William Reed Sun, 05/23/2010 - 14:58
User Badges:

That link has worked on 5 4506s with non redundant sups, but it is not working on the 4510R with the redundant sups. It has something to do with the redundant sup. What do I need to do? Pull the 2nd sup out?

Reza Sharifi Sun, 05/23/2010 - 15:06
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

You can pull it out and try recovering the password.  Make sure you do this during an outage window in case some thing goes wrong.

William Reed Sun, 05/23/2010 - 15:08
User Badges:

LOL i was doing this during an outage but I need to be 100% even during the outage

that I know exactly what do to.

This is the main switch of a hospital.

Reza Sharifi Sun, 05/23/2010 - 15:20
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

wow, a main hospital with one switch and no redundancy?

It there any way to shift the traffic to a redundant device and then do the recovery on this switch?

William Reed Sun, 05/23/2010 - 15:24
User Badges:

No, there is no other switch to shift traffic to. I inherited this network last week so lets not talk about how it should be setup. We all know things can always be setup better and different. They have one main 4510R with dual Sups and several 4506s thorough out the campus.

I need to recover the password on the 4510R now only.

Ruby Khaira Sat, 06/12/2010 - 13:18
User Badges:

I was searching for an answer to this issue myself today and found your post - I too am taking over a production switch with a "lost" password.  You are right about the documented process only working for single Supervisor switches.  I followed the same document and found that after rebooting the dual Supervisor switch, the secondary Supervisor would always overwrite the config with the recovered password - taking me back to square one.

After various attempts, the following methodology finally worked:

  1. Remove Supervisor A
  2. Run the Password Recovery procedure on Supervisor B
  3. After you get into the switch, copy the running config to a txt file as a backup
  4. Erase the startup config then reboot the switch
    1. Your switch should reboot with a basic factory config - no customization
  5. Power off your switch
  6. Remove Supervisor B and re-insert Supervisor A
  7. Run the Password Recovery procedure on Supervisor A
  8. Erase the startup config then reboot the switch
    1. Your switch should reboot with a basic factory config - no customization
  9. Power off your switch
  10. Re-insert Supervisor B - both Supervisors should be inserted at this point
  11. Power up your switch - there should only be a basic config on the switch
  12. You should be able to console login to the switch with no passwords at this point
  13. Restore the config from txt file via console cable - except for the enable password
  14. Set your enable password to whatever you wish

This worked for me today on a 4507R with dual Supervisors, I trust it will also work for you.

William Reed Sun, 06/13/2010 - 20:12
User Badges:

I was thinking about just pulling Sup B and do the recovery on Sup A. Then after Sup A is back u

p insert Sup B. Shouldnt Sup A then replicate the config to Sup B?

Just thinking out loud, doing the actual recovery this coming Sunday.

Ruby Khaira Mon, 06/14/2010 - 13:20
User Badges:

I did not try a hot swap as you seem to be suggesting.  I did however recover the password on Supervisor A with Supervisor B removed only to have Supervisor A overwritten by Supervisor B upon reboot because the Switch alternates Supervisor cards on each reboot.  This was problematic and hence is why I opted to clear configs on both Supervisors as outlined in the methodology earlier.

I was working at a customer site and did not want to attempt any hot swapping of Supervisor cards to mitigate risk.  The option is yours but what I have outlined worked well for my situation.

Good Luck

William Reed Mon, 06/14/2010 - 13:21
User Badges:

What did you use to backup and restore config. I have never done that over the console.

Ruby Khaira Mon, 06/14/2010 - 13:49
User Badges:

The password recovery procedure must be conducted using a console cable - this is the only way.  If you try to do this via Telnet, you will lose your connection on reboots.  Console cable allows you to see the switch go through the reboot process - its like a DRAC on a server.  I use Secure CRT to establish a serial connection to the Switch (aka console connection).  Secure CRT allows me to save the entire contents of my session to a txt file.  While working, I simply issue the 'show run' command which will save the config to my logged session.

To restore the config over console (serial):

  1. I copy the config from my saved session to PC clipboard
  2. Goto Secure CRT and issue the 'config terminal' command on the Cisco switch
  3. Issue the 'Paste to Host' or press 'Shift-Insert' command
  4. Once all items are inserted, make sure you write your config.

I suggest you test this procedure and using console connection on a  non-production switch if you are not experienced using the console to  insert a config.

Use the following to erase a config:

  1. go to enable mode
  2. erase startup-config
  3. reload - do not save or write
  4. when the device reloads, it will have a factory config
William Reed Mon, 06/14/2010 - 15:33
User Badges:

Thanks for the fast reply.

I just attempted this on my home 1760 Callmanager express config. I have SOME of the config restored but the copy and paste dies when reinserting dial peers to the config. How do I ensure something like this does not happen on the 4510R? Also how do I get around getting my whole config back to the 1760?


Ruby Khaira Mon, 06/14/2010 - 19:32
User Badges:

I've never worked on a Call Manager system so cannot comment on its operation, however if it behaves like a Cisco Router or Switch - then you may have some extra (or missing) characters which are causing your  config to have errors during the paste procedure.  Try entering the  commands manually to see if the errors persist.

When I reinserted the config on my 4507, I did so in sections so that I could ensure no errors were present before moving onto the next section.  This makes it easier to troubleshoot.  You should review the 4510R config prior to erasing it so that you fully understand its operation and setup.

William Reed Tue, 06/15/2010 - 15:26
User Badges:

I ended up TFTPing the session log back from Secure CRT to the router and then issued write flash:session.log running-config. Then I wrote the memory and reloaded and my entire config was there.


This Discussion