Description
Step-by-Step Procedure
Example of a Password Recovery on the Catalyst 6000 MSFC Module
Related Information
Description
This document describes the password recovery procedure for the Cisco Catalyst 6000 Multilayer Switch Feature Card (MSFC).
Step-by-Step Procedure
Attach a terminal or PC with terminal emulation to the console port of the switch.
Use the following terminal settings: 9600 baud, no parity, 8 data bits, 1 stop bit
Type show module to determine the MSFC card on which to do password recovery.
The MSFC module is in slot 15 or 16.
Reset the MSFC module you want to do password recovery on.
Use the reset
Wait 5 seconds and then connect to the MSFC console using the switch console command.
After seeing the message "Connected to Router", issue a break sequence.
The break key is a unique sequence that will break the MSFC into rommon. If this does not work, please refer to the break sequence page.
The MSFC will boot to a rommon> prompt.
Type confreg 0x42 at the rommon> prompt to configure the MSFC to boot without its configuration.
Display the current software in bootflash by issuing the dir bootflash: command and record the current software version.
Boot the system with the boot bootflash: command.
NOTE : Do NOT boot the system using the c6msfc-boot image. Doing so will result in loss of configuration after the password recovery process.
After the system boots, answer "No" to all the set-up questions or press Ctrl-C to skip the initial set-up procedure.
Type enable at the Router> prompt. This will put you in enable mode and you will see the Router# prompt.
Type config mem or copy startup-config running-config to copy the nonvolatile RAM (NVRAM) into memory.
This is a crucial step. DO NOT save the configuration (do not use write term or copy running-config startup-config)
Type write terminal or show running-config.
At this point, you should see the full configuration with the unknown enable password or enable secret. All other interfaces are shut down.
Type configure terminal to make the necessary changes.
The prompt is now hostname(config)#
Type enable secret
Use the no shutdown command on interfaces that are being used.
If you use the show ip interface brief command, every interface that you want to use should be up.
Type config-register 0x2102
Press Ctrl-Z to leave the configuration mode. The prompt is now hostname#
Type write memory or copy running-config startup-confi
g to commit the changes.
Example of a Password Recovery on the Catalyst 6000 MSFC Module
switch (enable) show module
Mod Slot Ports Module-Type Model Status
--- ---- ----- ------------------------- ------------------- --------
1 12 1000BaseX Supervisor WS-X6K-SUP1A-2GEok
15 11 Multilayer Switch Feature WS-F6K-MSFC ok
3 34810/100BaseTX Ethernet WS-X6248-RJ-45 ok
4 48 1000BaseX EthernetWS-X6408-GBIC ok
5 52 MM OC-12 ATM WS-X6101-OC12-MMF ok
Mod Module-Name Serial-Num
--- ------------------- -----------
1 SAD03423133
15 SAD03414563
3 SAD03242737
4 SAD03220152
5 SAD03433465
Mod MAC-Address(es)Hw Fw Sw
--- -------------------------------------- ------ ---------- -----------------
1 00-30-96-2a-2a-9e to 00-30-96-2a-2a-9f 1.05.2(1) 5.4(3)
00-30-96-2a-2a-9c to 00-30-96-2a-2a-9d
00-50-3e-9f-20-00 to 00-50-3e-9f-23-ff
15 00-30-96-2a-2a-a0 to 00-30-96-2a-2a-df 1.212.1(1)E, 12.1(1)E,
3 00-50-f0-af-24-d0 to 00-50-f0-af-24-ff 1.14.2(0.24)V 5.4(3)
4 00-d0-58-e9-d0-f0 to 00-d0-58-e9-d0-f7 2.14.2(0.24)V 5.4(3)
5 00-d0-bc-ef-03-68 to 00-d0
-bc-ef-03-87 1.012.0(5)XS, 12.0(5)XS,
Mod Sub-TypeSub-Model Sub-Serial Sub-Hw
--- ----------------------- ------------------- ----------- ------
1 L3 Switching Engine WS-F6K-PFC SAD03424837 1.0
switch(enable) reset 15
Unsaved configuration on module 15 will be lost
Do you want to continue (y/n) [n]? y
2000 Jun 23 06:36:59 %SYS-5-MOD_RESET:Module 15 reset from Console//
Resetting module 15...
switch(enable) switch console
Trying Router-15...
Connected to Router-15.
Type ^C^C^C to switch back...
(A break-sequence has been sent here)
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x42
You must reset or power cycle for new config to take effect
rommon 2 > dir bootflash:
File size Checksum File name
1606784 bytes (0x188480) 0xe58d8560c6msfc-boot-mz.120-7.XE1 <--- Don't use this image to boot !!!
8998276 bytes (0x894d84) 0x1476de9c6msfc-jsv-mz.121-1.E.bin
rommon 3 > boot bootflash:c6msfc-jsv-mz.121-1.E.bin
Self decompressing the image : ########################################################################
####### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
&nb
sp; San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(1)E, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Fri 24-Mar-00 13:57 by kpma
Image text-base: 0x60008900, data-base: 0x6146A000
Cisco Cat6k-MSFC (R5000) processor with 57344K/8192K bytes of memory.
Processor board ID SAD03414563
R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
123K bytes of non-volatile configuration memory.
4096K bytes of packet SRAM memory.
16384K bytes of Flash internal SIMM (Sector size 256K).
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
(ctrl-C pressed)
Press RETURN to get started!
Module online.
Cisco Internetwork Operating System Software
IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(1)E, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Fri 24-Mar-00 13:57 by kpma
Router>enable
Router#
Router#copy startup-config running-config
Destination filename [running-config]?
1153 bytes copied in 0.236 secs
msfc-switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
msfc-switch(config)#enable secret Cisco
msfc-switch(config)#config-register 0x2102
msfc-switch(config)#^Z
msfc-switch#show ip interface brief
Interface IP-Address OK? Method StatusProtocol
EOBC0/6127.0.0.12 YES unset upup
Vlan10 10.1.1.2YES TFTP administratively down down
Vlan20 10.1.2.2YES TFTP administratively down down
Vlan30 10.1.3.2
; YES TFTP administratively down down
Vlan40 10.1.4.2YES TFTP administratively down down
Vlan50 10.1.5.2YES TFTP administratively down down
msfc-switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
msfc-switch(config)#interface vlan10
msfc-switch(config-if)#no shutdown
msfc-switch(config-if)#^Z
msfc-switch#
00:02:16: %SYS-5-CONFIG_I: Configured from console by console
msfc-switch#write memory
Building configuration...
[OK]
msfc-switch#