enable secret recovery

parvees123 · ‎11-16-2006

I have 2 6509 switch as core

IOS s72033 versio 12.2(17r)S2

I have configured enable secret on both switch unfortunately I entered one of them in wrong manner i believe. CORE 1 I am not able to enter , where as CORE 2 is not having any prob. Can any one please tell me with out getting to RMON is there any way to break the secret coz my CORE 1 is the primary in production there are lot of customer bind to it.

Please help

-Parvees M

d-mark · ‎11-16-2006

Hi,

if you have SNMP read/write access to your CORE1, than maybe you can set a new enable secret by using snmp. Take a look at:

"How To Copy Configurations To and From Cisco Devices Using SNMP"

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094aa6.shtml

HTH

Mark

a.kiprawih · ‎11-16-2006

Try the SNMP method for a safer approach. But if it doesn't work, then maybe you have to do password recovery.

BTW, do you configure your 2 x Cat6509 with high availability (HA), i.e HSRP for all Vlans? If you have this, you can perform recovery by forcing the Core#2 to handle the traffic. You can get to the boot mode and reboot the switch/Core#1 without loading the config (use ctrl+break when it starts to boot), set the config-register to 0x2142 (for IOS-based image). Copy the actual config from the NVRAM using 'copy startup-config running-config' or simpply execute 'copy start run', then change the enable secret. Set the config-register to '0x2102' again and reboot the Core#1 again.

HTH

AK