Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Recover a Root Password

If you forget the root password, you can use the password recovery procedure to reset the root password.

Note:

You cannot perform root password recovery if you configure the console port as insecure.

After you configure the console port as insecure, if a user tries to perform a password recovery operation by booting in single-user mode, the device prompts for the root password. Additionally, if a user boots in CLI recovery mode, the operation is not allowed. Thus, only a user who knows the root password is able to log in. For more information, see Configuration Guidelines for Securing Console Port Access.

How to Recover the Root Password for Junos OS

If you forget the root password for the router, you can use the password recovery procedure to reset the root password.

Before you begin, note the following:

  • You need console access to recover the root password.

To recover the root password:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device (usually a computer) that you use to access the CLI.
  3. Plug one end of the Ethernet rollover cable (supplied with the router) into the RJ-45 to DB-9 serial port adapter supplied with the router.
  4. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. From the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal), and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:
    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green.

    The terminal emulation screen on your management device displays the router’s boot sequence.

  10. When the following prompt appears, press the Spacebar to access the router’s bootstrap loader command prompt.

    Depending on your device hardware, the bootstrap loader might proceed quickly at this step without pausing for input. Therefore, you might need to press the spacebar multiple times at the beginning of the boot sequence.

  11. At the following prompt, type boot -s to start the system in single-user mode.
  12. At the following prompt, type recovery to start the root password recovery procedure.
  13. Enter configuration mode in the CLI.
  14. Set the root password.

    When you configure a plain-text password, the system encrypts the password for you.

    CAUTION:

    Avoid using the encrypted-password option unless the password is already encrypted and you are entering the encrypted version of the password. If you commit the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the device as root, and you will need to repeat this password recovery process.

  15. At the following prompt, enter the new root password. For example:
  16. At the second prompt, reenter the new root password.
  17. After you have finished configuring the password, commit the configuration.
  18. Exit configuration mode in the CLI.
  19. Exit operational mode in the CLI.
  20. At the prompt, type y to reboot the router.

How to Recover the Root Password on Junos OS with Upgraded FreeBSD

If you forget the root password for a device running Junos OS with Upgraded FreeBSD, you can use the password recovery procedure to reset the root password.

For the list of Junos OS devices with upgraded FreeBSD, see Junos kernel upgrade to FreeBSD 10+

Note:

You need console access to recover the root password.

To recover the root password:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device (usually a computer) that you will use to access the CLI.
  3. Plug one end of the Ethernet rollover cable (supplied with the router) into the RJ-45 to DB-9 serial port adapter (supplied with the router).
  4. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal), and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:
    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green.

    The terminal emulation screen on your management device displays the router’s boot sequence.

  10. Access the Junos Main Menu.
    • Prior to Junos OS Release 17.3, the Junos Main Menu appears for 3 seconds on startup before automatically booting the Junos volume. Press any key within the 3 second window to stop the automatic boot sequence and display the Junos Main Menu.

      Note:

      The Junos Main Menu will appear every time you reboot the router while connected to the console.

    • Press Ctrl+c at the following part in the reboot to bring up the Junos Main Menu:

  11. At the Junos Main Menu, press the M or 5 key to activate the 5. [M]ore options menu:
  12. Press the C or 2 key to access the 2. Recovery mode - [C]LI option. The router will reboot into CLI recovery mode.
  13. When prompted, press the Enter key to immediately boot the router, or press any other key to bring up the command prompt.
  14. Enter configuration mode in the CLI.
  15. Set the root password.

    When you configure a plain-text password, Junos OS encrypts the password for you.

    CAUTION:

    Do not use the encrypted-password option unless the password is already encrypted, and you are entering the encrypted version of the password. If you commit the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the router as root, and you will need to repeat this password recovery process.

  16. At the following prompt, enter the new root password. For example:
  17. At the second prompt, reenter the new root password.
  18. After you have finished configuring the password, commit the configuration.

How to Recover the Root Password on Switches

Problem

Description

If you forget the root password for a switch, use the password recovery procedure to reset the root password.

Before you begin, note the following:

  • You need physical access to the switch to recover the root password.

Tip:

For a video on recovering the root password for routers, see Recovering the Root Password on Routers. The procedure is similar for switches.

Solution

To recover the root password:

  1. Power off your switch by unplugging the power cord or turning off the power at the wall switch.

  2. Insert one end of the Ethernet cable into the serial port on the management device and connect the other end to the console port on the back of the switch. See Figure 1.

    Figure 1: Connecting to the Console Port on the EX Series SwitchConnecting to the Console Port on the EX Series Switch
  3. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal). Then, select the appropriate COM port to use (for example, COM1).

  4. Configure the port settings as follows:

    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  5. Power on your switch by plugging in the power cord or turning on the power at the wall switch.

  6. When the following prompt appears, press the Spacebar to access the switch's bootstrap loader command prompt.

    Note:

    If the switch is in unattended mode for U-Boot, access to the bootstrap loader command prompt is blocked. If the root password is lost, you must reset the switch to the factory default configuration using the LCD panel.

  7. At the following prompt, type boot -s to start up the system in single-user mode:

  8. At the following prompt, type recovery to start the root password recovery procedure:

    A series of messages describe consistency checks, mounting of filesystems, and initialization and checkout of management services. Then the CLI prompt appears.

  9. Enter configuration mode in the CLI:

  10. Set the root password.

  11. At the following prompt, enter the new root password:

  12. At the second prompt, reenter the new root password.

  13. After you finish configuring the device, commit the configuration.

  14. Exit configuration mode in the CLI.

  15. Exit operational mode in the CLI.

  16. At the prompt, enter y to reboot the switch.