1
00:00:09,610 --> 00:00:16,270
This link here explains how to reset passwords on a Cisco 3560 switch.

2
00:00:17,240 --> 00:00:22,610
So how do we recover a lost or forgotten password on a 3560 switch?

3
00:00:24,840 --> 00:00:30,960
There are two options, one when password recovery is enabled and one when it's disabled.

4
00:00:31,980 --> 00:00:38,640
In our example, we have a default configuration where password recovery is permitted.

5
00:00:39,630 --> 00:00:48,240
So we need to connect to the console of the device, now in packet tracer, we can either do that by

6
00:00:48,240 --> 00:00:54,930
dragging a PC into the topology and then connecting it via a console cable.

7
00:00:57,520 --> 00:01:01,570
So I could connect to the console of the switch and have a look

8
00:01:08,020 --> 00:01:16,510
at the switch directly through the console, password here is unknown, I'm not going to do it that

9
00:01:16,510 --> 00:01:16,860
way.

10
00:01:17,650 --> 00:01:22,350
I'm simply going to click on the device, which gives me a console connection anyway

11
00:01:24,020 --> 00:01:31,640
but please be aware that in the real world, you would need to physically connect a PC to the console

12
00:01:32,030 --> 00:01:35,390
of your switch or router when doing password recovery.

13
00:01:36,830 --> 00:01:44,600
Now, the next step is to make sure that you're using 9600 bits per second in your terminal emulation software

14
00:01:45,140 --> 00:01:47,580
that's the default in packet tracer.

15
00:01:48,200 --> 00:01:55,070
We need to power off of the switch and then reconnect  the power cord and then within 15 seconds,

16
00:01:55,070 --> 00:02:00,320
press the mode button while the system LED is still flashing green.

17
00:02:01,130 --> 00:02:08,660
Continue pressing the mode button until the system LED turns briefly amber and then solid green

18
00:02:09,020 --> 00:02:11,510
and then release the mode button.

19
00:02:12,090 --> 00:02:18,530
In my example, I can't physically unplug the power through packet tracer.

20
00:02:19,870 --> 00:02:27,340
So I'm going to power cycle the devices that power cycles all the devices, but I've already reset

21
00:02:27,550 --> 00:02:30,310
the configuration of my routers, so that's fine.

22
00:02:30,820 --> 00:02:39,550
I'm going to press the mode button on the switch, which then allows me to access ROM MON on the switch.

23
00:02:40,790 --> 00:02:48,680
Now, some tips, if that doesn't work, power cycle the device and then click the mode button two or three

24
00:02:48,680 --> 00:02:49,220
times

25
00:02:51,540 --> 00:02:55,110
to get packet tracer to take you to ROM monitor mode.

26
00:02:57,690 --> 00:03:05,400
So notice now that the boot process was terminated, question mark, Enter shows me that I'm in ROM MON

27
00:03:05,400 --> 00:03:05,820
mode.

28
00:03:07,240 --> 00:03:13,660
Now that we've got into ROM monitor mode, we need to use the command flash in it.

29
00:03:15,870 --> 00:03:23,900
So here's the command flash in it, we're told that the flash is already initialized, so be aware that

30
00:03:24,150 --> 00:03:27,540
packet tracer may be a little bit different to the real world.

31
00:03:29,130 --> 00:03:36,360
This command, as an example, is not required and is not supported in packet tracer, so the next

32
00:03:36,360 --> 00:03:40,200
command is to look at flash, so DIR flash, 

33
00:03:41,570 --> 00:03:44,330
there's the contents of flash on the switch.

34
00:03:47,260 --> 00:03:56,380
We told to rename the config text file as config text old, so there's our config text file.

35
00:03:57,040 --> 00:04:09,550
So rename flash config, text as flash config, text old before I press enter let's verify that.

36
00:04:10,750 --> 00:04:23,090
That's what we're told to do, so that looks right, press enter DIR Flash, the file has been renamed.

37
00:04:23,860 --> 00:04:25,510
So that was the original name.

38
00:04:25,960 --> 00:04:27,160
This is the new name.

39
00:04:28,180 --> 00:04:33,820
Now, in the real world, when you boot the switch, it will take you to the initial configuration

40
00:04:33,820 --> 00:04:34,600
dialog.

