Password Recovery on Cisco Catalyst Switch - Part 2

Password Recovery on Catalyst Switches Running CatOS

Although there hasn't been any new Cisco Catalyst Switch platforms that are running CatOS, there's still a large customer base for the existing models. Just to note some of those that are still around:

• Cisco Catalyst 2948G
  
• Cisco Catalyst 2980G
  
• Cisco Catalyst 4000 (Supervisors 1 and 2)
• Cisco Catalyst 5000 (the whole line is already or nearing EOL)
• Cisco Catalyst 6500 - Hybrid Mode (CatOS on Supervisor and IOS on MSFC). Applies to all Supervisor models

In CatOS Password Recovery, it is best that you know the whole picture, or all of the steps, first before you even try it. Why? Well, there's only a 30-second window to perform the CatOS Password Recovery upon boot up of a Catalyst Switch running CatOS.

1. Do a cold boot.
   
2. Wait for the Catalyst Switch to fully boot up.
   
3. Press Enter key at least once.
   
4. Type enable, and then press Enter key.
   
5. Type set ena, and press Enter for 4 times.
   
6. Type set pass, and press Enter for 4 times.
   
7. Configure new passwords, or leave them as NULL (or none).

Now to discuss it further, the first thing that you want to do is to do a cold boot (power off and then on) the Catalyst Switch. This is needed for the Cat OS Password Recovery to work (it won't work on a reloaded, or warm boot, Catalyst Switch. Afterwards, you just need to wait for it to fully boot up again (which will take around 2-3 minutes).

After the boot up, take note that you will only have 30-second window to perform the rest of the steps. The reason behind this is that there's no password configuration applied to the Catalyst Switch running CatOS within the first 30 seconds after boot up. With that, we can go beyond the console login, and the enable (Privileged EXEC) mode, without a need to type any password. Furthermore, the password is actually set to NULL within this timeframe, or similar to typing nothing. 

So, as soon as you see the prompt for the console password, press Enter once and you'll see the Switch prompt. Just type enable and press Enter again, and you'll be inside the Privileged EXEC mode. Afterwards, you can now change the console and enable passwords to what ever you want. But in order to save time, you can set it to NULL for the meantime.

Note: In case these steps didn't work as expected, it may only mean that you're already outside the 30-second window, and needs to start from scratch again.

To change the enable password, type set pass and press Enter. You'll then be asked for the old password (which will be NULL for now) so you just need to press Enter again. The next two prompts will ask you to type a new password and to retype/confirm the new passwords. Just press Enter for these since we just want it to be set to NULL in order to make the 30-second window.

To change the console password, just do the same steps for changing the enable password, but this time, use set ena command instead.

After this part, you're done with the CatOS Password Recovery. You just need to do the set pass and set ena commands again in order to change the console and enable passwords to whatever you want. This time, you can leisurely do it with out any time limit to consider. Easy eh? =)