Creating Passwords and Resetting Lost Passwords on the Catalyst 5000 Series Supervisor Engines

This document describes how to create passwords and recover lost passwords on all types of Catalyst 5000 Supervisor Engines.

To create the examples in this document, we used the following equipment:

• A terminal.
• A console cable suitable for the Supervisor Engine in the switch.
• One Catalyst 5000 switch in a lab environment with cleared configurations.

1 This document was written in an isolated lab environment. Make certain that you understand the potential impact of any command on your network before using it.
² The clear config all command was entered on each switch to ensure that they have default configurations.

Conventions

Command descriptions use the following conventions:

• Vertical bars ( | ) separate alternative, mutually exclusive, arguments.
• Square brackets ([ ]) typically indicate optional arguments.
• Braces ({ }) indicate a required argument.
• Braces within square brackets contain arguments that are required ([{ }]) choice within optional arguments.
• Boldface indicates commands and keywords that are entered literally as shown.
• Italics indicate arguments for which you supply values.

Contents

• Creating and Changing Passwords
  • Tasks That Will Be Performed
  • Step-by-Step
• Resetting Lost Passwords
  • Tasks That Will Be Performed
  • Step-by-Step
• Command Summary

Creating and Changing Passwords

Catalyst switches support two user modes: user and privileged. The user mode allows the user to enter commands that cannot affect the operational status of the switch. The privileged mode grants the user access to all commands on the switch. Each mode has a separate password. If a user mode password has been set up, the password will be required whenever a user attempts to access the switch via a terminal on the console port or a Telnet connection. If a privileged mode password has been set up, it will be required whenever a user enters the enable command at the user mode command prompt. After the user has successfully entered privileged mode, the command prompt on the switch has "(enable)" added to it.

Generally, passwords should be a mix of uppercase and lowercase letters and at least one number. Eight characters is generally considered sufficient for a secure password. A good example is "BlueSky3". Always consult your corporate security policies before configuring any passwords. Passwords should be changed frequently.

For environments that require a higher level of security, Catalyst switches also support TACACS and Radius authentication. TACACS and Radius support secure password authentication (passwords are not passed in clear text) and logging of commands entered at the command line of the switch. See the Catalyst documentation for more information on configuring these protocols.

Tasks That Will Be Performed

1. Connect a terminal to the switch.
2. Enter a user mode password.
3. Enter a privileged mode password.
4. Quit the current console session.
5. Test the new passwords.

Step-by-Step

Step 1. Connect a terminal to the console port of the switch. See Connecting a Terminal to the Catalyst 5000 if you do not know how to do this.

Step 2. Start a user mode console session by pressing the Enter key in your terminal emulation software. You should be prompted for a password. The default user mode password is the Enter key. Press the Enter key when prompted.

Step 3. Go into privileged mode by entering the enable command. The default privileged mode password is the Enter key. Press the Enter key when prompted.

Step 4. Set the user mode password with the setpassword command. (An example password is "BlueSky3".) Press the Enter key when prompted for the old password.

Console> (enable) set password Enter old password: 
Enter new password: 
Retype new password: 
Password changed.
Console> (enable) 

Step 5. Set the privileged mode password with the set enablepass command. (An example password is "RedBird2".) Press the Enter key when prompted for the old password.

Console> (enable) set enablepass Enter old password: 
Enter new password: 
Retype new password: 
Password changed.
Console> (enable) 

Step 6. Terminate your current session by entering the quit command. Then test your new passwords.

Console> (enable) quit Session Disconnected...

Cisco Systems Console           Mon Aug 30 1999, 09:55:58 

Enter password: 
Console>
Console> enable Enter password: 
Console> (enable)

Resetting Lost Passwords

To recover lost passwords, turn the switch off and on again. After the system boots, you will have a 30-second window where the passwords will be returned to the default of the Enter key. You will be able to change the passwords from a management terminal on the console port using the set password and set enablepass commands. When you are prompted to enter the old passwords, press the Enter key, then follow the prompts.

Your original configuration with your new passwords will be in place after you finish this procedure.

Tasks That Will Be Performed

1. Connect a terminal to the switch.
2. Power cycle the switch.
3. Create new (temporary) user and privileged mode passwords.
4. Create secure passwords.

Note: To ensure that you can change both passwords within 30 seconds, make the new passwords a single character. You can change them to something more secure after the 30-second period is over.

Step-by-Step

Step 1. Connect a terminal to the console port of the switch.

Step 2. Power cycle the switch.

Step 3. After the Running System Diagnostics Message appears, perform the following steps as quickly as possible:

• Press the Enter key to start a user mode session.
• Press the Enter key when prompted for a user mode password.
• Go into privileged mode by entering the {en}able command.
• Press the Enter key when prompted for privileged mode a password.

The following output shows this procedure. Keystrokes that are not usually shown are given here for clarity.

Boot image: bootflash:A-sup3.5-1-1
Downloading epld sram device please wait ...
Programming successful for Altera 10K50 SRAM EPLD


Running System Diagnostics from this Supervisor (Module 1)
This may take up to 2 minutes....please wait [Enter]


Cisco Systems Console


Enter password:[Enter]
Console> en[Enter]

Enter password:[Enter]
Console> (enable) 

Step 4. Perform the following steps as quickly as possible:

• Set the user mode password to "a" with the setpass command.
• Set the privileged mode password to "a" with the set enablep command.

The following output shows this procedure on a switch. Keystrokes that are not usually shown are given here for clarity.

Console> (enable) set pass[Enter]
Enter old password:[Enter]
Enter new password:a[Enter]
Retype new password:a[Enter]
Password changed.
Console> (enable) set enablep[Enter] 
Enter old password:[Enter]
Enter new password:a[Enter]
Retype new password:a[Enter]
Password changed.
Console> (enable) 

If you are only able to change the user mode password during the 30-second period, you will have to power cycle the switch again to change the privileged mode password.

Step 7. Proceed to the beginning of this document to create more secure passwords.

Command Summary

• 上一篇: 蓝盟IT外包，元宇宙：四梁八柱是什么
  下一篇: Cisco交换机口令的恢复3900

• 分享到：