{"id":9,"date":"2010-07-28T16:53:54","date_gmt":"2010-07-28T03:53:54","guid":{"rendered":"http:\/\/www.templesoft.co.nz\/blog\/?p=9"},"modified":"2026-04-08T08:19:32","modified_gmt":"2026-04-07T20:19:32","slug":"recovering-a-cisco-secret-password","status":"publish","type":"post","link":"https:\/\/templesoft.co.nz\/journal\/?p=9","title":{"rendered":"Recovering a Cisco secret password."},"content":{"rendered":"<div id=\"content\" style=\"text-align: justify;\">\n<div>\n<h1>In the beginning, god created monkey&#8230;<\/h1>\n<h3>Recovering secret passwords on Cisco Catalyst 2900, 3500XL, 2940, 2950, 2955, and 3550 switches.<\/h3>\n<p>So you read the article about creating longer more secure passwords and then ran out to all your catalyst switches and promptly changed all the enable passwords to make them more secure. But fat fingers meant that you mistyped that wonder password on three of eight of your switches and now you can&#8217;t get back in to make changes.<\/p>\n<p>Ah, to be young and stupid&#8230; or in my case, old and stupid\u00a0 \ud83d\ude42<\/p>\n<p>There is a light at the end of the tunnel and it comes in the form of an abridged version of Cisco&#8217;s own doumentation on how to recover secret passwords. If you want the original document you have get it off my server. To recover the password you will have to be connected to the console port of the Cisco switch using the following port settings:<\/p>\n<pre><code>9600 baud, 8 bits, no parity, 1 stop bit, and xon\/xoff flow control<\/code><\/pre>\n<\/div>\n<div>\n<p>Power <strong>OFF<\/strong> the unit, then hold down the <strong>MODE<\/strong> button and power <strong>UP<\/strong> the unit again (keep MODE held down!!)<\/p>\n<ul>\n<li>On a 2900, 3500XL or 3550 release the <strong>MODE<\/strong> button after the <em>1x<\/em> port LED goes out.<\/li>\n<li>On a 2940 or 2950 switch, release the <strong>MODE<\/strong> button after the <em>STAT<\/em> light goes out.<\/li>\n<li>On a 2955, press the break key (ctrl-break on Windows) when you see the message that the switch will <em>autoboot<\/em>.<\/li>\n<\/ul>\n<p>Notice that the switch reports:<\/p>\n<pre><code>password-recovery mechanism is enabled<\/code><\/pre>\n<p>Once booted, you should see the following prompt:<\/p>\n<pre><code>switch:<\/code><\/pre>\n<p>Initialise the flash storage.<\/p>\n<pre><code>flash_init<\/code><\/pre>\n<p>Load any boot helper images.<\/p>\n<pre><code>load_helper<\/code><\/pre>\n<p>Display the contents of the switch flash.<\/p>\n<pre><code>dir flash:<\/code><\/pre>\n<p>Rename the <em>config.text<\/em> file.<\/p>\n<pre><code>rename flash:config.text flash:config.backup<\/code><\/pre>\n<p>Boot the switch.<\/p>\n<pre><code>boot<\/code><\/pre>\n<p>Once the system image is booted, you will be asked if you want to enter the initial configuration dialog. Answer <strong>NO<\/strong> and press Enter.<\/p>\n<p>Enable privileged commands.<\/p>\n<pre><code>en or enable<\/code><\/pre>\n<p>Rename the <em>config.backup<\/em> file.<\/p>\n<pre><code>rename flash:config.backup config.text<\/code><\/pre>\n<p>Copy <em>config.text<\/em> to the running configuration.<\/p>\n<pre><code>copy flash:config.text system:running-config<\/code><\/pre>\n<p>Enter global configuration mode.<\/p>\n<pre><code>config terminal or config t<\/code><\/pre>\n<p>Remove the existing secret password.<\/p>\n<pre><code>no enable secret<\/code><\/pre>\n<p>Create a new secret password.<\/p>\n<pre><code>enable secret 0 <em>newpassword<\/em><\/code><\/pre>\n<p>Exit out of global configuration.<\/p>\n<pre><code>exit<\/code><\/pre>\n<p>Check the new settings.<\/p>\n<pre><code>show running<\/code><\/pre>\n<p>If everything is OK, copy running configuration to the startup configuration.<\/p>\n<pre><code>copy running-config startup-config<\/code><\/pre>\n<p>If you&#8217;ve done everything right you should have changed the enable secret password. Test it by logging out then back in.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In the beginning, god created monkey&#8230; Recovering secret passwords on Cisco Catalyst 2900, 3500XL, 2940, 2950, 2955, and 3550 switches. So you read the article about creating longer more secure passwords and then ran out to all your catalyst switches and promptly changed all the enable passwords to make them more secure. But fat fingers&#8230;  <a class=\"excerpt-read-more\" href=\"https:\/\/templesoft.co.nz\/journal\/?p=9\" title=\"Read Recovering a Cisco secret password.\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,2],"tags":[5,6,8,9,10,7,11,4,17,18,12,14,13,15,16],"class_list":["post-9","post","type-post","status-publish","format-standard","hentry","category-recovery","category-technical-resource","tag-catalyst","tag-catalyst-2900","tag-catalyst-2940","tag-catalyst-2950","tag-catalyst-2955","tag-catalyst-3500xl","tag-catalyst-3550","tag-cisco","tag-config-text","tag-configuration","tag-password","tag-recover","tag-reset","tag-secret","tag-switch"],"_links":{"self":[{"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=\/wp\/v2\/posts\/9","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9"}],"version-history":[{"count":7,"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions"}],"predecessor-version":[{"id":16,"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions\/16"}],"wp:attachment":[{"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/templesoft.co.nz\/journal\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}