Cisco offers a password recovery technique for almost every device they have available. In this post, I’m going to cover how to complete a password recovery on a Cisco router.
There are 2 things that have to be in place before a password recovery can be done.
- Physical access to the router
- A console connection to the router
Here are the steps which need to be followed carefully. Some of these steps if not followed correctly, will wipe your router clean and leave you with a fresh router with NO configuration!
Firstly, make sure the console connection is working and that you are receiving output from the device.
Secondly, reboot the device by doing a power cycle (Turn it off and turn it back on again)
You will have to break the boot sequence by pressing <Ctrl>+C, you may have to do this several times to make sure the router receives your break signals at the correct time. This will force the router in rommon mode. From here you need to type the following
rommon 1> confreg 0x2142
This sets the routers configuration register to bypass the startup-configuration on boot up. The startup-configuration has the passwords in it, so by bypassing it, the router will look brand new and bring us to the “Would you like to enter initial configuration?” screen.
rommon 2 > initialize
This will reload the router
After the router has reloaded, you will be prompted with the “Would you like to enter initial configuration?” which you can bypass by pressing <Ctrl>+C
Continue with the following configuration
Enter privilege mode
Router# copy start run
WARNING!!!!!!! – DO NOT DO THIS THE WRONG WAY OUT OF HABBIT. Typing copy run start will erase EVERYTHING on the router and you will have to rebuild the router from scratch!!!
This command will copy the Startup-configuration into the running-configuration. Since you are already in enable mode, you will not be prompted for a password even though the configuration has now been put back.
AOIP.ORG# conf t
Enter global configuration mode
AOIP.ORG (config)# enable password new
Set the new enable password, in this case the new password is “new”
AOIP.ORG (config)# enable secret new
Set the new enable secret, in this case the new password is “new”
AOIP.ORG (config)# config-register 0x2102
This puts the routers configuration register back to normal (boot from the startup config)
AOIP.ORG (config)# do show ip interface brief
You will notice that all interfaces are in an “administratively down” state
AOIP.ORG (config)# interface f0/0
AOIP.ORG (config-if)#no shut
AOIP.ORG (config-if)# interface eth 1/0
AOIP.ORG (config-if)# no shut
AOIP.ORG (config-if)# interface bri 0/0
AOIP.ORG (config-if)# no shut
AOIP.ORG (config-if)# exit
AOIP.ORG (config)# exit
AOIP.ORG # show ip int brief
After no shutting all interfaces, the router is back to normal operations.
AOIP.ORG # copy run start
After all your changes, it’s time to save the new configuration, with the new passwords.
AOIP.ORG # reload
Last but not least, reload the router so the configuration register can take effect. After reboot, you are back to a full working solution and the password has now been reset.
Below are 2 live demo’s. The first is the configuration needed in rommon, the second is after the router has been reloaded from rommon.