Easy? Well, Password Recovery is all procedural, and has the same concept in all Cisco Catalyst Switches. Yes, it is very risky too. Especially, if you get too confident, and forgot to do some verifications... or in my own words - "checkpoints". The worst case scenario on doing password recovery is if you overwrite the saved or start-up configuration file and there's no backup. Nice huh?! =)
For this topic, I've divided it into 3 parts:
- Password Recovery on Fixed Switches (Small Boxes)
- Password Recovery on Modular Switches Running CatOS
- Password Recovery on Modular Switches Running IOS
- Password Recovery on 4500 running IOS
- Password Recovery on Catalyst 6500 with Hybrid IOS (MSFC IOS)
- Password Recovery on Catalyst 6500 with Native IOS
Concept of Password Recovery
First of all, why do we need to do Password Recovery? Well, it's either you are too old to remember simple passwords, or you've used to many passwords in a short span of time. =P Kidding aside, there's a lot of situations wherein Password Recovery is needed. The best example is when a new network administrator took over a new network with poor documentation. Password Recovery also enables us to resume management of the Catalyst Switch without resetting to factory default (we don't want to lose the current configuration).
Now, as I said earlier, Password Recovery has the same concept in all Cisco Catalyst Switches (and even with Cisco Routers). In Password Recovery, you actually want to bypass the password set on a Catalyst Switch. Most of the time, we want to bypass both the console and enable-mode (Privilege EXEC) passwords. In order for us to bypass the password, we need to bypass the saved or start-up configuration. Why? Well, the console and enable-mode passwords are actually part of the start-up configuration.
Bypassing the start-up configuration is similar to resetting the Catalyst Switch back to factory default, BUT without losing or overwriting the current configuration. We will actually restore the start-up configuration before we can change or remove the passwords.
The steps on how to bypass the passwords or the start-up configurations are actually the main differences in doing Password Recovery on Fixed Switches, Modular Switch Running CatOS, and Modular Switches Running IOS.
Limitations / Considerations
The main limitation on doing Password Recovery on Cisco Catalyst Switches is that you cannot do it remotely (i.e. telnet). Meaning, you should be physically onsite where the Catalyst Switch is, in order to accomplish the Password Recovery procedures. You need to be directly connected to the Catalyst Switch thru console, and to do some manual work, like doing cold reboot.
I guess that's all for now, and wait for the next part. =)
No comments:
Post a Comment