This article shows how to reset a password on a Cisco Catalyst 3750-X (stacked or single unit) and Cisco Catalyst 3560-x switch without losing its startup configuration. The Cisco password recovery procedure involves interrupting the switch’s normal boot procedure, renaming the flash:config.text (that’s the startup-config file for switches) to something else e.g flash:config.text.old so that the configuration file is skipped during bootup.
Once the switch has loaded its operating system we can enter privileged-exec mode, rename back the flash:config.text.old to flash:config.text (startup-config), copy the startup-config file to memory (DRAM), make the necessary password changes and save the configuration.
Password Recovery – Reset Procedure
The procedure described below assumes the password recovery mechanism is enabled (by default, it is) and there is physical access to the switch or stack (3750-X only).
Note: If this procedure is being performed on a 3750-X stack, it is important to understand that all switches participating in the stack should be powered off and only the Master switch is powered on when initiating the password recovery procedure. The Master switch can be easily identified by searching for the switch with the green “Master” LED on.
On a 3750-X switch, Power off the entire stack or standalone switch. On a Catalyst 3560-X switch, power off the switch. Connect your console cable to the switch – 3750-X Master or the standalone switch.
Reconnect the power to the switch (standalone 3750-X or 3750-X) or stack master (3750-X stack only). Within 10 seconds, press and hold the Mode button while the System LED is flashing green. After the System LED turns amber and then solid green, release the Mode button.
Now initialize the flash file system, rename the startup configuration file (config.text) and boot the IOS:
Now search for the startup configuration file (config.text) and rename it:
We can now boot the switch IOS:
At this point, the switch has booted bypassing its configuration file. At the prompt, type enable to enter privileged exec mode and rename back the config.text.old file:
Switch# rename flash:config.text.old flash:config.text
3750-X Note: At this point, power on any 3750-X stack members and wait until they are loaded. This is a very important step to ensure no configuration is lost.
Finally, load the startup configuration of the master or standalone switch to memory and make the necessary changes to the enable secret / password or user account in question:
If you require to change the password to an account e.g admin, use the following command:
3750-X-Stack1 (config) # exit
Depending on the switch model and configuration, it is possible that after executing the password recovery procedure VLAN interfaces might be in a shutdown state. Issue the show running-config command and search for any shutdown command under the vlan interfaces. If found, enter the interface and issue the no shutdown command to ensure the interface is enabled.
When done, save your configuration and reload the switch or stack:
This article showed in detailed steps the password recovery process for Cisco Catalyst 3560-X and 3750-X switches including standalone or stacked 3750-Xs. We explained how to safely gain access to the switch configuration and change the enable/secret password and/or administrator user accounts passwords. More technical and security articles on Catalyst switch can be found at our Cisco Catalyst Switches Section.