Sunday, January 21, 2018

Extreme Switch - Reset to factory default when the password is unknown


Here are the steps how to reset a Summit switch to the factory default config from the Boot ROM, as the admin password is unknown.

* Environment
Summit
EXOS All
All bootrom versions except 2.0.2.1

  • Summit X870 procedure:

Step 1. Power cycle the switch while connected to the console port.
Step 2. When you see the GNU GRUB menu select one of the below options
- EXOS: Primary   - 22.x.x.x - default configuration
- EXOS: Secondary - 22.x.x.x - default configuration

  • All other EXOS Switches:

Step 1. Power cycle the switch while connected to the console port.
Step 2. When prompted, press and hold the spacebar to enter the boot rom.
Step 3. At the boot rom prompt, type the command config none.
Step 4. Type the command boot to continue the boot process.

Copyright 2015

Starting CRC of Default image
Using Default image ...

Press and hold the to enter the bootrom...

BootRom > config none
BootRom > boot

Step 5. Once the switch boots up to EXOS, save the config with the command save to overwrite the old config with the new, blank config. (You may type all 'N' when you see the questions).

(pending-AAA) login:

Authentication Service (AAA) on the master node is now available for login.


login: admin
password:

ExtremeXOS
Copyright (C) 1996-2016 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================

Press the or '?' key at any time for completions.
Remember to save your configuration changes.


This switch currently has all management methods enabled for convenience reasons.
Please answer these questions about the security settings you would like to use.
You may quit and accept the default settings by entering 'q' at any time.

The switch offers an enhanced security mode. Would you like to read more,
and have the choice to enable this enhanced security mode? [y/N/q]:

...snipped...

* Summit # save
The configuration file primary.cfg already exists.
Do you want to save configuration to primary.cfg and overwrite it? (y/N) Yes
Saving configuration on master ......... done!
Configuration saved to primary.cfg successfully.


* Additional Notes:
In Boot Rom v2.0.2.1, the config none command has been removed for security reasons. It was added back into Boot Rom v2.0.2.3.
If the config none command is not present, the only way to default the switch from boot rom is by loading a rescue image (see How to use the Boot Rom menu to tftp download a new image to the switch).

If the banner still appears after using the config none command, still login with the default username and password anyway. The banner can be stored in a different part of the memory so it displays before EXOS is fully loaded.
There is no mechanical process such as a switch to clear the config, which means console access is mandatory.

For the X430 switch, Boot Rom versions prior to 1.0.1.5 don't have the config none option. Update to at least 1.0.1.5 to be able to clear the configuration through the Boot Rom.