How To Configure Cisco Catalyst 9300 Switch?
Designed to leverage assurance, security, and automation capabilities for the Cisco SD access and DNA center, the Catalyst 9300 Switches set the...
There are three main reasons you may need to reset your Cisco Catalyst 9300 series switch password: either you’re locked out, your admin is longer with the company, or you’re trying to erase proprietary information from the switch.
The first scenario is the most dire… if no one knows the password to your switch, you’re in for a bad time. Why? We’ll discuss lockouts and ways to avoid this catastrophe in this blog.
Traditional wired networks have routers and switches. Switches connect people to other people in a network, and routers connect people to the internet.
Cisco 9300 switches are designed for the enterprise environment. They are typically used for IoT, access, security, cloud, and mobility purposes.
Related reading: How To Configure A Cisco Catalyst 9300 Switch
Back in the day, the Cisco default username and password used to be “cisco.” Username “cisco,” password “cisco.” Easy enough, and for that reason, many admins still choose this combo for their switches today. Some admins get more literal and choose the “admin admin” combo.
So, our first piece of advice would be to try one of these default credentials.
What happens when your admin chooses something more secure (as they should)? The good news is that you can now salvage configurations while also resetting the password.
If there are no backups of the switch’s information, including the password, it’s time for a 9300 factory reset.
**Please note, your switch must be physically disconnected from a stack for the following instructions to work.
Recovering from a Lost or Forgotten Password
1. Connect a terminal or PC to the switches Console port.
2.Connect power
3. Once the ‘System Bootstrap’ message appears, press and hold the Mode button
4. Bypass the stored startup-config with the following command:
switch: SWITCH_IGNORE_STARTUP_CFG=1 [enter]
**ROMMON is case sensitive
5. Locate the switch image you wish to boot
switch: dir flash: [enter]
switch: boot flash: <file name> [enter]
the switch will boot normally and end in switch>
6. Erase all configuration files – to retain prior configuration, please scroll down to 7.
Switch>en [enter]
Switch#erase startup-config [enter]
Switch#reload [enter]
Recovering from a Lost or Forgotten Password – Retaining previous configuration
7. Bypass the startup configuration
Switch>en [enter]
Switch#copy startup-config running-config [enter]
Switch#config t [enter]
Switch (config) #enable secret YOUR-PASSWORD [enter]
Switch (config) #no system ignore startupconfig switch all [enter]
Switch#exit [enter]
Switch#copy running-config startup-config [enter]
Switch#reload [enter]
This procedure resets the switch to Day 0. What does this mean? You’re going to lose all the configurations and information on your switch. The only thing you won’t lose is the IOS required for the switch to function.
The long and the short of it is there isn’t any routine maintenance required for these switches, which makes this class of hardware great. Once it’s configured and running in a production environment, there is little concern unless something catastrophic occurs, like a weather event or other act of God.
Cisco will tell you to stay on top of regular updates to protect your switches from security exploits, but here’s our two cents: It’s impossible to stay on top of every single security exploit, especially at the rate they are released. We would argue that it’s more important to keep your routers and firewalls up to date because they are the moat around your castle. If they get past these devices, they’re in.
Security updates for access switches are not as critical. If they are functioning as they should in your production environment, there is no maintenance.
The best thing you can do to avoid a 9300 password reset is to maintain a database of configurations for recovery purposes. If you have a backup of the configuration, a good solutions provider can ship out a pre-configured switch with next-day delivery, limiting your downtime.
Other business ramifications of resetting a working switch because of password loss:
We get it — people lose passwords. A top-tier solutions partner is there when you’re in crisis. When you use Edgeium’s CovrEdge, you can add your switch configurations per serial device to our portal. In the event of a switch password reset or switch failure, we can preload a switch with your configurations and have it to you the following day.
Designed to leverage assurance, security, and automation capabilities for the Cisco SD access and DNA center, the Catalyst 9300 Switches set the...
Cisco has rolled out yet another layer to their support services—Success Tracks. If you're already familiar with SMARTnet, you might be wondering...
When it comes to technology, everyone wants the hot new item, but the pretty new things aren’t always in your budget. This is certainly true in the...