Menu
kemot-net.com
  • Home
  • Blog
  • CCIE
  • Contact Me
  • About Me
kemot-net.com

Password Recovery – Nexus 5548

Posted on February 8, 2013January 8, 2019 by Tom Kacprzynski

Recently I had to recover the admin password on the Nexus 5548. The Cisco doc was a little bit uncleared so I figured I’ll make some notes on it.

First thing reboot the switch. The power supplies on these don’t have a on/off switch so you’ll have to pull the power cable.

When you see the output of “Loading system…” press the break command sequence Ctrl+]. This will bring you into the boot mode:

 

Version 2.00.1201. Copyright (C) 2009 American Megatrends, Inc.
Booting kickstart image: bootflash:/n5000-uk9-kickstart.5.2.1.N1.1b.bin....
...............................................................................
........................Image verification OK

INIT: I2C - Mezz absent
Starting system POST.....
  Executing Mod 1 1 SEEPROM Test:...done (0 seconds)
  Executing Mod 1 1 GigE Port Test:....done (32 seconds)
  Executing Mod 1 1 PCIE Test:.................done (0 seconds)
  Mod 1 1 Post Completed Successfully
POST is completed
can't create lock file /var/lock/mtab~193: No such file or directory (use -n flag to override)
nohup: redirecting stderr to stdout
autoneg unmodified, ignoring
autoneg unmodified, ignoring
Checking all filesystems....r. done.
^]Loading system  <

I was interested to see what commands are available in this mode, there are few that I’ll use for the recovery (->):

switch(boot)# ?
Exec commands:
  clear     Reset functions
->config    Enter configuration mode
  copy      Copy from one file to another
  delete    Delete a file or directory
->dir       Directory listing for files
  erase     Erase Sam Configuration
  exit      Exit from the EXEC
  find      Find a file below the current directory
  format    Format disks
  init      Initialize internal disk
->load      Load system image
  mkdir     Create new directory
  move      Move files
  no        Disable debugging functions
  pwd       View current directory
  reload    Reboot this supervisor module
  rmdir     Remove existing directory
  show      Show running system information
  sleep     Sleep for the specified number of seconds
  ssh       SSH to another system
  tail      Display the last part of a file
  telnet    Telnet to another system
  terminal  Set terminal line parameters
  write     Write current configuration

In the configuration mode I’ll use the “admin-password” command to reset my password.

switch(boot)# conf t
switch(boot)(config)# admin-password MY-NEW-CHANGED-PASSWORD
switch(boot)(config)# exit

Next, I’ll have to lookup the system NX-OS image’s filename, which in my case is n5000-uk9.5.2.1.N1.1b.bin:

switch(boot)# dir
          0  Jan 01 2009 23:52:08  20090101_235208_poap_3569_init.log
     447719  Jan 07 2009 19:03:57  20090107_180315_poap_3484_init.log
       4096  Feb 06 2013 20:06:05  lost+found/
       2816  Feb 06 2013 20:41:04  mts.log
   31642624  Jan 11 2013 23:47:27  n5000-uk9-kickstart.5.2.1.N1.1b.bin
->173082673  Jan 11 2013 23:48:13  n5000-uk9.5.2.1.N1.1b.bin
        738  Jan 01 2009 23:58:14  span.log
       4096  Jan 01 2009 23:51:11  vdc_2/
       4096  Jan 01 2009 23:51:11  vdc_3/
       4096  Jan 01 2009 23:51:11  vdc_4/

Usage for bootflash: filesystem
  322887680 bytes used
 1328017408 bytes free
 1650905088 bytes total

Once the password is reset and I know the system boot image path, I can load it.

switch(boot)# load bootflash:n5000-uk9.5.2.1.N1.1b.bin
Uncompressing system image: bootflash:/n5000-uk9.5.2.1.N1.1b.bin Wed Feb 6 20:48:11 UTC 2013

