In this blog post, we will demonstrate the steps to recover the password of a Cisco 2960 Switch without losing the running configuration.
- Connect your console cable to the switch and open the terminal emulator software, e.g., Putty. Ensure to provide correct COM Port in the Serial Line box below.
- You can check the COM Port of your laptop/desktop (where you have connected the serial cable) through Device Manager. Keep the speed and other settings to default and click Open.
- Once you click on Open, a command shell will open. Since you do not have the password to log on to the switch, keep the same console screen open and press and hold the Mode button on the switch until you see the switch: prompt.
- It takes approximately 20–25 seconds, but keep holding the Mode button, and you will then see a bunch of messages on the screen and, finally, the
switch:prompt.
- You will find a message on the screen The password-recovery mechanism is enabled (as shown in the screenshot below) before you reach the switch: prompt.
- At the switch: prompt, type flash_init to initialize the flash, and then enter dir flash: to check the contents of the flash: drive. Take note of the files that are showing as .renamed.
- At the Switch: prompt, enter the boot command, as shown below. It will take some time to boot until you see the System Configuration dialog, and then you will see the Switch> prompt. In the system configuration dialog boxes, enter no.
- Would you like to enter the initial configuration dialog ? [yes/no]: no
- Type en at the Switch> prompt to enter privileged mode (Switch#).
- Next, enter the sh flash: command. You will see files with .renamed extension.
- Rename these files and remove .renamed extension. For example, private-config.text.renamed will become private-config.text.
- Renaming the Files.
- Confirm that the .renamed extension has been removed from the file extensions by using the sh flash: command.
- Copy config.text to running-config using the command copy flash:config.text running-config. After doing this, you will notice that the switch name has been changed.
- You can also review the running configuration of the switch and make any necessary updates, such as modifying configurations, removing the enable password, or creating a login. Make sure to save the configuration changes before reloading the switch.
- It’s important to note that if you have previously set the enable password or created users logins, and you do not know their passwords. Reloading the switch will result in the same situation where you won’t be able to log in. Therefore, please ensure that you thoroughly review the running configuration, make the desired changes, save the configuration, and then proceed with reloading the switch.
- When the switch reloads and comes back online. You can use the passwords you configured in the running configuration.
That’s it! You have successfully reset the password of the Cisco 2960 switch.
All Commands Used in the Reset Process (in sequence)
Switch:flash_init
Switch:dir flash:
Switch:boot
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>en
Switch#sh flash:
Switch#rename flash:vlan.dat.renamed flash:vlan.dat
Switch#rename flash:config.text.renamed flash:config.text
Switch#rename flash:private-config.text.renamed flash:private-config.text
Switch#sh flash:
Switch#copy flash:config.text running-config
unknown08d09fa285c0#conf t
unknown08d09fa285c0(config)#enable secret class
unknown08d09fa285c0(config)#line console 0
unknown08d09fa285c0(config)#password Ci!sCo213
unknown08d09fa285c0(config)#login
unknown08d09fa285c0(config)#line vty 0 15
unknown08d09fa285c0(config)#password Ci!sCo213
unknown08d09fa285c0(config)#login
unknown08d09fa285c0(config)#end
unknown08d09fa285c0(config)#copy running-config startup-config
unknown08d09fa285c0(config)#reload