You’re in a time crunch, your clients are demanding an update on when their issue will be fixed, and as you’re digging into the network, you realize…I can’t log into the switches! Ack! What do I do now?
First step, take a deep breath. We’ve all been there.
Next, try these solutions. One way or another, we’ll figure this out.
Verify the credentials
Check standard sources for credential management in your organization, such as password managers, cloud-based documentation tools, or that spreadsheet on the shared drive called passwords.xls. (You’ll be migrating that soon, right?)
Is there a chance the credentials were never changed away from the manufacturer’s defaults? If not, eep! But for now, you might be in luck. Consult the manual that came with your device or use your favourite search engine to find the default username and password. Try logging in with those.
Send a group chat message to your colleagues that may interact with the device. Slip-ups sometimes happen, and there’s a chance the credential changed but the documentation wasn’t updated.
Run a port scan against the device
Switches typically allow management through a combination of a web-based GUI, Telnet or SSH, and vendor-provided software you install on the machine, like ASDM. Access through these protocols can typically be enabled, disabled, or changed. You can also change the port these services listen in on.
Running a port scan against the switch using a tool like Nmap can reveal if these necessary services are running, and which port they’re listening in on. If an essential service isn’t running, even after a reboot of the switch, it might be time to roll up your sleeves, grab your toolkit, jump in the truck, and head over to the client site.
Use the console port to connect to the device
It may look like it belongs in a museum, but even today the console port provides network administrators low-level access to a device when they can’t reach it remotely over the network. Unless you’re using out-of-band console management, you’ll need to roll a truck on site to connect to the device using a serial cable. (The cable is often paired with a USB to Serial dongle for today’s laptops.)
What you’ll be able to reach over the console more often than over a Telnet or SSH session is the device’s bootloader. The bootloader serves as a type of system recovery console for when you can’t reach your device’s main administrative portals or CLIs. Cisco’s ROMmon is a popular example of a bootloader. You can even reset your device’s administrative level passwords from it.
Some equipment vendors have password reset procedures that they only disclose through their official customer support channels. Before resorting to the next solution, it may be worth trying to engage them, especially if you have an active support contract.
If all else fails, reset the device
The solution of last resort is to wipe the current configuration and remove the password currently set on the device. If you have a recent backup of the switch’s configuration, restore it. You’re back in business.