CatOS Password - Help!

Unanswered Question
Nov 8th, 2007
User Badges:

Hi Folks,


Can anyone help: I have a CatOS 6509 that I cannot login to.


I logged in the other day to try and change the password after the last admin left the company.


At first I couldn't change the password because I wasn't using the command correctly (used to IOS rather than CatOs), then when using the 'set password' menu system type command it would never accept the 'old password'.


I've since logged off and cannot log back on again.


The strange thing is that I saved the config (wrote to tftp) and logged the whole session in putty but can't see that the password changed, the hashed password in the config also doesn't seemed to have changed.


So it appears that I'm locked out.


Can anyone suggest anything? Rebooting and performing password recovery has to be the absolute last option as this Switch carries a lot of production traffic and has been up for over 5 years.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
JORGE RODRIGUEZ Thu, 11/08/2007 - 05:31
User Badges:
  • Green, 3000 points or more

Hi Daniel,


I don't see any other way to recover password without reboot .. I have conducted password recovery on CatOS and have not lost any of its configuration when recoverying changing passwords , however never say never, a backup config should be handy just in case, you would need to reboot though in order to proceed with changes of password.


this is password recovery procedure for your switch.


http://www.cisco.com/en/US/products/hw/switches/ps708/products_password_recovery09186a00801349aa.shtml


HTH


Jorge



ddarby1 Thu, 11/08/2007 - 06:21
User Badges:


Thanks for your reply Jorge - looks like I'll have to go for it. I've got the config, so it looks like owning up will be the worst bit.

glen.grant Thu, 11/08/2007 - 06:05
User Badges:
  • Purple, 4500 points or more

the only thing i can think of is to copy the whole set password command with the encrypted string and put it in a tftp file then config net that to the device and see if you can get in after that , i believe I have used this technique in the past .

ddarby1 Thu, 11/08/2007 - 06:30
User Badges:


Thanks for the post Glen,


wouldn't I need to be interactively logged into the device to execute 'config net' though?

ddarby1 Fri, 11/09/2007 - 01:27
User Badges:


Glen, that's a great tip - I'd seen something about snmp regardig CatOS password recovery on other posts but ignored them.


As I know the SNMP strings from the Switch's sister switch, I've at least got something to go on and getting in any way is infinitely more preferable than rebooting this switch.


I'll post back if I manage to get in.


Thanks again,


Dan


Kevin Dorrell Fri, 11/09/2007 - 02:14
User Badges:
  • Green, 3000 points or more

I would first try the password as you remember it, modified by various keyboard adjacencies, NumLock or not, CapsLock or not, etc.


Do you always use the same type of keyboard? Do you have an AZERTY/QWERTY/QWERTZ ambiguity, for example. AZERTY is a real killer, for example, because all the numbers are shifted.


Kevin Dorrell

Luxembourg


glen.grant Fri, 11/09/2007 - 05:05
User Badges:
  • Purple, 4500 points or more

Also when it asks for the password just try hitting the enter key , have seen this happen before too where it is just the default setup before entering a new password.

ddarby1 Wed, 12/12/2007 - 08:50
User Badges:

An update for anyone interested in this thread or with a similar problem:


I first tried manually through snmp, Net-SNMP and various Cisco documents to download the config (and upload a modified config) from the offending Switch with partial success.


I knew the snmp public and private community strings (they were in fact the default of public and private) so a much easier way to change the password was using an SNMP enabled program such as Solarwinds 'Engineers Toolkit' which uses SNMP to retrieve and upload configs amongst other things.


I downloaded the config from the offending switch, but haven't been able to successfully upload a modified password yet (this worked easily with a Cat 3560, IOS switch).


Thanks to all who have given helpful tips in this thread.

Actions

This Discussion