|
If at any time you
forget the normal mode or enable passwords, you need to start a
password recovery process. Password recovery on the Catalyst 4000/5000/6000 Series differs from the methods used on a Cisco router or
on other models of switches.
You must be connected to the console
port to perform the password recovery procedure. Password recovery
requires a power cycle of the system by toggling the power switch.
After you power cycle the switch, it goes through its initialization
routines and eventually prompts you for a password to enter the
normal mode. At this point, you have 30 seconds to perform password
recovery.
The trick in password recovery on the
switch lies in its behavior during the first 30 seconds after
booting. When the switch first boots, it ignores the passwords in
the configuration file. It uses the default password <ENTER>
during this time. Therefore, when the Catalyst Switch prompts you
for an existing password at any time, simply type <ENTER>
and the Catalyst switch accepts your response. Immediately enter set
password or set
enablepass to change the
appropriate password(s).
During the password recovery process, when the switch
prompts for the new password, simply respond with
<ENTER>. Otherwise, trying to type in
new passwords sometimes forces you to reboot again, especially if
you are a poor typist. By initially setting the password to the
default value, you minimize the probability of entering a bad value.
After setting the enable and EXEC passwords to the default, you can
then go back and change the values without the pressure of
completing the process during the 30-second time window provided for
password recovery.
As with many security situations, it
is extremely important that you consider physical security of your
equipment. As demonstrated in the password recovery process, an attacker simply needs the ability to reboot the Catalyst switch and access to the console to get into the privileged mode. When in the privileged mode, the attacker can make any changes that he or she desires. Keep your wiring closets secured and minimize access to console ports.
 |
 |
Lab
Activity |
| |
In
this lab activity, you will learn how to regain
control of a Cisco Catalyst 4000 Ethernet
switch after you have lost the passwords. |
|
|
|
 |
 |
Lab
Activity |
| |
In
this lab activity, you will learn how to regain
control of a Cisco Catalyst 2900 Ethernet
switch after you have lost the passwords. |
|
|
|
|