CCNA (ICND2)MaintenanceUseful Commands

Password Recovery Procedure for Cisco Routers

Cisco offers a password recovery technique for almost every device they have available. In this post, I’m going to cover how to complete a password recovery on a Cisco router.

There are 2 things that have to be in place before a password recovery can be done.

  1. Physical access to the router
  2. A console connection to the router

Here are the steps which need to be followed carefully. Some of these steps if not followed correctly, will wipe your router clean and leave you with a fresh router with NO configuration!

Firstly, make sure the console connection is working and that you are receiving output from the device.
Secondly, reboot the device by doing a power cycle (Turn it off and turn it back on again)
You will have to break the boot sequence by pressing <Ctrl>+C, you may have to do this several times to make sure the router receives your break signals at the correct time. This will force the router in rommon mode. From here you need to type the following

rommon 1> confreg 0x2142

This sets the routers configuration register to bypass the startup-configuration on boot up. The startup-configuration has the passwords in it, so by bypassing it, the router will look brand new and bring us to the “Would you like to enter initial configuration?” screen.

rommon 2 > initialize

This will reload the router
After the router has reloaded, you will be prompted with the “Would you like to enter initial configuration?” which you can bypass by pressing <Ctrl>+C
Continue with the following configuration

Router> enable

Enter privilege mode

Router# copy start run

WARNING!!!!!!! – DO NOT DO THIS THE WRONG WAY OUT OF HABBIT. Typing copy run start will erase EVERYTHING on the router and you will have to rebuild the router from scratch!!!

This command will copy the Startup-configuration into the running-configuration. Since you are already in enable mode, you will not be prompted for a password even though the configuration has now been put back.

AOIP.ORG# conf t

Enter global configuration mode

AOIP.ORG (config)# enable password new

Set the new enable password, in this case the new password is “new”

AOIP.ORG (config)# enable secret new

Set the new enable secret, in this case the new password is “new”

AOIP.ORG (config)# config-register 0x2102

This puts the routers configuration register back to normal (boot from the startup config)

AOIP.ORG (config)# do show ip interface brief

You will notice that all interfaces are in an “administratively down” state

AOIP.ORG (config)# interface f0/0
AOIP.ORG (config-if)#no shut
AOIP.ORG (config-if)# interface eth 1/0
AOIP.ORG (config-if)# no shut
AOIP.ORG (config-if)# interface bri 0/0
AOIP.ORG (config-if)# no shut
AOIP.ORG (config-if)# exit
AOIP.ORG (config)# exit
AOIP.ORG # show ip int brief

After no shutting all interfaces, the router is back to normal operations.

AOIP.ORG # copy run start

After all your changes, it’s time to save the new configuration, with the new passwords.

AOIP.ORG # reload

Last but not least, reload the router so the configuration register can take effect. After reboot, you are back to a full working solution and the password has now been reset.


Below are 2 live demo’s. The first is the configuration needed in rommon, the second is after the router has been reloaded from rommon.






2 thoughts on “Password Recovery Procedure for Cisco Routers

Leave a Reply

Your email address will not be published. Required fields are marked *