How to Recover Network Admin Password on Nexus Switches
Have you lost the network administrator password on a Cisco Nexus switch? If yes, this guide can help you learn how to recover it in different ways. But before you go ahead with the password recovery procedure, here are a couple of things that you must know:
What to Do If There Are Two Supervisor Modules on a Device
- If there are two supervisor modules on a device, the password recovery procedure must be performed on the supervisor module that will remain active after completing the recovery procedure.
- To ensure that the other supervisor module doesn’t become active, you need to either remove the other supervisor module from the chassis or change the console prompt of the other supervisor module to loader> or switch (boot)#.
The Two Ways to Recover Admin Password on Nexus Switches
- From the Command Line Interface (CLI) with a user name with network-admin privileges
- By power cycling the device
Steps to Recover Admin Password on a Nexus Switches by Using CLI
Step 1: Check if the username has network-admin privileges
- switch# show user-account
user:admin
this user account has no expiry date
roles:network-admin
user:dbgusr
this user account has no expiry date
roles:network-admin network-operator
Step 2: If a username has network-admin privileges, then create a new network admin password.
- switch# configure terminal
- switch(config)# username admin password <new password>
- switch(config)# exit
- switch#
Step 3: Save the changes.
- switch# copy running-config startup-config
Steps to Recover Admin Password on a Nexus Switches by Power Cycling
If you cannot recover the password with the above method, you have to recover the network admin password by power cycling the device by the method discussed below. Remember that the password recovery procedure will interrupt all the traffic on the device and there will be no connections for 2 to 3 minutes.
Before you try any other method, you must note that you cannot recover the network admin password on a Nexus switch from a Telnet or Secure Shell (SSH) session. It is mandatory to have the access to the local console connection. Besides, you cannot use the CMP management interface as well to recover the password on NX-OS enabled devices such as Cisco Nexus 7000 series switches.
When you recover the password, it is updated only in the local user database and not on the remote AAA servers. The new password will work only if local authentication is enabled. It is not going to work from remote authentication. During password recovery, local authentication is enabled for logins only through a console so that only the admin user can log in with the updated password.
Step 1: Establish a terminal session on the switch’s console and power cycle the switch. Here are the settings for the console:
- Speed— 9600 baud
- Databits— 8 bits per byte
- Stopbits— 1 bit
- Parity— none
Step 2: Continue to press Ctrl-] during the boot sequence to enter the switch(boot)# prompt mode when you see that system image is getting loaded. In case you are using earlier versions of Nexus Switches such as Nexus 5000 Series switches that are enabled using Cisco NX-OS 4.0(0)N1(2a), press Ctrl-B(Ctrl+Shift+B) instead of Ctrl-].
Mod 1 2 Post Completed Successfully
Mod 3 Post Completed Successfully
POST is completed
Checking all filesystems….r. done.
Ctrl-]
switch(boot)#
Step 3: Update the network admin password now using the following commands:
switch(boot)# configure terminal
switch(boot-config)# admin-password <new password>
WARNING! Remote Authentication for login through console has been
disabled
switch(boot-config)# exit
switch(boot)#
Step 4: Display the bootflash: contents to find the image file of Cisco NX-OS software.
switch(boot)# dir bootflash:
Step 5: Load the image of Cisco NX-OS software. Here, it has been assumed that the system image file name is nx-os.bin:
switch(boot) # load bootflash:nx-os.bin
Step 6: Now, log in to the device using the updated network admin password.
switch login: admin
Password: <new password>
Step 7: When you see the following lines, it means the local authentication is enabled for logins through a local console instead of the remote console. It is advised to not change the running configuration to ensure that the new password will work for future logins. Once you reset, you can enable remote authentication and remember the admin password configured on the AAA servers.
switch# show running-config aaa
!Command: show running-config aaa
!Time: Fri Feb 5 02:39:23 2010
version 5.0(2)
logging level aaa 5
aaa authentication login ascii-authentication
Step 8: Then, reset the new password so that it is also the SNMP (Simple Network Management Protocol) password.
switch# configure terminal
switch(config)# username admin password <new password>
switch(config)# exit
switch#
Step 9: Now, if needed, you can insert the previously removed supervisor module into the chassis.
Step 10: If needed, boot the Cisco NX-OS kickstart image with the file name for example nx-os_kickstart.bin on the standby supervisor module.
loader# boot bootflash:nx-os_kickstart.bin
Step 11: Now, load the Cisco NX-OS software on the standby supervisor module if needed. Here, it has been assumed that the system image file name is nx-os.bin:
switch(boot)# load bootflash:nx-os.bin
Step 12: Finally, save the configuration by running the following command.
switch# copy running-config startup-config
We hope that these steps (that are shared by Cisco) will help you recover your password on Nexus switches.
Gear Net Technologies is the leading supplier of Cisco Nexus Switches in the local as well as international markets. If you have any queries, please connect with us via WhatsApp: +971585811786