How do you reset Cisco 3750 switch stack password when "authorization failed" message shows up after "configure terminal" step?

adolfojrm used Ask the Experts™
We've been trying to reset a Cisco 3750 switch stack where we follow the directions posted by Cisco but encounter an "authorization failed" when trying to enter "configure terminal". How can this be remedied? Password recovery is enabled.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Istvan KalmarHead of IT Security Division
Top Expert 2010



Step #13 is the step (conf t = configure terminal) where I encounter "Authorization failed"
do you have "aaa authorization" configured in the switch? if so remove it to disable command authorization and you should then be able to enter config mode. alternatively, it sounds like you have a radius or tacacs server, so grant config, exec and shell permissions on that server for the user you log into the switch with.

if the first option above is correct (aaa  authorization configured) you are most likely locked out of the switch. if the config including authorization has been saved you will need to use the password recovery procedure to bypass loading initial config, get into enabled mode, read the startup config to your session, copy and paste everything except the offending aaa commands back into config mode and then save the config.
Istvan KalmarHead of IT Security Division
Top Expert 2010

verwrite the current passwords that you do not know. Choose a strong password with at least one capital letter, one number, and one special character.

Note: Overwrite the passwords which are necessary. You need not overwrite all of the mentioned passwords.

    Sw1# conf t

    !--- To overwrite existing secret password

    Sw1(config)#enable secret <new_secret_password>

    !--- To overwrite existing enable password

    Sw1(config)#enable password <new_enable_password>

    !--- To overwrite existing vty password

    Sw1(config)#line vty 0 15
    Sw1(config-line)#password <new_vty_password>


    !--- To overwrite existing console password

    Sw1(config-line)#line con 0
    Sw1(config-line)#password <new_console_password>

no aaa new

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial