Lock Yourself Out Of The Switch

foreverlearningforeverlearning Member Posts: 42 ■■■□□□□□□□
If I put line con 0, login, and dont set password
line con 0, login local and dont set username and password.

I lock myself out. So how do I fix the situation. 


  • Options
    JDMurrayJDMurray Admin Posts: 13,028 Admin
    GPT-4 sez:

    If you've configured `login` or `login local` under `line con 0` (the console port) but haven't set a password or username/password respectively, you will be locked out of console access because the system will expect a password or a username/password pair that does not exist. To resolve this, you will need to perform a password recovery procedure.

    Here are the general steps for a Cisco switch, although the exact procedure may vary slightly depending on the specific model:

    1. Connect your PC to the switch using a console cable.

    2. Reboot the switch. You can do this by unplugging and plugging it back in.

    3. After the switch starts booting, send a break sequence within the first 15-60 seconds of the boot process in order to interrupt the boot sequence. The timing and the method to send a break sequence can depend on the terminal software you're using (like PuTTY, SecureCRT, HyperTerminal, etc.). Often, it's a specific key or combination of keys.

    4. Once you've successfully sent the break sequence, you should be in ROMMON mode. You can recognize this by the prompt, which will typically be something like `switch:`, `rommon 1 >`, or `>`.

    5. In ROMMON mode, set the configuration register to ignore the startup configuration by entering the command `confreg 0x2142`. This tells the switch to boot normally, but to ignore its saved configuration.

    6. Now, boot the switch by typing `reset` or `boot`.

    7. The switch should boot up and present you with a basic initial configuration prompt because it's ignoring its saved configuration. You should be able to access privileged EXEC mode (`enable`), which doesn't require a password in this state.

    8. Once you're in privileged EXEC mode, you can load the saved configuration (which is still there, just ignored during boot) with the command `copy startup-config running-config`. This loads all of your settings, but it doesn't lock you out because you're already in privileged EXEC mode.

    9. Now that you have access to the configuration, navigate to the console line with `line con 0` and set a password with `password [your_password]` and then `login`, or set up a local user database if you're using `login local`.

    10. Save your changes with `copy running-config startup-config`.

    11. Change the configuration register back to the default (usually `0x2102`) with the global configuration mode command `config-register 0x2102`. This tells the switch to load the startup configuration on boot.

    12. Save your changes again with `copy running-config startup-config`.

    13. Finally, reboot the switch to test your new configuration.

    Remember to replace `[your_password]` with the password you want to set.

    Note that the above password recovery procedure should not be used to gain unauthorized access to devices. It should only be used by network administrators who need to recover access to their own equipment.

Sign In or Register to comment.