Cisco 3850 password recovery:
Power cycle the Cisco 3850 switch. Immediatly press and hold the Mode button. Hold the button for approximately 12 seconds, the Status LED will go amber. On the console you should be in Boot Loader.
Switch:
Add the following variables.
Switch: SWITCH_IGNORE_STARTUP_CFG=1
Switch: SWITCH_DISABLE_PASSWORD_RECOVERY=0
Then boot the switch.
Switch: boot
Once the switch has booted you can copy the saved config back into the running config.
Switch# copy start runn
Next set your password(s). Finally we want to remove the variables we set while in Boot Loader.
Switch# no system ignore startupconfig switch all
Switch# system disable password recovery switch all
Save your new config.
Switch# copy runn start
Since we are on the topic of passwords, I beleive you should configure AAA even if you’re using local credentials. Here’s an example of how easy it is to setup.
Switch(config)# aaa new-model
Switch(config)# aaa authentication login default local
Switch(config)# username mmessier privilege 15 secret StAnLeYcUp
Switch(config)# line vty 0 4
Switch(config-line)# login authentication default
It’s that easy! You can now remove the passwords from under the VTY. Those passwords are easily reversible and should not be used. Instead use AAA and the secret keyword in configuring the username. It encrypts the password and is not reversible (yet). For even more security use the service-password encrypt aes command.
It referred from: https://supportforums.cisco.com/document/12018491/password-recovery-cisco-catalyst-3850
More related topics:
Cisco WS-C3850-24T-S Vs Cisco WS-C3850-48T-S
What feature sets do the Cisco Catalyst 3850 switches support
Cisco 3850 Overview 