cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
957
Views
0
Helpful
6
Replies

password reset did not work with cisco documentation

james.fleit
Level 1
Level 1

http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

per this link it seems that there is an error ...could be me?

step 11 rewrites the same config file back into memory and makes it the running-config but it has the password I'm trying to clean out -yes/no?

step 13 command conf t does not exist? C3550 switch.

enable password command gives invalid input dected at ^ marker - which points to the beginning of the word password?

I get " % authorization failed" on several commands.

Is this all due to line 11? reinserting  the same broke config file back into the system??

help

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

james.fleit wrote:

http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_recovery09186a0080094184.shtml

per this link it seems that there is an error ...could be me?

step 11 rewrites the same config file back into memory and makes it the running-config but it has the password I'm trying to clean out -yes/no?

step 13 command conf t does not exist? C3550 switch.

enable password command gives invalid input dected at ^ marker - which points to the beginning of the word password?

I get " % authorization failed" on several commands.

Is this all due to line 11? reinserting  the same broke config file back into the system??

help

James there is no error in the procedure. Basically what you are doing is getting into enable mode without having to use the password you don't know so you rename the config file temporarily so it will boot without your current config. Once booted you can then go into enable mode because you have a blank config. Step 11 simply then copies the config you had back into the running-config otherwise you would have to reconfigure the entire switch again. Yes it will also have the passwords you don't know in it but it doesn't matter because you are already in enable mode.

On a 3550 switch "conf t" should exist. Are you entering conf t at the hash prompt ie. after step 12 you should see

sw1#

and then you enter

sw1# conf t


hit return and you should get

sw1(config)#

Jon

I beileve ya - the conf t is that conf space t or conft the conf space t  is not listed on the commands and the switch either gave me % authorization failed or invalid input error....I gave up and too a break so I'm not sure what the exact error was but the switch laughed at me. thanks for the help explaining the other config issue . So I'm not getting to the next step with proper prompt sw1(config)#

thanks

J

I went through this again and again I still get

% Authorization Failed     when I type conf t on step 13

so there is still something blocking me I never get to the sw1(config) prompt. There still seems some error in the logic step 11. I dont want the old config back to config.text I want it to go away with the passwords. step 12 just makes it the system:running config again? then 13 I get authorization failed because everything is reloaded back to original the config.text never changed anywhere. Cant I just slam this config.text and reconfigure the SW from scratch? heck I would flash it with a new BIN if I knew where that was. what about copy system:running-config flash:config.text on step 11 wouldnt this be a blank config.text - I am getting the switch name change between  step 11 and 12 but its the original name and I'm locked out of all commands at this point ...after reloading the system:running-config.

after last post the powersupply died had to rebuild the opto isolaters ( 2 @ 80cents each ) from continually plugging and unplugging. I'm at the point of tacking into the flashEprom and dumping it to a file and extracating the password and reloading the BIN file or scrapping this 3550 alltogeather.

Ha I finially got this to work - yes the documentation link I left in this tread is misleading which is the answer I was looking for.

Step 11 does copy all the bad back into the configuration ,step 12 solidfys the bad back into the switch. If you want to change the passwords you must MUST skip steps 11 and 12 and go to 13. reset your passwords run copy system:running-config to config.text delete your old config.old and start over.

I dont know why they try to confuse people but this drove me mad. I believe in following directions but these are maybe for someone who knows that step 11 and 12 in this information should be skipped and not a poor old hacker like me who believes in following directions until there is no help but to hack around your own way. Hope this helpes someone - it ate alot of my time - bad information from the creator..I wonder what info I should trust  - fool me once shame on you.

ok

j

If you skip 11 and 12, you'll need to reconfigure the whole switch, which could be anywhere from cakewalk to a nightmare... My guess is that something is configured in the original startup-config that gave you the error.  When I bought a 2600 router to play around with last year, I ran into the same auth error while trying to recover the password.  The previous vendor had put some sort of security in it I bet.

jadeblasi
Level 1
Level 1

For those of you coming accross this post who are having this problem but not willing/able to reconfigure the switch:

I too had this problem. Pehaps some type of password recovery disable setting, perhaps some non-standard configuration register setting that alters the behavior, maybe even a bug in the way AAA works with TACACs. I chose to just delete the config file like James did. However you could do the following

Perform step 11 (rename flash:config.old flash:config.txt)

Perform a show startup-config and cut and paste the old config to notepad. (you need to make sure that the buffer on your terminal emulater is large enough to hold the whole config)

Then you could do what James did and delete the old config (del flash.txt), set a new password and you could copy and paste the old config back (minus the password)

This could save you a lot of time if you run accross this problem but have a lot of ACLs or other config items that would be difficult/impossible to recreate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: