Articles Tagged ‘Password Recovery’

How to Disable or Enable the Password Recovery Procedure on Cisco Catalyst Switches. Enhance Your Catalyst Switch Security – Protect Configuration Files

disable or enable password recovery on Cisco Catalyst switchesOur previous article shows how to perform a password recovery on the Cisco Catalyst switches. This article will now explain how to disable or enable the Cisco password recovery service allowing network engineers and administrators to further secure their Cisco equipment.

The password recovery mechanism is enabled by default which means anyone with physical access to the switch is able to initiate the process and gain access to the switch or stack’s configuration. In some environments this might be a major security concern which is why Cisco provides the option to disable the password recovery mechanism.

In cases where the mechanism is disabled the only option available to gain access to the switch is to delete its startup configuration.

How to Disable or Enable the Password Recovery Service on Cisco Catalyst Switches

Disabling the password recovery mechanism is achieved by using the no service password-recovery command in global configuration mode as shown below:

Password Recovery / Password Reset Procedure for Catalyst 3750-X or 3560-X Switches - Single or Stack Member Configuration

cisco-catalyst-3750-x-3560-x-password-recovery-1This article shows how to reset a password on a Cisco Catalyst 3750-X (stacked or single unit) and Cisco Catalyst 3560-x switch without losing its startup configuration. The Cisco password recovery procedure involves interrupting the switch’s normal boot procedure, renaming the flash:config.text (that’s the startup-config file for switches) to something else e.g flash:config.text.old so that the configuration file is skipped during bootup.

Once the switch has loaded its operating system we can enter privileged-exec mode, rename back the flash:config.text.old to flash:config.text(startup-config), copy the startup-config file to memory (DRAM), make the necessary password changes and save the configuration.

Password Recovery – Reset Procedure

The procedure described below assumes the password recovery mechanism is enabled (by default, it is) and there is physical access to the switch or stack (3750-X only).

Note: If this procedure is being performed on a 3750-X stack, it is important to understand that all switches participating in the stack should be powered off and only the Master switch is powered on when initiating the password recovery procedure. The Master switch can be easily identified by searching for the switch with the green “Master” LED on.

Step 1

On a 3750-X switch, Power off the entire stack or standalone switch. On a Catalyst 3560-X switch, power off the switch. Connect your console cable to the switch – 3750-X Master or the standalone switch.

Step 2

Reconnect the power to the switch (standalone 3750-X or 3750-X) or stack master (3750-X stack only). Within 10 seconds, press and hold the Mode button while the System LED is flashing green. After the System LED turns amber and then solid green, release the Mode button.

If the process has been followed correctly, the following message should be displayed:
The system has been interrupted prior to initializing the flash file system. The following commands will initialize the flash file system and finish loading the operating system software:

Step 3

Now initialize the flash file system, rename the startup configuration file (config.text) and boot the IOS:

Articles To Read Next:


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup