It's happened to us all. Not even our fault, really. The password that you carefully gave the ^#$@&*@# Cisco box when configuring it (and verified immediately afterword) suddenly, five weeks later, doesn't work - when you really need it. You can't enter enable mode. You can't make changes. Your boss wants the switch reconfigured in an hour to meet the needs of the machines which are already on their way to you as you sit shivering in the colocation facility.

The password won't work.

All is not lost. If you're on a Cisco 6xxx series switch, there is an emergency, last--ditch way to recover the password without nuking the box's precious configuration (in case you didn't save it to Flash or to an external card...why didn't you? Because you didn't). The only caveat is that you'll need to reboot the switch; in the case of the 6xxx series, this can take up to three to five minutes, which means a 3-5 minute downtime. Still, compared to having to rebuild the image, that's trivial.

The method is really trivial, especially considering all the build-up I just did. :-) Here it is.

Power-cycle the switch.

For thirty seconds after the switch is up (becomes responsive on the console port) you can enter enable mode without a password, and reset the enable/secret/whatever passwords to whatever you like. You only have thirty seconds, though, so be quick, and make sure you don' t make typos in entering the password, or you'll likely have to do this again.

This is not really a security risk, because the switch will only listen through the physical console port, and has to be power-cycled (not just restarted). The assumption, naturally, is that if you have physical access to the switch, you're authorized. This won't work over a telnet connection, just the RJ serial console port.

Log in or registerto write something here or to contact authors.