Locked out of my switches

Unanswered Question
Jul 30th, 2008

I was trying to add a local user to my device but in the process I entered the command no enable secret 5 password. I think doing so got rid off my enable password because I can longer use enable command unless i use enable 5 command. How do I solve this problem? Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steve Lyons Wed, 07/30/2008 - 18:21

after you enable 5 did you try re-entering enable secret "password" in global config?

Steve Lyons - Cisco

Richard Burts Wed, 07/30/2008 - 18:52


It is not clear to me what you mean when you talk about the enable 5 command. If this does get you into enable mode then the suggestion by Steve should allow you to resolve your problem by entering the enable secret password in global config mode.

If it does not get you into enable mode then the solution is probably to use the password recovery procedure up to the point where you have changed the config register to 0x2142 and booted the router. This will cause the router to boot but to not read the startup config. This will boot the router with an empty config (but your config does still exist in startup-config). When you have done this you should be able to get into enable mode. You can then use the config mem command to load startup config into running-config. You will still be in enable mode and should be able to enter the enable secret password.

There are sevweral things to be careful about when doing this:

- this procedure will probably put all your interfaces into shutdown state, so you will have to do no shut on all of the active interfaces.

- remember to change the config-register back to its default value (probably 0x2102).

- be careful not to do copy run start when you are trying to load your startup-config.



Tshi M Wed, 07/30/2008 - 19:19

I was afraid of that answer but I think that is the only solution here. Here is what I meant by the "enable 5": I created an "enable secret level 5" password that still works. However that level does not get me into the global configuration mode so I cannot set the "enable secret".

The misstep I took was to enter the command "no enable secret 5 password" while I was configuring the level 5 password because of a typo in the password. That step got rid off my original enable secret password for level 15.

Richard Burts Wed, 07/30/2008 - 19:27


Yes, given this clarification of the situation I believe that the only real solution is to use the password recovery procedure.



Tshi M Wed, 07/30/2008 - 19:31

Removing a level 5 secret password should not affect the level 15 password which is entered just by typing enable secret xxxx.

While level 5 is entered by enable secret level 5 xxxx.

I guess that is something that Cisco should think about.

Thanks much for the quick response though.


This Discussion