Reset Search
 

 

Article

How to Recover an EXOS Switch and its Configuration Without the Password

« Go Back

Information

 
TitleHow to Recover an EXOS Switch and its Configuration Without the Password
Objective
The procedures below will help reset the password on an EXOS switch, while preserving the rest of the configuration.
Environment
  • EXOS All
Procedure
If this switch is running EXOS 16.2 or higher, you can use a one-time failsafe password to login.

Otherwise, you will need to use one of the following methods. 
The first involves creating an autoexec script to add a temporary account, and the second involves transferring the XML config off the switch and modifying it in a text editor. Both require the same initial steps.

Initial Steps: Reboot the switch with a default configuration
  1. Connect to the switch via console connection.
  2. Power cycle the switch.
  3. During the boot process “hold the spacebar” to enter bootrom.
    Extreme Networks
    Alternate BootStrap Image
    Starting CRC of Default image
    Using Default image ...
    
    
    Extreme Networks
    
    
    Default BootLoader Image
    DRAM Post
    
    
    Press and hold the <spacebar> to enter the bootrom.
    1. In the bootrom, type the commands below to select a default configuration to be booted:
      BootRom > config none
      BootRom > boot
      1. The switch should now boot with a factory default configuration. Username:admin, Password:<blank>

      At this point, perform one of the procedures below. Either continue with the steps below, to create an autoexec script, or skip down to "Transferring the XML config off and modifying it"

      Method 1: Creating an autoexec script
      1. Enter the vi editor to create an autoexec.xsf file
        vi autoexec.xsf
        1. Press the i key to enter insert mode.
        2. Type the following line, which will create a new user called 'temp' with admin privileges and a password of 'password'
          create account admin temp password
        3. Exit insert mode by pressing ESC, then write the file and quit vi by typing :wq
        4. Reboot the switch by typing reboot, but do NOT save the config. Saving the config at this point will overwrite the existing configuration with a blank one.
        5. When the switch reboots, the autoexec.xsf script will be executed, creating the new account.
        6. Log in using the new account, and make the appropriate changes to the other accounts to allow access. If the password for an account is unknown, the only way to change the password is to delete the account and re-create it.
        7. Log out, and ensure that the other accounts can now be used to log into the switch.
        8. While logged in using a different account than one created in the script, delete the temp account and the autoexec.xsf script.
          delete account temp
          rm autoexec.xsf
        At this point, the switch should be back to its initial configuration, except for the passwords on the modified accounts.

        Method 2: Transferring the XML config off and modifying it:
        1. Once logged into the switch: configure an IP address on VLAN: mgmt and connect a PC with a TFTP server.
          configure vlan mgmt ipaddress <SWITCH_IP>
          1. Use ls to list files present on the switches memory.
          2. Use TFTP to collect the original configuration file. Likely “primary.cfg”.
            tftp put <TFTP_SERVER_IP> primary.cfg
            1. Save a new config file with the current factory default credentials
              save configuration nopassword
              1. Use TFTP to collect this file
                tftp put <TFTP_SERVER_IP> nopassword.cfg
                1. Use a text editor such as Notepad++ to replace the password data as demonstrated below:
                  Primary.cfg: 
                       <account><name><![CDATA[admin]]></name><password><![CDATA[DlWbeK$OF3c54bLuRbBMtpy19rfP/]]></password><default_val>0</default_val><readwrite>1</readwrite></account>
                  Nopassword.cfg:
                       <account><name><![CDATA[admin]]></name><password><![CDATA[DlWRiK$y/1Cl8umtCcGlxaRAW8.m/]]></password><default_val>1</default_val><readwrite>1</readwrite></account>
                  Primary.cfg:
                       <account><name><![CDATA[admin]]></name><password><![CDATA[DlWRiK$y/1Cl8umtCcGlxaRAW8.m/]]></password><default_val>0</default_val><readwrite>1</readwrite></account>
                  1. Use TFTP to overwrite the configuration on the switch with the password edited version.
                    tftp get <TFTP_SERVER_IP> primary.cfg force-overwrite
                    1. Use the new configuration
                      use configuration primary
                      reboot
                      1. Login to switch with admin/no password and verify that the expected configuration is present.
                      2. If not, collect any other .cfg files present on the switch and repeat the process.
                      Additional notes
                      In order to prevent losing access in the future, a failsafe account can be created with the command configure failsafe-account.

                      Feedback

                       

                      Was this article helpful?


                         

                      Feedback

                      Please tell us how we can make this article more useful.

                      Characters Remaining: 255