No initial configuration required as it is already configured.

Step7: At the switch prompt, type en to enter enable mode. Issue following command.

Switch>en

Switch#

Switch#rename flash:config.old flash:config.text

Press Enter

Switch#copy flash:config.text system:running-config

Press Enter

Sw1#

Sw1# conf t

Sw1(config)#enable secret <your_secret_password>

Sw1(config)#enable password <Your_enable_password>

To reset VTY password

Sw1(config)#line vty 0 15

Sw1(config-line)#password <your_vty_password>

Sw1(config-line)#login

To Reset Console Password

Sw1(config-line)#line con 0

Sw1(config-line)#password <your_console_password>

Sw1#wr

Note: This procedure works for for 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches.

Keywords: Cisco, Layer 3 switch, Layer 2 switch, password recovery.

Cisco command references for Cisco 2960, 3550, 3750, 4506

Enter the enable command to access privileged EXEC mode:

Switch> enable

Switch#

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Enable Telnet

Switch(config-if)#Line vty 5 15

Switch(config-if)#password yourpassword

Switch(config-if)#transport input telnet

Switch(config-if)#login

Add SNMP

Switch(config-if)#snmp-server community public RO

add NTP

Switch(config-if)#ntp peer IP-address

add name server

Switch(config-if)#ip name-server IP-address

Switch(config-if)#ip domain-name domain name

Create new VLAN

Switch(config-if)#vlan vlan-id

Switch(config-if)#name vlan-name

Switch(config-if)#interface vlan vlan-id

Switch(config-if)#description vlan-name

Adding IP helper

Switch(config-if)#interface vlan vlan-id

Switch(config-if)#ip helper-address IP-address

Adding sppaning-tree

Switch(config-if)#interface eth0/port-number

Switch(config-if)#spanning-tree portfast

delete VLAN

Switch#VLAN database

Switch(config-if)#no vlan vlan-id

Access List

This example shows how to configure an extended IP ACL that allows only TCP traffic to the destination IP address 128.88.1.2 with a TCP port number of 25 and how to apply it to an interface: 
 Switch(config)#access-list 102 permit tcp any host 128.88.1.2 eq 25  

 
 
Switch(config)#interface fastethernet0/8

 
 

 

Switch(config-if)#ip access-group 102 in 
 

 

 
 
This is an example of an extended ACL that allows TCP traffic only from two specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the ACL statements is denied.

 
 
access-list 104 permit tcp 192.5.0.0 0.0.255.255 any

access-list 104 permit tcp 128.88.0.0 0.0.255.255 any

Switch(config-if)#access-list 101 deny   ip 10.143.12.0 0.0.3.255 10.143.8.30 0.0.0.1

Switch(Config-if)#access-list 101 permit ip any any

IP Routing

ip default-gateway x.x.x.1
ip route 0.0.0.0 0.0.0.0 x.x.x.1
ip route x.x.x.x 255.255.255.255  x.x.x.1
ip route x.x.x.0 255.255.248.0 VlanX
ip route x.x.x.0 255.255.255.128 VlanX

VLAN IP setup

 interface VlanX
 description Server VLAN
 ip address x.x.x.1 255.255.255.128

ip helper-address x.x.x.x

view config

Switch#show vlan brief

Switch#show vlan

Switch#show running-config

Switch#show startup-config

write config permanently

switch#wr

How to Backup Startup-Configuration?

COPY/ERASE/BACKUP NVRAM @your own risk

=====================================

switch#copy startup-config tftp:

Address or name of remote host []? 192.168.100.1

Destination filename [dhaka-confg]?

!!

1558 bytes copied in 0.248 secs

switch#

How to Backup IOS?

====================================

switch#copy flash: tftp:

Source filename []? flash:c2500-jk8os-l.122-1d.bin

Address or name of remote host []? 192.168.100.1

Destination filename [c2500-jk8os-l.122-1d.bin]?

How to Restore Startup-Configuration?

=========================================

switch#copy tftp: startup-config

Address or name of remote host []? 192.168.100.1

Source filename []? switch-confg

Destination filename [startup-config]?

How to Erase the NVRAM?

==============================

switch#write erase

Erasing the nvram filesystem will remove all files! Continue? [confirm]

[OK]

Erase of nvram: complete

switch#

switch#reload

Proceed with reload? [confirm]