Recovering a lost or forgotten password on a Cisco Catalyst switch can be stressful, especially in production environments. Fortunately, Cisco has built-in mechanisms that let engineers regain access without wiping the device entirely.
Accessing ROMMON Mode
For most Catalyst switches in 2001 (such as 2900XL or 3500XL), the first step is to interrupt the boot sequence by sending a break signal during startup. This brings the device into ROMMON or switch: prompt, depending on the model.
Changing the Configuration Register
Once at the prompt, change the configuration register to bypass the startup configuration:
switch: flash_init
switch: load_helper
switch: rename flash:config.text flash:config.old
switch: boot
After the device boots, enter privileged mode, then copy the old configuration file back and reset the password.
Final Steps
Make sure to restore the original config and reset the configuration register to its default (usually 0x2102) before reloading:
Switch# copy flash:config.old system:running-config
Switch# configure terminal
Switch(config)# enable secret
Switch(config)# config-register 0x2102
Switch# write memory
Switch# reload
Password recovery doesn’t have to be painful — just be prepared and know your hardware platform.