There can be times when you need to factory reset a switch. This process can be accomplished through the CLI but if you’ve lost the switch password you’ll need to follow a special process. This process should work for any of the Ethernet Switches (450, 460, 470) and the Ethernet Routing Switches 2500 Series, 4500 Series, 5500 (5510, 5520, 5530) Series. There is a different process to recover lost passwords on the Ethernet Routing Switch 1600 and 8600. Please note that by factory resetting the switch you will loose all configuration settings. It will be as if it just arrived from the “factory”.
Follow these steps:
- Connect to the console port of the switch (9600,8,N,1)
- Reboot the switch.
- When the first line of the diagnostics tests is displayed, press CTRL-C. The system then displays a menu.
- Select option “i” to factory default the switch.
- Select option “a” to run the agent code.
Upon boot up, the switch will be in a factory default configuration.
Cheers!
Related posts:
network architect and security professional, excited about helping folks make the most out of what technology as a whole has to offer.
Loading ...
#1 by Thomas C on January 19, 2008 - 9:25 am
Hi Michael,
There is a clever way to reset the password without losing configuration nor reboot.
Though only possible when
1) you still have SNMP-access
2) the software agent allows downloading the ASCII config of the switch to TFTP
So this is how to do it:
- With JDM instruct the switch to put the ASCII config on your TFTP
- Edit the line for the telnet/console password en set it to ‘none’
- Save the config file
- Upload it to the switch
Result will be that you can login without password en be able to set a new password.
Compliments on the informational site!
#2 by Michael McNamara on January 19, 2008 - 5:35 pm
Hi Thomas,
Thanks for the comment. I can see that you’ve been around the block a few times with the Nortel switches.
While we’re on the topic there’s also another problem folks can run into when they set both the RO and RW passwords the same. Whenever you log into the switch it will assume the READ-ONLY user, leaving you unable to make any changes. A quick workaround is to use the Web GUI (if it’s enabled) to log into the switch as the RW user (provide the username of RW along with the RW password). When your inside the Web GUI you can change the passwords.
Thanks again for the feedback Thomas!
#3 by Anonymous on January 20, 2008 - 1:36 am
I have a Baystack 310-24T Reset Password and I’ve tried using the method Michael suggested and it’s not working. No matter what command I give it, it runs POST and ask for password when it’s done. Here is the output:
Bay Networks 310-24T Ethernet Switch
Copyright (C) 1999, Bay Networks, Inc.
**********************************************************************
Power On Self Test
UART Local Loopback Test PASSED
CPU Test PASSED
STACK DRAM Test PASSED
DRAM Test PASSED
Watch Dog Timer Test PASSED
Timer Module Test PASSED
FLASH Image Checksum Test PASSED
Software Version [1.6.5 ]
~
Enter ‘.RETURN to go to Boot Options Menu
Booting Switch software
Decompressing …
Eventually, it ask for a password. I hit the CRTL-C command just when I see:
Enter ‘.RETURN’ to go to Boot Options Menu
I really would appreciate any help to get into this switch and reset the password. I really would. I’ve opened it to see if there is a battery there I could take out, but found none. Please help.
Michael-not the owner of this blog
#4 by Michael McNamara on January 20, 2008 - 11:56 am
The BayStack 310 was one of the original Ethernet switches in the BayStack product line so it looks like it doesn’t conform to the procedure I’ve outlined above.
What are the options if you follow the prompt, “Enter ‘.RETURN to go to Boot Options Menu”?
One of those options might be to reset the flash NVRAM, which is the configuration.
#5 by Anonymous on January 27, 2008 - 11:10 am
That’s not one of the options it gives me; to reset NVRAM.
You seem to know about these things-a lot. Is there any other way you could help me, please. I mean please.
Thanks,
Michael
#6 by Michael McNamara on January 27, 2008 - 9:08 pm
Hi Michael,
What are the options it gives you? Can you post a copy of the options from HyperTerminal (or whatever application your using to access the serial port).
I don’t personally have access to a BayStack 310 switch so I can’t really add anything. I would be very surprised though if there wasn’t some option that allowed you to reset the switch configuration since I believe the BayStack 310 was released after the BayStack 450 switch, and that supports “initialize NVRAM” the option that clears the configuration.
Sorry,
Mike
#7 by Anonymous on January 27, 2008 - 10:40 pm
Hi Mike:
Thanks a lot. I will try and post the output here soon. I really need this open, so I won’t even mind sending it to you; if that what it will take.
Regards,
Michael
#8 by Michael McNamara on January 28, 2008 - 9:15 pm
I did some research today and made some calls and found the following. The BayStack 350/450 switches do not support resetting the configuration (password). The very early versions of software (boot code/agent code) did support a backdoor password “NetICs” which needed to entered within the first 30 days of a switch booting, however, later versions did not support any method of resetting the switch locally. I’m not 100% clear on this but some believe that Nortel might be able to generate a onetime password based on the MAC address of the switch. You would, of course, need a maintenance support contract with Nortel. Someone also brought up the possibility of stacking the switch with another switch although I don’t believe the BayStack 310 model supported stacking.
Here’s the manual from Nortel;
http://www25.nortelnetworks.com/library/tpubs/pdf/switches/bstack/310/201875A.PDF
Sorry but it seems like you might be out of luck.
Mike
#9 by Anonymous on January 29, 2008 - 2:47 pm
Mike:
Thanks so much for all your work on this. Since I have 3 of these, I’m ready to open, fiddle, and test. I’m thinking hard-reset. Please let me know if you can think of anything I could do while I’m in there.
Kind regards,
Michael
#10 by Anonymous on February 4, 2008 - 12:17 am
Hi
Was the hard reset successful?
#11 by Planoboy on February 9, 2008 - 5:13 pm
I need some help with Baystack 350T console port. I use a straight thru null modem and nothing appears on the screen. What am I doing wrong?
#12 by Anonymous on February 10, 2008 - 3:13 pm
When you say on-screen, what screen do you mean? You should go to hyper terminal that’s in windows to be able to see anything.
You can get to it by going to run>cmd>hypertrm
Is your switch port managed. After months of working on mine, I find out the ports are 10BaseT. I need 24…anyone?
#13 by Anonymous on February 10, 2008 - 3:14 pm
..sorry, I meant I need a port managed switch that’s 100BaseT. Anyone…?
#14 by Anonymous on February 22, 2008 - 11:11 am
Sorry, Yes through hyperterm.
I used a straight through cable with mod adapters on each end. I am now getting
BayStack 350T Self-Test
ASIC addressing test … Pass
ASIC buffer RAM test … Pass
Physical layer test … Pass
Port internal loopback test … Pass
Self-test complete.
But right after this I get odd characters and the output completely stops…Any ideas!?
#15 by Pete on March 6, 2008 - 4:39 pm
Hello all,
I ve got a 470-24T which i need to access with RW, but cannot do so through web, nor can access R. I can connect to it through telnet and get access to priviliged level (exec) on the command line. Is there a way i can reset this switch either to a RW password or default? Help please. I am very much interested in the command line to reset the whole switch or the username and passsword. I did enter same password for RW and R and i was never given a chance to accept or deny the changes. Web access …..
#16 by Michael McNamara on March 8, 2008 - 11:24 am
Hi Pete,
If I understand your post you’re having issues because you set the RW and RO to the same password?
Unfortunately that can leave you locked out from the RW account, although there is a fix. Login to the switch from the web GUI and change the RO password. When logging into the web GUI you obviously need to use the RW account and password.
Good Luck!
#17 by Anonymous on March 10, 2008 - 12:08 pm
I can not logon through the Web GUI. I can telnet to it and get access to the command line with privileged mode. I need some CLI that will let me change the password. Can you help.
#18 by Michael McNamara on March 11, 2008 - 10:13 pm
Have a look at this post and let us know if that is what you’re looking for.
Cheers!
#19 by pawel on March 19, 2008 - 7:26 pm
Hi Michael,
do you know how to clear passwords on Nortel BES120-24T PWR Business Ethernet Switch 120?
I can reset config from Boot menu config, but not passwords. On unit I have it was to clear it form Boot menu. Do you have any idea how to do it?
Regards,
P.
#20 by Michael McNamara on March 19, 2008 - 8:11 pm
Hi Pawel,
The Nortel Business Ethernet Switch (BES) is a relatively new product as you’ve noted. There are some posts
on Tek-Tips that make reference to resetting the password on a BES;
http://www.tek-tips.com/viewthread.cfm?qid=1451699&page=1
Looking at the documentation is seems that the default username and password are the same as the Business
Communication Manager (BCM) and Survivalbe Remote Gateway (SRG);
Username: nnadmin
Password: PlsChgMe!
Actually on page 185 of the Using
the Nortel Business Ethernet Switch 100/200 Series manual indicates that you can factory reset the switch using the button
on the front of the switch.
Reset button – for reset to factory default
The reset button resets the switch and sets all switch properties to the factory default values.
Cheers!
#21 by Ben Dalton on February 6, 2009 - 5:24 pm
I have a 5510 that, when powered on, just flashes the following LEDs: PWR, RPSU, STATUS, BASE, UP, DOWN, and IN USE and LINK on both of the SFP slots. I get no boot text at all from the Console port. Any idea if this is a fixable issue? I’ve opened it up and reseated the memory module without any effect. There are some jumpers ion the main board but no labelling…
#22 by Michael McNamara on February 7, 2009 - 4:36 pm
Hi Ben,
Are you using a straight-thru serial cable at 9600, 8, N, 1? It certainly sounds like there is a problem with the switch. Unfortunately, if you can’t get anything from the console I think you may be sunk. Sorry for the bad news but there might be a bright spot.