Watch pretty text go by…

Load plugins that defined in image conf: /isan/plugin_img/img.conf
load_plugin: failed read swid map from "/mnt/pss/plugin_swid_map" with rc 0xffffffff. Plugin will be assigned new ID
Loading plugin 0: core_plugin...
load_plugin: Can't get exclude list from /isan/plugin/0/boot/etc/plugin_exclude.conf (rc 0x40ea0017)
Loading plugin 1: eth_plugin...
ethernet switching mode
INIT: Switching to runlevel: 3
INIT: Sending processes the TERM signal
INIT: (boot)#
touch: cannot touch `/var/lock/subsys/n
/isan/bin/muxif_config: fex vlan id: -f,4042
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
2013 Feb  6 20:48:35 my_nexus_5548 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files begin  - clis
2013 Feb  6 20:48:38 my_nexus_5548 %$ VDC-1 %$ Feb  6 20:48:38 %KERN-0-SYSTEM_MSG: I2C - Mezz absent  - kernel
2013 Feb  6 20:48:44 my_nexus_5548 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files end  - clis
2013 Feb  6 20:48:44 my_nexus_5548 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: init begin  - clis
2013 Feb  6 20:49:39 my_nexus_5548 %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 1 has come online

Nexus 5000 Switch
my_nexus_5548 login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Last step to set the admin password again in the running config and save it.

my_nexus_5548# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
my_nexus_5548(config)# username admin password 0 MY_NEW_CHANGED_PASSWORD
my_nexus_5548(config)#
my_nexus_5548# copy running startup
[########################################] 100%
Share on Social Media
twitter facebook linkedin

5 thoughts on “Password Recovery – Nexus 5548”

  1. HansBambel says:
    August 14, 2013 at 08:52

    We have NX OS 6.

    What is there the command sequence ?

    Ctrl+] is not working……..

  2. Dave says:
    February 6, 2014 at 12:20

    http://www.cisco.com/en/US/docs/switches/datacenter/sw/password_recovery/nx_os_pw.html

    from the Password Recovery Procedure for Cisco NX-OS pdf

    Step 3 If you use Telnet to access the console port, press Ctrl-] (right square bracket) to verify that it does not conflict with the Telnet escape sequence.

    switch login: Ctrl-]

    telnet> set escape ^\

    Escape Character is ‘CTRL+\’

  3. Joe says:
    February 10, 2014 at 09:40

    Des B. Did you get a resolution for this? this just happened to me

  4. Bryan says:
    April 15, 2014 at 23:09

    Des B. Did you get a resolution for this?

  5. ktam says:
    September 18, 2014 at 10:56

    Thank you so much – the tip to hit Ctrl ] at Loading system software was a lifesaver!

Comments are closed.

Recent Posts

  • Why I’m running for the NANOG Board of Directors? September 14, 2020
  • What is CHI-NOG (Chicago-NOG) September 8, 2014
  • Pseudowire FAT Interoperability May 15, 2014
  • New GNS3 – Redesign changing networking again December 2, 2013
  • Anycast DNS with IP SLA DNS September 26, 2013

Popular Posts

  • Password Recovery – Nexus 5548
  • BGP Decision Process
  • Nexus – iBGP with BFD
  • OSPF Area Range – Active vs Passive Advertisment
  • When NTP access-control needs ACL for 127.127.7.1?
  • Home
  • Blog
  • CCIE
  • Contact Me
  • About Me

Tags

650-001 acl bgp blog bootcamp cac call-rate CCIE ccie written configuration lab cost courses dmvpn doccd documentation exam flash cards g.7.29 g.711 general-prefix gns3 ine intro ipexpert ipv6 ipv6 6to4 ipv6 acl mind map money narbik ospf qos rsvp security summary super memo technology based labs tips tom troubleshooting lab tunneling VIRL voip wiki workbooks
©2023 kemot-net.com | Powered by WordPress & Superb Themes