you are here: Homepage →  C50 C100 5000BH→  MCP-Test→  MCP-PW

Checking the PW for C100 or 5000 BH

You need to have physically access to the switch. You cannot do this remotely. This seems to be wanted for security reasons.

connecting via Hyperterminal / COM port to the MCP port,

using the CLI, you see:


"name-of-the switch": Command >


type "eng"


here the pw is "debug"


typing "what"


now you see :


"name-of-the switch": what?


First try this :


at the what? prompt, type "d 0bfc60000"


continue dumping (d <CR ) until 0bfc607FF


(To continue dumping type only a d at the what prompt)




Somewhere towards the end of this dump or the next one you will find a double 12C pattern. Approximately 12 bytes before this is the password in hex.


Example: for rev 2.1 (this one was our first C100)


BFC70480: 00000000 00000000 00000000 00000000

BFC70490: 00000000 00000000 00000000 00000000

BFC704A0: 00000000 00000000 00000000 00006261

BFC704B0: 796E6574 00000000 00000000 00000400

BFC704C0: 0000012C 0000012C 00000000 00000000

BFC704D0: 00000000 00000000 00000000 00000000


6261796E6574 is the password here. Go to the hex table and convert the hex to ascii.


If it is not at the fist addresses,


goto next try : d 0bfc70000


Continue dumping until 0bfc707FF


To leave the debug mode, type ctrl x.


NOTE: In version 2.0.2, password recovery from the CLI is not possible. Access to the engineering or what? Prompt requires the user password. The solution is to get the flash reprogrammed.

Goto to Homepage - © 2003/2012 - all Copyrights by RDE Consult - Wiesbaden / Germany - PLEASE NOTICE : THESE PAGES ARE RETIRED !! goto Imprint