I believe all Nortel Ethernet Routing Switches come with a lifetime warranty. I would suggest contacting your reseller or perhaps even Nortel directly.
Cheers!
#23 by Geoff on March 16, 2009 - 8:54 pm
Michael,
I have a few stacks of 5520/5530 switches and over the past 6 months or so I have had issues with corrupted passwords which is giving me some grief. I have read through this forum and it looks like I should be able to do the TFTP save, modify, upload that is mentioned to get a known password back on the stacks. I’m wondering though if this is a common occurance with these switches. My problems seem to have been the result of power failures/fluctuations which have caused the stack to reboot but something has gone wrong and one or more switches in the stack have not booted up cleanly and joined the stack. After forcing another reboot the stack has come up with all switches in it but the console/ssh password has been scrambled. The SNMP authentication still works though.
FW – 5.0.0.4 SW 5.0.4.011
Also – thanks for putting this site together. I have found very little useful information on Nortel gear around the web but this is the exception.
#24 by Michael McNamara on March 17, 2009 - 4:30 pm
Hi Geoff,
There was a bug in some version of code (can’t remember right now) where the switch configuration would become corrupted if the stack had a switch drop out and then recover. We predominantly saw this on the Ethernet Switch 470 since our network has more 470 switches than any other model.
There was also another bug where the CLI interface would stop working but SNMP would still function. You could log into the switch but you couldn’t access anything other than the basic CLI menu, selecting anything wouldn’t get you anywhere, the switch essentially wouldn’t respond selecting anything past the main menu.
I’m currently using 5.1.3 software for the 5500 series without any issues and 3.7.3 software for the 470/460 without any issues.
As for how to recover from the problem. You’ll probably need to upgrade the switch to 5.1.x in order to enable ASCII TFTP upload support. You can then use Nortel’s Device Manager to upload the configuration in ASCII to a TFTP server. You can then edit the ASCII configuration changing the passwords and download it back to the switch. The switch WILL RESET ITSELF after you down the configuration so be prepared for a short downtime period.
In case you have any problems with the steps above you should probably be prepared by copying the configuration to your laptop and be prepared to factory reset the switch and then re-program it from the CLI interface by cutting and pasting the ASCII configuration file that you got from the TFTP upload.
We’ve had to-do this process with about 8 stacks already over the past 24 months (we have about 200 stacks in the network so we’re not too bad off).
Good Luck!
#25 by ai on April 1, 2009 - 8:19 pm
Dear sir…..i have problem with the user of the switch norte 470-24t, i try to make passwod read community but not the user of the switch then after i logout the switch shoud fill the user n pass, unfortunetly i cant to reach of the menu. so….do you have any suggestion…..how to reset the switch?
ps : i make the pass of read community with telnet (remote mode/ far a way from the switch)
thx.
i wait your comment soon.
#26 by Michael McNamara on April 2, 2009 - 6:11 pm
Hi AI,
If you don’t know the ReadWrite password you’ll need to factory reset the switch as the post above indicates. That means you’ll need to physically cable up to the switch and perform a factory reset.
Good Luck
#27 by Wayne on June 29, 2009 - 7:46 am
Hey Michael,
I have a Nortel 450-24t with an admin password set that has been lost\forgotten\etc. I followed your directions at the top of this post with no joy. Is there a SW version issue I need to know about?
When I reset the power to the switch and press CTRL-C when the POST begins I get no menu. I am cabled to the switch using 9600-8-n-1. What am I missing?
#28 by Michael McNamara on June 29, 2009 - 5:45 pm
Hi Wayne,
You can try the simple thing… perhaps you need a null-modem or crossover cable. If you have another switch you can test your serial cable and see if you get a login prompt with that switch. If you get a login prompt then your serial cable is good. Perhaps the switch is bad? It should work for a Nortel BayStack 450 24T.
Good Luck!
#29 by Mark on August 26, 2009 - 3:55 pm
I didn’t get a menu either with the cable I was using for Windows HyperTerminal. Then I changed the handshaking from Hardware to None and all was well.
I just reset the passwords on a bunch of these things in less time than I spent searching the Nortel site (to no avail) for this procedure.
#30 by Scott on July 29, 2009 - 1:05 pm
Hi All, my nortel baystack 450-24 t switch doesnt respond to the recomendations you guys have. the break does not break its post testing and ?NetICs does not work for the password… what I did notice is when i put secure or user it then asks for switch password… I have been stuck on this for days .. please help and keep up the great site.
