CCNA (ICND2)MaintenanceUseful Commands

Password Recovery Procedure for Cisco Routers

Posted Jay

Cisco offers a password recovery technique for almost every device they have available. In this post, I’m going to cover how to complete a password recovery on a Cisco router.

There are 2 things that have to be in place before a password recovery can be done.

  1. Physical access to the router
  2. A console connection to the router

Here are the steps which need to be followed carefully. Some of these steps if not followed correctly, will wipe your router clean and leave you with a fresh router with NO configuration!

Firstly, make sure the console connection is working and that you are receiving output from the device.
Secondly, reboot the device by doing a power cycle (Turn it off and turn it back on again)
You will have to break the boot sequence by pressing <Ctrl>+C, you may have to do this several times to make sure the router receives your break signals at the correct time. This will force the router in rommon mode. From here you need to type the following

rommon 1> confreg 0x2142


 This sets the routers configuration register to bypass the startup-configuration on boot up. The startup-configuration has the passwords in it, so by bypassing it, the router will look brand new and bring us to the “Would you like to enter initial configuration?” screen.

rommon 2 > initialize


 This will reload the router
After the router has reloaded, you will be prompted with the “Would you like to enter initial configuration?” which you can bypass by pressing <Ctrl>+C
Continue with the following configuration

Router> enable

Enter privilege mode


 Router# copy start run

WARNING!!!!!!! – DO NOT DO THIS THE WRONG WAY OUT OF HABBIT. Typing copy run start will erase EVERYTHING on the router and you will have to rebuild the router from scratch!!!

This command will copy the Startup-configuration into the running-configuration. Since you are already in enable mode, you will not be prompted for a password even though the configuration has now been put back.

AOIP.ORG# conf t

Enter global configuration mode

AOIP.ORG (config)# enable password new

Set the new enable password, in this case the new password is “new”

AOIP.ORG (config)# enable secret new

Set the new enable secret, in this case the new password is “new”

AOIP.ORG (config)# config-register 0x2102

This puts the routers configuration register back to normal (boot from the startup config)

AOIP.ORG (config)# do show ip interface brief

You will notice that all interfaces are in an “administratively down” state

AOIP.ORG (config)# interface f0/0
AOIP.ORG (config-if)#no shut
AOIP.ORG (config-if)# interface eth 1/0
AOIP.ORG (config-if)# no shut
AOIP.ORG (config-if)# interface bri 0/0
AOIP.ORG (config-if)# no shut
AOIP.ORG (config-if)# exit
AOIP.ORG (config)# exit
AOIP.ORG # show ip int brief

After no shutting all interfaces, the router is back to normal operations.

AOIP.ORG # copy run start

After all your changes, it’s time to save the new configuration, with the new passwords.

AOIP.ORG # reload


 Last but not least, reload the router so the configuration register can take effect. After reboot, you are back to a full working solution and the password has now been reset.

 

Below are 2 live demo’s. The first is the configuration needed in rommon, the second is after the router has been reloaded from rommon.

 

 

 

 

 

Related posts:

Default ThumbnailSetting the enable password and secret on a Cisco device Decrypting Type 7 Passwords (enable password) Default ThumbnailNavigating a Cisco device Default ThumbnailThe difference between Run and Start and how to save! ‘Login local’ on a Cisco Router

2 thoughts on “Password Recovery Procedure for Cisco Routers

Leave a Reply

Your email address will not be published. Required fields are marked *