41
00:04:35,500 --> 00:04:36,250
So boot, 

42
00:04:37,420 --> 00:04:40,240
let's see if that actually works in Packet Tracer.

43
00:04:41,650 --> 00:04:45,040
What we should be able to do is now bypass

44
00:04:46,330 --> 00:04:49,510
the configuration and type enable

45
00:04:51,100 --> 00:04:56,980
and then rename the config back to what it was, copy the configuration, 

46
00:04:58,620 --> 00:05:03,540
reset passwords and save the configuration and then reload the switch.

47
00:05:05,560 --> 00:05:14,710
So for the real world, have a look at the Cisco documentation for your relevant device. In packet tracer

48
00:05:14,740 --> 00:05:20,680
however, the original configuration has been applied, so that doesn't work entirely.

49
00:05:21,680 --> 00:05:30,050
So what I'm going to do is erase the startup configuration, we do have the startup configuration in

50
00:05:30,050 --> 00:05:33,740
Flash, we can't see that here

51
00:05:34,690 --> 00:05:43,270
but if I go back to the physical device view and power cycle the device and press the mode button.

52
00:05:45,310 --> 00:05:50,380
Notice in Flash, I can see the original configuration.

53
00:05:51,580 --> 00:05:56,830
So I could use that to replace the running config on the switch.

54
00:05:57,850 --> 00:06:00,400
So what I'm going to do is boot the switch

55
00:06:01,360 --> 00:06:02,770
and then once it's booted

56
00:06:05,310 --> 00:06:07,800
I'll be able to erase the NVRAM.

57
00:06:10,080 --> 00:06:17,070
Switch is not booted up, again enabled doesn't work, I'm going to erase the NVRAM.

58
00:06:18,670 --> 00:06:22,880
That actually has taken me directly to privilege mode in Packet Tracer. 

59
00:06:23,650 --> 00:06:26,410
That wouldn't happen in the real world.

60
00:06:27,010 --> 00:06:29,680
What we need to do is power cycle the device again

61
00:06:30,860 --> 00:06:32,450
and now when it reboots

62
00:06:33,570 --> 00:06:37,500
we should see an initial configuration dialog.

63
00:06:39,200 --> 00:06:42,480
Which we do, which I can now bypass.

64
00:06:43,220 --> 00:06:47,390
So essentially in packet tracer we had to do an extra step.

65
00:06:50,140 --> 00:06:58,810
We didn't just boot the device up, we had to erase the startup configuration in packet tracer and then boot

66
00:06:58,810 --> 00:06:59,450
the device.

67
00:07:00,220 --> 00:07:03,220
So if I type enable, I'm in privilege mode.

68
00:07:04,150 --> 00:07:11,290
So show startup configuration shows us that no startup configuration exists

69
00:07:12,010 --> 00:07:17,740
but I do have this file stored in Flash.

70
00:07:19,040 --> 00:07:25,250
So I could now follow the steps on the Cisco documentation

71
00:07:28,000 --> 00:07:29,860
and rename the file.

72
00:07:31,150 --> 00:07:34,080
That command isn't supported in Packet Tracer

73
00:07:36,470 --> 00:07:45,920
So what I'm going to do is simply copy the configuration to the running-config, so copy flash config

74
00:07:46,580 --> 00:07:51,050
.text.old  to running config.

75
00:07:53,690 --> 00:07:58,250
Doesn't like that command so let's do a copy flash to running-config.

76
00:07:59,680 --> 00:08:04,510
Source file will be config.text.old, 

77
00:08:05,470 --> 00:08:13,840
destination will be the running-config. Notice now that a loopback interfaces come up, switch name has

78
00:08:13,840 --> 00:08:15,190
changed to switch 1.

79
00:08:15,670 --> 00:08:17,540
Previously it was switched.

80
00:08:18,340 --> 00:08:19,420
Now it's switch 1.

81
00:08:20,170 --> 00:08:22,540
So show run shows us

82
00:08:23,620 --> 00:08:30,820
the secret password of the switch, which we don't know, can see the hostname, we can see some other

83
00:08:30,820 --> 00:08:37,600
configuration on the switch, including EIGRP and an IP address on the switch.