Cisco documentation is out there for this, but searching for it generally only comes back with forum questions and responses. Here’s the consolidated information on how to easily break into a Cisco Small Business switch that has a console port. Generally this is limited to the SG300 and SG500 series switches. If you recall, the 200 series units don’t have a serial console port. This switch happens to be on SW version 1.3.0.03.
Set your serial console connection to 115000 baud, 8 data bits, no parity, 1 stop bit, no flow control, and fire up your favorite terminal program (SecureCRT, putty, etc). I’ve seen the console connection work at 9600 baud (like traditional routers and switches) but it seems to behave better at the Cisco recommended 115000 baud rate for these units.
Reboot the switch by unplugging the power cord. You will see a prompt during boot right after the Cisco logo made out of #s that says “Autoboot in 2 seconds – press RETURN or Esc. to abort and enter prom.”
Hit RETURN and you will get the following startup menu:
[1] Download Software
[2] Erase Flash File
[3] Password Recovery Procedure
[4] Set Terminal Baud-Rate
[5] Stack Menu
[6] System Mode menu
[7] Back
Enter your choice or press ‘ESC’ to exit:
Select “Password Recovery Procedure” by typing 3, and then hit enter
“Current Password will be ignored” will be displayed.
==== Press Enter To Continue ====
Hit Enter
It will look like the switch is doing nothing, but just wait it will boot. Once at the prompt you will need to elevate to privilege mode.
Switch>enable
Enter global configuration mode
Switch#>config
If your switch has an existing configuration that you wish to keep (and only update the login credentials), be sure to first load the saved configuration into memory to update the existing user / password combination. This is a crucial step in gaining access back into your switch, otherwise you would essentially be performing a factory reset on the unit.
Switch# copy startup-config running-config
Create a new username and password combination (username can be whatever, password too so long as it meets complexity requirements)
Switch (config)#>username cisco password P@$$w0rd privilege 15
Switch (config)#>exit
Save the password into the startup config
Switch#>copy run start
That will set a new password in the running (and startup config) so that you will be able to access the switch after a reboot.
Enter the following command to reboot the system so that you can log in with your new username and password (verifying it will work in subsequent reboots):
Switch# reload
Once the switch powers up, login to verify and you’re all set!
Worked line a charm! THANK YOU!!!!!!!!!!!!!!!!!!!!!
You are very welcome! Glad this article helped you out.
I never get to the second startup…the CLI enters a logging mode and I don’t get a chance to enter “enable”. Any advice?
Hi Kevin- It is possible your switch may have its password recovery mechanism disabled. While you can still break into the switch by interrupting the boot process from what I’ve read it will essentially lose the entire configuration. Your best bet is probably going to be a factory reset.
Phrase “Reboot the switch by unplugging the power cord.” is wrong. The correct procedure is to unplug the power cord and then plug it again, otherwise router cannot work. Anyway it is not necessary. We can directly reboot switch inside console, execute “reload” command and then “y” and “y”. It will reboot and the “Startup Menu” appears.
Furthermore when “Startup Menu” appears, we must choose an item as soon as possible, otherwise switch will perform the normal boot procedure.
In my switch SG-300, I have only 5 items in “Startup Menu”: “Download software”, “Erase Flash File”, “Password Recovery Procedure”, “Set Terminal Baud-Rate” and “Back”. This appears with boot software version 1.3.5.06 (21-Jul-2013).
Thanks for your useful procedure.
Hi! Glad you found this useful. It may be impossible to execute a reload command from the console if password authentication is set and the password is unavailable. You are correct one would need to re-plug the power back into the switch in order to perform the password recovery.
for the love of God, which cable and/or adapter will work?
https://www.amazon.com/USB-Serial-Adapter-Modem-9-pin/dp/B008634VJY/ref=sr_1_3?keywords=usb%2Bto%2Bnull%2Bmodem&qid=1578031181&sr=8-3&th=1
Hi Daniel,
I know your frustration. With the SG series of switches, I never had much success with USB direct to DB9 “all-in-one” console cables. The crappy cable that comes with the switch is fine for getting to the switch but I always used an adapter for the USB conversion. Most of the ones in my aresenal required a FDTI driver from the manufacturer before it would work with any of these switches. Also, make sure that your serial settings are correct: 115000 baud, 8 data bits, no parity, 1 stop bit, no flow control.
-Aaron
ok. my second option was these. what do you think?
Serial
https://www.amazon.com/Serial-Female-Handshaking-Crossover-Communication/dp/B08T99JR88/ref=sr_1_3?keywords=null%2Bmodem%2Bcable%2Bfemale%2Bto%2Bfemale&qid=1665677545&qu=eyJxc2MiOiIxLjg2IiwicXNhIjoiMS44OCIsInFzcCI6IjEuODkifQ%3D%3D&s=electronics&sr=1-3&th=1
USB Adapter
https://www.amazon.com/USB-Serial-Adapter-Prolific-PL-2303/dp/B00GRP8EZU/ref=sr_1_2?crid=1JC9B1USMDQAH&keywords=ICUSB232V2&qid=1665679844&qu=eyJxc2MiOiIwLjE3IiwicXNhIjoiMC4xMCIsInFzcCI6IjAuMTQifQ%3D%3D&s=electronics&sprefix=icusb232v2%2Celectronics%2C77&sr=1-2
The cable looks fine. I have a similar adapter to the Startech one you linked to, but usually you have to find drivers for them (yes, even on Windows 10 / 11) for them to detect property in Device Manager. I usually have to check Device Manager to know what COM port is assigned each time.