Header Only - DO NOT REMOVE - Extreme Networks

Password Recovery for the SecureStack Series


Userlevel 3
Article ID: 5476

Products
C5, C3, C2-Series
B5, B3, B2-Series
A2-Series

Symptoms
Lost password
Forgot password

Solution
Central to these procedures is the "Reset button". On each SecureStack unit is a small push-button. On the C5/C3/C2/B5/B3/B2, it is located to the immediate right of the "stack down" connector on the rear of the unit. On the A2, it is located to the immediate right of the console port on the front of the unit. This button does not power cycle the switch, but is used to clear the passwords as explained in detail below.

In these instructions, the "HW revision" refers to the last two digits of the serial number.

Newer hardware

C2G124-48 HW Revision Level 0C (zero C) and higher;
C2G124-48P HW Revision Level 0C (zero C) and higher;
all other C2 models, C5-Series, C3-Series, B5-Series, B3-Series, B2-Series, A2-Series.


This procedure is not disruptive to the operation of the SecureStack, with the possible exception of any RADIUS setup changes the user chooses to make.

Note that if RADIUS has been configured to regulate management access (5677), the associated passwords on the RADIUS server will override the local passwords. To drop back to local passwords, use the following procedure while there is no connection to the RADIUS server, then log in and disable RADIUS, then reassign passwords as desired.

While the switch is operational, press and hold the Reset button for five seconds, then release.

A "Password Reset button has been pressed" message will display on the cli console and in the current.log (5487).

The admin, rw, and ro login passwords will be reset to ; and with C2 f/w 3.01.45 and higher, the boot menu password will be reset to the default value of "administrator" (5551).

Older hardware

C2G124-48 HW Revision Level 0B (zero 😎 and lower;
C2G124-48P HW Revision Level 0B (zero 😎 and lower.


All of these procedures are disruptive to the operation of the SecureStack, and "method 2" will result in configuration loss. Please read through the entire set of instructions for an understanding of the expected side effects, before performing any steps.

Note that if RADIUS has been configured to regulate management access (5677), the associated passwords on the RADIUS server will override the local passwords. To drop back to local passwords, use the following procedure while there is no connection to the RADIUS server, then log in and disable RADIUS, then continue with whatever recovery is necessary.

Resetting the rw, ro, and boot menu Passwords

  1. Power up (or reset) the unit.
  2. During boot-up while the CPU LED is blinking amber, press and hold the Reset button for five seconds, then release.
  3. Within a minute or two, the CPU LED will turn green, indicating that the boot process is complete.
After boot-up, the rw and ro login passwords will be reset to ; and with C2 f/w 3.01.45 and higher, the boot menu password will be reset to the default value of "administrator" (5551).

With firmware prior to 2.00.48, logging in as rw allows the user to change the admin password. With firmware 2.00.48 and higher, in the absence of the admin password you will also need to use one of the following two recovery methods.

Resetting the admin Password, method 1, with the ability to obtain rw access:

  1. Log onto the C2 with rw access (using account "rw" or equivalent), via Telnet/SSH, or serially per the instructions in 5463.
  2. Save the active configuration to a new or existing configuration file within the C2's configsdirectory: show configuration outfile configs/<filename1>[/code]
  3. With a TFTP service running in the background, use TFTP to copy that file to a TFTP Server: copy configs/<filename1> tftp://<TFTP_server_IP_address>/<filename2>[/code]
  4. On the TFTP server, using Wordpad or equivalent unformatted text utility, open<filename2>.
  5. Delete the entire command line (example follows) which is disabling the admin password: set system login admin super-user disable password :02523ab0258709bdd3037bc91a201b8b397e0f4c:[/code]
  6. Re-save the file, to <filename3>.
  7. With a TFTP service running in the background, use TFTP to copy that file back to the C2: copy tftp://<TFTP_server_IP_address>/<filename3> configs/<filename4>[/code]
  8. Verify that the file is present and looks reasonable: dir[/code]
  9. Activate the C2 system onto the modified configuration file: configure configs/<filename4>[/code]
  10. The unit will reboot, and after boot-up is complete the admin login password will be reset to - with otherwise intact configurations.
Resetting the admin Password, method 2, without the ability to obtain RW access:

  1. Establish a serial console session to the C2, per the instructions in 5463.
  2. Reset the C2.
  3. Upon boot-up, type "2" when the below screen is presented in the CLI output. Enterasys C2-Series Boot Code... SDRAM Circuit Test of 256MB 100% Version 01.00.29 05-09-2005 Computing MD5 Checksum of operational code... Select an option. If no selection in 2 seconds then Operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2[/code]
  4. From the Boot Menu, type "10" when the below screen is presented in the CLI output. You may need a password (5551). Password: ************* Boot Menu Version 01.00.29 05-09-2005 Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). 4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Run Flash Diagnostics 7 - Update Boot Code 8 - Delete operational code 9 - Reset the system 10 - Restore Configuration to factory defaults (delete config files) 11 - Set new Boot Code password [Boot Menu] 10[/code]Note: If this command is issued while the C2 is stacked, it affects the master unit only.
  5. From the Boot Menu, type "9" , then "y", when the below screen is presented in the CLI output. Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). 4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Run Flash Diagnostics 7 - Update Boot Code 8 - Delete operational code 9 - Reset the system 10 - Restore Configuration to factory defaults (delete config files) 11 - Set new Boot Code password [Boot Menu] 9 Are you SURE you want to reset the system? (y/n):y[/code]
  6. After boot-up, the admin login password will be reset to - and the C2 will have lost all user configurations. The unit will need to be reconfigured manually or through the use of a previously saved configuration file.
Reassigning Passwords

  1. Log onto the SecureStack with admin access (using account "admin" or equivalent), via Telnet/SSH, or serially per the instructions in 5463.
  2. Assign new login passwords, as applicable: set system login ro ro enable password set system login rw rw enable password set system login admin super-user enable password [/code]
  3. Assign a new boot menu password (5551), as applicable.
For the process of clearing the configuration, please refer to 5628.

0 replies

Be the first to reply!

Reply