Password Recovery Procedure for Cisco SG500 / SG300 Switches

By Aaron Ekinaka on November 16, 2016 - Tags: , , , , , - Category: Tech Support

Cisco documentation is out there for this, but searching for it generally only comes back with forum questions and responses. Here’s the consolidated information on how to easily break into a Cisco Small Business switch that has a console port. Generally this is limited to the SG300 and SG500 series switches. If you recall, the 200 series units don’t have a serial console port. This switch happens to be on SW version 1.3.0.03.

Set your serial console connection to 115000 baud, 8 data bits, no parity, 1 stop bit, no flow control, and fire up your favorite terminal program (SecureCRT, putty, etc). I’ve seen the console connection work at 9600 baud (like traditional routers and switches) but it seems to behave better at the Cisco recommended 115000 baud rate for these units.

Reboot the switch by unplugging the power cord. You will see a prompt during boot right after the Cisco logo made out of #s that says “Autoboot in 2 seconds – press RETURN or Esc. to abort and enter prom.”

sg500_boot_logo

Hit RETURN and you will get the following startup menu:

sg500_boot_menu

[1] Download Software
[2] Erase Flash File
[3] Password Recovery Procedure
[4] Set Terminal Baud-Rate
[5] Stack Menu
[6] System Mode menu
[7] Back

Enter your choice or press ‘ESC’ to exit:

Select “Password Recovery Procedure” by typing 3, and then hit enter

“Current Password will be ignored” will be displayed.

==== Press Enter To Continue ====

Hit Enter

It will look like the switch is doing nothing, but just wait it will boot. Once at the prompt you will need to elevate to privilege mode.

Switch>enable

Enter global configuration mode

Switch#>config

If your switch has an existing configuration that you wish to keep (and only update the login credentials), be sure to first load the saved configuration into memory to update the existing user / password combination. This is a crucial step in gaining access back into your switch, otherwise you would essentially be performing a factory reset on the unit.

Switch# copy startup-config running-config

Create a new username and password combination (username can be whatever, password too so long as it meets complexity requirements)

Switch (config)#>username cisco password P@$$w0rd privilege 15
Switch (config)#>exit

Save the password into the startup config

Switch#>copy run start

That will set a new password in the running (and startup config) so that you will be able to access the switch after a reboot.

Enter the following command to reboot the system so that you can log in with your new username and password (verifying it will work in subsequent reboots):

Switch# reload

Once the switch powers up, login to verify and you’re all set!

4 thoughts on “Password Recovery Procedure for Cisco SG500 / SG300 Switches

  1. David Hughes says:

    Worked line a charm! THANK YOU!!!!!!!!!!!!!!!!!!!!!

    1. You are very welcome! Glad this article helped you out.

  2. Kevin says:

    I never get to the second startup…the CLI enters a logging mode and I don’t get a chance to enter “enable”. Any advice?

    1. Hi Kevin- It is possible your switch may have its password recovery mechanism disabled. While you can still break into the switch by interrupting the boot process from what I’ve read it will essentially lose the entire configuration. Your best bet is probably going to be a factory reset.

Leave a Reply

Your email address will not be published. Required fields are marked *


+ eight = 16

loading