Express shipping to
Contact Us
Track Order
Search
Popular Search
Inquiry
Shopping Cart
Login

Coupon
Quote now,
save up to 8%.

Inquiry
Contact

Feedback
Your Feedback
How would you Rate us?
Ease of use:
Buying feedback:
Product details:
FAQ banner
Get the Help and Supports!

This help center can answer your questions about customer services, products tech support, network issues.
Select a topic to get started.

ICT Tech Savings Week
2025 MEGA SALE | In-Stock & Budget-Friendly for Every Project
Shop Now

Cisco 3850/3650 Password Recovery Guide – Regain Access Safely

Selene Gong

If you are locked out of a Cisco Catalyst 3850 or 3650 switch, this guide provides a safe, step-by-step procedure to restore access without affecting your existing VLAN, interface, or routing configurations. The steps are tailored for network engineers, IT professionals, and system administrators who need to regain control quickly while minimizing downtime.


Table of Contents


Cisco 3850 password recovery

Part 1: Cisco 3850 Password Recovery – Pre-Recovery Checklist

Before beginning the recovery process, make sure you have the following:

  • Console cable and terminal emulator (PuTTY, Tera Term, or similar)
  • Physical access to the switch
  • Knowledge of whether the switch is part of a StackWise or StackWise Virtual (SVL) deployment
  • Backup of current running and startup configurations (recommended)

Quick comparison with older Cisco models:

Feature 3850/3650 (IOS XE) Older 2960/3560
Recovery Method ROMMON variable (SWITCH_IGNORE_STARTUP_CFG=1) Rename configuration file (config.text)
Configuration Retention Preserved in startup-config Preserved in renamed file
ROMMON Access Mode button (~12 sec) or repeated presses Hold Mode button 30–40 sec

The 3850 and 3650 rely on modern ROMMON-based recovery, which is safer and preserves your configuration, unlike older models that require file renaming.


Part 2: Enter ROMMON Mode on Cisco 3850/3650

To recover access, you must interrupt the boot process:

  1. Power cycle the switch – disconnect and reconnect the power cable.
  2. Interrupt boot – press the Mode button:
    • Hold for about 12 seconds until the Status LED turns amber, or
    • Press repeatedly until the switch: prompt appears.

Once at the prompt, you are in ROMMON mode and ready to bypass the saved password.

Cisco 3850 password recovery

Part 3: Bypass the Password and Boot

Follow these steps to bypass the old password:

  1. Set ignore variable to bypass the startup configuration: 
    switch: SWITCH_IGNORE_STARTUP_CFG=1
  2. Boot the switch with the new setting: 
    switch: boot
  3. Skip the initial configuration dialogue – answer no if prompted.
  4. Enter privileged EXEC mode: 
    Switch> enable

Part 4: Setting New Passwords and Saving Configuration

  1. Restore running configuration: 
    Switch# copy start run
  2. Set new passwords: 
    Switch# configure terminal
Switch(config)# username admin privilege 15 secret NEWPASSWORD
Switch(config)# enable secret NEWENABLEPASSWORD
  3. Reset ignore variable to ensure future boots use the configuration: 
    Switch(config)# no system ignore startupconfig switch all
  4. Save the running configuration: 
    Switch# copy run start
  5. Verify ROMMON variable: 
    Switch# show romvar

Part 5: StackWise Considerations for Password Recovery

If the switch is part of a StackWise deployment:

  1. Isolate the active switch by powering off all other stack members.
  2. Perform the recovery using Parts 2–4 on the active unit.
  3. Power on remaining stack members once recovery and configuration saving is complete.

For StackWise Virtual (SVL) setups, ensure standby units are powered off during recovery to avoid overwriting configuration.


Part 6: Frequently Asked Questions – Cisco 3850/3650 Password Recovery

Q1: How do I reset a Cisco 3850 switch without the password?

Connect via console, interrupt the boot sequence using the Mode button, set SWITCH_IGNORE_STARTUP_CFG=1, boot the switch, restore the configuration, define new passwords, reset the ignore variable, and save the configuration.

Q2: Will VLANs or interface settings be lost?

No. This method preserves the startup configuration, including VLAN, interface, and routing settings.

Q3: What if my switch is part of a StackWise stack?

Isolate the active switch first, perform the standard recovery, then power on the rest of the stack members once configuration is saved.

Q4: Does the Cisco 3650 have a default password?

No. Always define secure usernames, secrets, and enable passwords after recovery.

Q5: How does this differ from older switches like 2960 or 3560?

Older switches require renaming the configuration file. The 3850/3650 uses a ROMMON variable to bypass authentication safely, preserving all settings.


After successfully recovering access, consider checking available Cisco 3850/3650 units, spare parts, or coverage options via Router-switch or IT-Price to maintain network reliability and reduce potential downtime.

Expert

Expertise Builds Trust

20+ Years • 200+ Countries • 21500+ Customers/Projects
CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert

Categories: Product FAQs Switches
Tags: Cisco 3850  Network Administration  Cisco 3650  ROMMON  Password Recovery  Switch Configuration 
Was this article helpful? 18 out 21 found this helpful
Categories
Tags
Enterprise Networking Cisco Catalyst 9300 Cisco Catalyst network security Catalyst 9300 PoE IT procurement network troubleshooting Network Deployment StackWise IOS XE Cisco Meraki enterprise network Catalyst 9200 VLAN Cisco Catalyst 9200 Video Surveillance TCO Cisco IOS XE password recovery
Log in
Register