31 July 2019

How to do a password recovery in Cisco 9500 IOS-XE version 16.9.3

What I've found out when following the manual vs reality

The official manual needs an update. It seems that someone copy+pasted the procedure of the 9200 and hastily added a note but there are still some differences:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-9/configuration_guide/sys_mgmt/b_169_sys_mgmt_9500_cg/troubleshooting_the_software_configuration.html

...
 DETAILED STEPS


Step 1

Connect a terminal or PC to the switch.




  • Connect a terminal or a PC with terminal-emulation software to the switch console port.
  • Connect a PC to the Ethernet management port.


Step 2

Set the line speed on the emulation software to 9600 baud.


Step 3

Power off the standalone switch or the entire switch stack.


Step 4

For Cisco Catalyst 9500 Series Switches, reconnect the power cord to the switch or the active switch.  
As soon as the System LED blinks, press and release the Mode button 2-3 times. 
The switch enters the ROMMON mode.    --- # Not the right procedure, do the CTRL-C sequence


Note 






Cisco Catalyst 9500 Series Switches- High Performance do not have a Mode button.
You can exit the configuration dialog at any prompt using Ctrl-C to kill the bootup sequence. 






The following console messages are displayed during the reload:
Initializing Hardware...

System Bootstrap, Version 16.6.1r [FC1], RELEASE SOFTWARE (P)
Compiled Sat 07/15/2017  8:31:57.39 by rel

Current image running: 
Primary Rommon Image

Last reset cause: SoftwareReload 
C9500-12Q platform with 8388608 Kbytes of main memory

attempting to boot from [flash:packages.conf]

Located file packages.conf 
#
#####################################################################

Unable to load cat9k-rpboot.16.06.02b.SPA.pkg
Failed to boot file flash:user/packages.conf
ERROR: failed to boot from flash:packages.conf (Aborted)<--- abort="" em="" will="">
Initializing Hardware...

System Bootstrap, Version 16.8.1r [FC4], RELEASE SOFTWARE (P)
Compiled 20-03-2018 15:12:03.01 by rel

Current ROMMON image : Primary Rommon Image

Last reset cause:PowerOn
C9500-48Y4C platform with 16777216 Kbytes of main memory

Preparing to autoboot. [Press Ctrl-C to interrupt] 
Break sequence to be pressed to get to rommon
 
Proceed to the Procedure with Password Recovery Enabled section, and follow the steps.


Step 5

After recovering the password, reload the switch or the active switch.




On a switch: 
Switch> reload
Proceed with reload? [confirm] y












Procedure with Password Recovery Enabled
Procedure

Step 1

Ignore the startup configuration with the following command: 





Switch: SWITCH_IGNORE_STARTUP_CFG=1 
ROMMON x >  SWITCH_IGNORE_STARTUP_CFG=1


Step 2

Boot the switch with the packages.conf file from flash. 





Switch: boot flash:packages.conf    --# the 9500 was with factory version 16.9.3 and with no packages.conf file
 
ROMMON x > boot


Step 3

Terminate the initial configuration dialog by answering No. 





Would you like to enter the initial configuration dialog? [yes/no]: No


Step 4

At the switch prompt, enter privileged EXEC mode. 





Switch> enable      
Switch#


Step 5

Copy the startup configuration to running configuration. 





Switch# copy startup-config running-config Destination filename [running-config]?





Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.


Step 6

Enter global configuration mode and change the enable password. 





Switch# configure terminal
Switch(config)#


Step 7

Write the running configuration to the startup configuration file. 





Switch(config)# copy running-config startup-config


Step 8

Confirm that manual boot mode is enabled. 





Switch# show boot
 
 BOOT variable = flash:packages.conf; 
 Manual Boot = yes
 Enable Break = yes


Step 9

Reload the device. 





Switch# reload


Step 10

Set the SWITCH_IGNORE_STARTUP_CFG parameter to 0. 





Switch(config)# no system ignore startupconfig switch all
Switch(config)# end
Switch# write memory





at
Labels: ,

7 comments:

  1. davidsmith28 December 2019 at 06:45

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. Adam Mill7 February 2020 at 04:35

    I suggest to all of you try Implementing Cisco Service Provider Advanced Routing Solutions because it is really good & beneficial for Exam prepraration.

    ReplyDelete
  3. Kamal11 November 2020 at 14:34

    Thank you for this document was helpful. you can remove step 9. Multiple reloads are not required.

    ReplyDelete
  4. erectile dysfunction drug25 November 2020 at 16:24

    If some one desires expert view concerning running a blog afterward i advise him/her to pay a quick visit this blog, Keep up the fastidious work.

    ReplyDelete
  5. Anonymous2 July 2021 at 16:55

    This worked great. The only difference I noticed on my device is that it did not ask about entering initial configuration.

    ReplyDelete
  6. leena pearl3 December 2021 at 13:42

    This comment has been removed by a blog administrator.

    ReplyDelete
  7. Anonymous16 April 2024 at 20:14

    the command to ignore the startup config doesn't work for me. It just boots up normal with the startup config. 9500 on 17.9.4, also sidenote this has been configured as an Stackwise Virtual pair.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Passos usados para integrar Meraki MX com Zscaler

  Configurações usadas para integrar Meraki MX com Zscaler 1- Identificar que Networks deverão utilizar esta regra Network tags configuradas...