Cisco Nexus 9000 Series Password Recovery¶
Complete procedure for recovering the admin password on Cisco Nexus 9000 series switches (9200, 9300, 9500).
Prerequisites¶
| Item | Details |
|---|---|
| Console Cable | USB or RJ-45 console cable |
| Terminal Software | PuTTY, TeraTerm, or similar |
| Console Settings | 9600 baud, 8 data bits, 1 stop bit, no parity |
| Physical Access | Access to console port and power |
Service Disruption
Password recovery requires a reboot. All traffic will be disrupted during this process.
Password Recovery Procedure¶
Part 1: Enter Loader Mode¶
- Connect console cable to the switch
- Open terminal session with settings:
9600-8-N-1 - Power cycle the switch (or issue
reloadif you have any access) - Watch the boot sequence carefully
- Press Ctrl+C when you see the boot messages
- You should see the
loader>prompt
Timing
Press Ctrl+C as soon as you see the switch starting to boot. You have a few seconds window.
Part 2: Enable Recovery Mode¶
At the loader> prompt:
# Enable recovery mode
loader> cmdline recoverymode=1
# List available images
loader> dir
# Boot the NX-OS image (use your actual filename)
loader> boot nxos.9.3.10.bin
Finding the Image
Use dir to list available images. Look for files like nxos.9.x.x.bin or nxos64-cs.10.x.x.bin
Part 3: Reset Admin Password¶
After booting in recovery mode, you'll see the switch(boot)# prompt:
# Enter configuration mode
switch(boot)# configure terminal
# Set new admin password
switch(boot-config)# admin-password YourNewSecurePassword123
# Exit configuration mode
switch(boot-config)# exit
# List boot images
switch(boot)# dir
# Boot the system normally
switch(boot)# load bootflash:nxos.9.3.10.bin
Part 4: Login and Verify¶
# Login with new credentials
Username: admin
Password: YourNewSecurePassword123
# Verify access
switch# show users
# Save configuration
switch# copy running-config startup-config
Optional: Factory Reset¶
To completely wipe the switch configuration:
# Erase all configurations
switch# write erase
switch# write erase boot
switch# write erase poap
switch# write erase debug
# Reload to apply
switch# reload
Loader Commands Reference¶
| Command | Description |
|---|---|
dir |
List bootflash contents |
boot <image> |
Boot specific NX-OS image |
cmdline recoverymode=1 |
Enable password recovery mode |
set |
Show environment variables |
reboot |
Reboot the switch |
help |
Show available commands |
NX-OS Commands Reference¶
| Command | Purpose |
|---|---|
show version |
Display NX-OS version and hardware |
show boot |
Show boot configuration |
dir bootflash: |
List bootflash contents |
admin-password <pass> |
Set admin password (boot mode) |
write erase |
Erase startup configuration |
copy run start |
Save running configuration |
show users |
Display logged-in users |
Troubleshooting¶
Cannot Enter Loader Mode¶
- Ensure you press Ctrl+C early in the boot process
- Try multiple times - timing can be tricky
- Verify console settings are
9600-8-N-1 - Try a different console cable
Recovery Mode Boot Fails¶
# If the image won't boot, try:
loader> dir
# Look for any valid NX-OS image
# Try booting an older/different version if available
loader> boot nxos.9.2.4.bin
No Boot Images Found¶
If bootflash is empty or corrupted:
-
Copy image via USB:
loader> dir usb1: loader> boot usb1:nxos.9.3.10.bin -
Or use TFTP (if network is configured):
loader> ip address 192.168.1.100 255.255.255.0 loader> ip gateway 192.168.1.1 loader> boot tftp://192.168.1.50/nxos.9.3.10.bin
Dual Supervisor Modules¶
For switches with redundant supervisors:
- Perform recovery on the active supervisor
- Ensure the standby supervisor is in the correct state
- After recovery, sync to standby:
switch# copy running-config startup-config
Default Credentials¶
| Username | Default Password | Notes |
|---|---|---|
| admin | (none on first boot) | Must set during initial setup |
| admin | Admin_1234! | Some factory defaults |
Security
Always change default passwords immediately after setup or recovery.