Cisco Catalyst 9200 Password Recovery (IOS XE)
← Back to Blog
We could not render this article right now.
Losing administrative access to a network switch is a critical but solvable situation. Cisco Catalyst 9200 switches provide a built-in recovery mechanism that allows administrators to reset or recover access without deleting the existing configuration, provided the correct procedure is followed. This guide describes a clean, reliable, and production-safe method to recover access using console connectivity. Requirements To perform password recovery, you will need: Physical access to the switch and its console port For console access, we recommend using the CliDeck terminal, which provides a stable and convenient browser-based console experience for network devices. Terminal session parameters: Speed: 9600 baud Data bits: 8 Parity: none Stop bits: 1 Basic familiarity with Cisco CLI and ROMMON mode. Recovery Workflow Overview The password recovery process follows four logical stages: Interrupting the normal boot process Temporarily ignoring the startup configuration Booting the system and restoring configuration manually Setting a new password and returning to normal boot behavior Step-by-Step Password Recovery (Standalone Switch) Step 1: Power Cycle the Switch Disconnect the power from the switch, then reconnect it to begin a fresh boot. Step 2: Enter ROMMON Mode During the early boot phase, interrupt the startup process: Press Ctrl + C when prompted during boot If no prompt appears, press and hold the Mode button until the following prompt is displayed: switch: Step 3: Ignore the Startup Configuration At the ROMMON prompt, set the following variable: switch: SWITCH_IGNORE_STARTUP_CFG=1 This instructs the system to bypass the startup configuration, including password enforcement. Step 4: Boot the System Start the normal boot process: switch: boot The switch will load the operating system without applying the saved configuration. Step 5: Enter Privileged EXEC Mode Once the system has booted: Switch> enable No password will be requested at this stage. Step 6: Restore the Existing Configuration If you want to keep the current configuration, load it into memory: Switch# copy startup-config running-config This restores the full configuration without enforcing the old password. Step 7: Set a New Administrative Password Create a new privileged user or update an existing one: Switch(config)# username admin privilege 15 secret <new_password> Use a strong password that complies with your security policy. Step 8: Restore Normal Boot Behavior Disable the configuration ignore mode: Switch# no system ignore startupconfig switch all Step 9: Save the Configuration Persist all changes: Switch# copy running-config startup-config Optional: Completely Erase the Configuration If your goal is to fully reset the switch and remove all previous configuration, use the following command instead of restoring the startup configuration: Switch# write erase This deletes the startup configuration entirely. After a reboot, the switch will start with factory-default settings. Use this option only when configuration retention is not required. Password Recovery in StackWise Deployments For Catalyst 9200 switches operating in a stack: Power off all members of the stack Power on only the active switch Perform the password recovery procedure Power on the remaining stack members after completion StackWise Virtual and Redundant Supervisor Systems In advanced topologies: Perform recovery only on the active device Power off the standby unit during the process Restore standby components after access has been recovered Important Notes This procedure allows password recovery without configuration loss when performed correctly Always disable startup configuration ignore mode before saving The write erase command permanently removes all configuration and should be used with caution Conclusion Cisco Catalyst 9200 switches offer a reliable and controlled mechanism for password recovery that minimizes operational risk. With physical access and proper console connectivity, administrative control can be restored quickly and safely. Using the CliDeck terminal simplifies console access and makes recovery operations more predictable, especially when managing multiple devices or distributed environments.