Recently I had to recover the admin password on the Nexus 5548. The Cisco doc was a little bit uncleared so I figured I’ll make some notes on it.
First thing reboot the switch. The power supplies on these don’t have a on/off switch so you’ll have to pull the power cable.
When you see the output of “Loading system…” press the break command sequence Ctrl+]. This will bring you into the boot mode:
Version 2.00.1201. Copyright (C) 2009 American Megatrends, Inc. Booting kickstart image: bootflash:/n5000-uk9-kickstart.5.2.1.N1.1b.bin.... ............................................................................... ........................Image verification OK INIT: I2C - Mezz absent Starting system POST..... Executing Mod 1 1 SEEPROM Test:...done (0 seconds) Executing Mod 1 1 GigE Port Test:....done (32 seconds) Executing Mod 1 1 PCIE Test:.................done (0 seconds) Mod 1 1 Post Completed Successfully POST is completed can't create lock file /var/lock/mtab~193: No such file or directory (use -n flag to override) nohup: redirecting stderr to stdout autoneg unmodified, ignoring autoneg unmodified, ignoring Checking all filesystems....r. done. ^]Loading system <
I was interested to see what commands are available in this mode, there are few that I’ll use for the recovery (->):
switch(boot)# ? Exec commands: clear Reset functions ->config Enter configuration mode copy Copy from one file to another delete Delete a file or directory ->dir Directory listing for files erase Erase Sam Configuration exit Exit from the EXEC find Find a file below the current directory format Format disks init Initialize internal disk ->load Load system image mkdir Create new directory move Move files no Disable debugging functions pwd View current directory reload Reboot this supervisor module rmdir Remove existing directory show Show running system information sleep Sleep for the specified number of seconds ssh SSH to another system tail Display the last part of a file telnet Telnet to another system terminal Set terminal line parameters write Write current configuration
In the configuration mode I’ll use the “admin-password” command to reset my password.
switch(boot)# conf t switch(boot)(config)# admin-password MY-NEW-CHANGED-PASSWORD switch(boot)(config)# exit
Next, I’ll have to lookup the system NX-OS image’s filename, which in my case is n5000-uk9.5.2.1.N1.1b.bin:
switch(boot)# dir 0 Jan 01 2009 23:52:08 20090101_235208_poap_3569_init.log 447719 Jan 07 2009 19:03:57 20090107_180315_poap_3484_init.log 4096 Feb 06 2013 20:06:05 lost+found/ 2816 Feb 06 2013 20:41:04 mts.log 31642624 Jan 11 2013 23:47:27 n5000-uk9-kickstart.5.2.1.N1.1b.bin ->173082673 Jan 11 2013 23:48:13 n5000-uk9.5.2.1.N1.1b.bin 738 Jan 01 2009 23:58:14 span.log 4096 Jan 01 2009 23:51:11 vdc_2/ 4096 Jan 01 2009 23:51:11 vdc_3/ 4096 Jan 01 2009 23:51:11 vdc_4/ Usage for bootflash: filesystem 322887680 bytes used 1328017408 bytes free 1650905088 bytes total
Once the password is reset and I know the system boot image path, I can load it.
switch(boot)# load bootflash:n5000-uk9.5.2.1.N1.1b.bin Uncompressing system image: bootflash:/n5000-uk9.5.2.1.N1.1b.bin Wed Feb 6 20:48:11 UTC 2013
Watch pretty text go by…
Load plugins that defined in image conf: /isan/plugin_img/img.conf load_plugin: failed read swid map from "/mnt/pss/plugin_swid_map" with rc 0xffffffff. Plugin will be assigned new ID Loading plugin 0: core_plugin... load_plugin: Can't get exclude list from /isan/plugin/0/boot/etc/plugin_exclude.conf (rc 0x40ea0017) Loading plugin 1: eth_plugin... ethernet switching mode INIT: Switching to runlevel: 3 INIT: Sending processes the TERM signal INIT: (boot)# touch: cannot touch `/var/lock/subsys/n /isan/bin/muxif_config: fex vlan id: -f,4042 Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config Added VLAN with VID == 4042 to IF -:muxif:- 2013 Feb 6 20:48:35 my_nexus_5548 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files begin - clis 2013 Feb 6 20:48:38 my_nexus_5548 %$ VDC-1 %$ Feb 6 20:48:38 %KERN-0-SYSTEM_MSG: I2C - Mezz absent - kernel 2013 Feb 6 20:48:44 my_nexus_5548 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files end - clis 2013 Feb 6 20:48:44 my_nexus_5548 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: init begin - clis 2013 Feb 6 20:49:39 my_nexus_5548 %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online Nexus 5000 Switch my_nexus_5548 login: admin Password: Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php
Last step to set the admin password again in the running config and save it.
my_nexus_5548# conf t Enter configuration commands, one per line. End with CNTL/Z. my_nexus_5548(config)# username admin password 0 MY_NEW_CHANGED_PASSWORD my_nexus_5548(config)# my_nexus_5548# copy running startup [########################################] 100%
We have NX OS 6.
What is there the command sequence ?
Ctrl+] is not working……..
http://www.cisco.com/en/US/docs/switches/datacenter/sw/password_recovery/nx_os_pw.html
from the Password Recovery Procedure for Cisco NX-OS pdf
Step 3 If you use Telnet to access the console port, press Ctrl-] (right square bracket) to verify that it does not conflict with the Telnet escape sequence.
switch login: Ctrl-]
telnet> set escape ^\
Escape Character is ‘CTRL+\’
Des B. Did you get a resolution for this? this just happened to me
Des B. Did you get a resolution for this?
Thank you so much – the tip to hit Ctrl ] at Loading system software was a lifesaver!