Posted on

Cisco – IOS XE Password Recovery on Catalyst 3850

NOTE: Mr. Bray recommends disabling the ability to recover the password/config with one of these commands (varies):
no service password-recovery     or
system disable password recovery switch all

Apply power to the switch. Immediately press the Mode button while the System LED is flashing. Hold the Mode button until all the system LEDs turn on and remain solid; then release it.

  1. Initialize flash
    Switch: flash_init
  2. Ignore the startup configuration
    Switch: SWITCH_IGNORE_STARTUP_CFG=1
  3. Boot packages.conf
    Switch: boot flash:packages.conf
  4. Terminate the initial configuration dialog by answering No.
    Would you like to enter the initial configuration dialog? [yes/no]: No
  5. At the switch prompt, enter privileged EXEC mode.
    Switch> enable
    Switch#
  6. Copy the startup configuration to running configuration.
    Switch# copy startup-config running-config
    Destination filename [running-config]?
    Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.
  7. Enter global configuration mode and change the enable password.
    Switch# configure terminal
    Switch(config)#
  8. Write the running configuration to the startup configuration file.
    Switch# copy running-config startup-config
  9. Confirm that manual boot mode is enabled.
    Switch# show boot
    BOOT variable = flash:packages.conf;
    Manual Boot = yes
    Enable Break = yes
  10. Reload the switch.
    Switch# reload
  11. Return the Bootloader parameters (previously changed in Steps 2 and 3) to their original values.
    Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=1
    Switch: switch: SWITCH_IGNORE_STARTUP_CFG=0
  12. Boot the switch with the packages.conf file from flash.
    Switch: boot flash:packages.conf
  13. After the switch boots up, disable manual boot on the switch.
    Switch(config)# no boot manual

Sauce