#31 by Michael McNamara on July 30, 2009 - 9:49 pm
Hi Scott,
Unfortunately the NetICs trick is for the really old Nortel (Bay Networks) BayStack 450 switches. It usually doesn’t apply to the 24T which was a later model. Could you post, just cut and paste, the ascii output from when the switch boots up till it’s waiting for a login? Only later versions of the software asked for a username, previous versions only asked for a password.
Good Luck!
#32 by Scott on July 31, 2009 - 12:15 pm
Thanks everyone for your help, well the switch is not asking me for a username just a password. When i put the password’secure’ or i put ‘user’ it then says “Please Enter SWITCH Password.” the ascii post output is real fast and i can’t break with ctrl C pressing it takes me to nortel splash screen with this info,
Nortel Networks
Copyright (c) 1996,2000
All rights Reserved
Baystack 450-24T
Versions: HW:RevL FW:V1.47 SW:v3.1.0.22 ISVN:1
Does anybody in the community know what it is im doing wrong?
Thanks in advance and love the site!!
#33 by Michael McNamara on July 31, 2009 - 6:29 pm
Hi Scott,
I’m not sure what to tell you… there were some BayStack 450s that were manufactured early on that didn’t conform to the standard Nortel uses today. That’s where the NetICs thing came from.
Sorry!
#34 by Ivy on August 18, 2009 - 12:56 pm
On some older Baystack models you have to press ESC then Ctrl/D as soon as testing memory is displayed in order to reset NVRAM using the i option.
#35 by cinthya on September 23, 2009 - 11:35 am
Hello,
i trying to connect a terminal server (cyclades) to a ERS5000.
I am using a roll over cable from the terminal server to the ERS5000 console port.
I am also using a RJ45 to DB9 female connector but I dont know the correct configuration for it.
Do you know what is the correct configuration???
Best Regards,
Cinthya
#36 by Dan Garcia on September 23, 2009 - 12:14 pm
Hi Cinthya,
Rollover cable doesn’t do the trick. You have to use a straight db9 cable (not null modem) to connecto to the switch
#37 by Adil Khan on December 10, 2009 - 8:42 am
Hi,
is there a way to reset the password for baystack 5510 without loosing any configs,
thanks,
Adil
#38 by Michael McNamara on December 10, 2009 - 10:14 pm
Hi Adil,
The short answer to your question is no. With that said some folks have reported success in “stacking” a second switch with the first switch. When two or more switches are stacked together there is a different password field used in a stack configuration as opposed to a standalone configuration.
The default configuration is no password, so if you stack your 5510 with another switch you might be able to access the console without any password.
With that said you should be prepared to reconfigure the switch if the configuration gets all messed up as a result of stacking the switch.
Good Luck!
#39 by CHRIS on December 11, 2009 - 2:19 am
Hi Mike,
our switched are stacked how can i go abt it? . have two 5520.
Rgds
Chris
#40 by Michael McNamara on December 12, 2009 - 8:53 am
Hi Chris,
With respect to re-setting the read-only and read-write passwords of the switch; if the switches you are working with are already stacked then your only hope is the TFTP config trick that was mentioned earlier in the comments of this post.
I would strongly advise you to proceed with caution since any little mistake might leave you rebuilding the configuration so you might want to make sure the configuration is fully documented before you begin.
Good Luck!
#41 by CHRIS on December 14, 2009 - 1:19 am
Mike,
Thanks, i did manage to get the old password . using the GUI interface and the backdoor password.
Thanks again.
Chris.
#42 by Kitti on March 1, 2010 - 7:04 am
Hi, Mike
How can I recovery password on ERS4500 and configuration don’t loss.
Thank you,
Kitti
#43 by Michael McNamara on March 1, 2010 - 12:48 pm
Hi Kitti,
There is no such option from Avaya/Nortel. You need to erase the FLASH which will erase everything including the configuration and stored passwords.
With that said if you have SNMP access and the switch is running a recent version of software you can perform an ASCII configuration backup to a TFTP server from Java Device Manager, perform the factory reset and then restore the ASCII configuration file you previously backed up.
I would strongly advise that you proceed with caution and make sure you have a backout plan just in case things don’t go well.
You may want to check out the discussion forums for additional tips and tricks.
Good Luck!
#44 by Matthew Bostedt on March 10, 2010 - 1:10 pm
Hey Michael.
Just wanted to thank you for putting this up. We just did a complete infrastructure overhaul, replacing all of our Cisco devices with Nortel, and we’ve been having all kinds of issues figuring out the simplest tasks. This whole page is immensely helpful. You’ve just made several customers very happy. Thank you so much.
-Matt
#45 by Michael McNamara on March 10, 2010 - 2:21 pm
Hi Matt,
I’m happy to hear that you’ve found the information useful and helpful!
You might want to peruse the dicussion forums. If you have any quetsions please feel free to post them in the forums!
Cheers!