HCC Cisco Networking Academy
Educational Resources

Password Recovery Procedures


Overview

To recover passwords, you must boot the router to the ROM Monitor / ROM BootStrap interface.  This can be done by connecting your computer to the console port using HyperTerm and cycling the power on the router.  As the router starts up, right after the POST you must enter a break by pressing control+BREAK.  (The BREAK key is usually located on the upper right side of your keyboard, next to the scroll lock key.  (See note.)  This should display a message and show the ROM Monitor prompt, something like this (user input shown in boldface):

Router# reload
Proceed with reload? [confirm] y
00:07:01: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0
C2600 platform with 32768 Kbytes of main memory
          Press control+BREAK here
PC = 0xfff0a530, Vector = 0x500, SP = 0x80004644

monitor: command "boot" aborted due to user interrupt
rommon 1 >

From here you instruct the router to continue to boot up but without using the startup-config commands.  This is done by changing the value of the config-register as explained below, and booting the router again.  When the router comes up and asks about entering setup mode (actually its called the initial configuration dialog), just say no.

Next you must copy the startup-config to the running-config, in order to make any changes to passwords or to the config-register.

At this point you can examine any plain text passwords by using the show running-config command.  The remaining passwords (such as the enable secret password) can be changed.  To do so you enter the new passwords from global configuration mode.

Finally, the config-register must be restored and the modified running-config file must be saved to NVRAM, so the next time the router is rebooted all will work as before.

Setting the config-register

The exact value of the config-register depends on the router model, feature set, IOS version, and local configuration.  The key is that there is a single bit in the register (bit number six) that if set to 1 causes the router to ignore the startup-config file stored in the NVRAM while booting.

So in the examples below, when the directions say to set the config-register to 0x2142 from the default of 0x2102, what that really means is to just change bit 6 in your current config-register setting.

The commands entered for the procedure described above vary depending on the model router you have.  Below are the steps for both the 2500 series and 2600 series of Cisco routers.  (Note that your text only contains the directions for the 2500 routers.)

Cisco Password Recovery Procedures

  Cisco 2500 Cisco 2600
1 Type control+BREAK to get to the ROM Monitor.  (This must be done within 60 seconds of POWER ON.)
2 Type o to see the current value of the config-register.  Write it down, you will need to restore this value later. Type confreg to see and change the current value of the config-register.  Note this does not display in hex, but shows which bits are on or off.  Write down the current settings, you will need to restore this value later.
3 Type o/r 0x2142 to turn on bit six (assuming the current value of the config-register was 0x2102.) Type confreg 0x2142 to turn on bit six (assuming the current value of the config-register was 0x2102.)  Note simply typing confreg enables one to change the bits individually.
4 Type i to reboot the router ("i" for "Initialize").  Allow the router to boot up normally (that is, don't hit BREAK again). Type reset to reboot the router.  (i works too.)  Allow the router to boot up normally (that is, don't hit BREAK again).
5 The router will ask about entering the initial configuration dialog (i.e., setup mode) since the startup-config file was ignored.  Type no to get to user exec mode.
6 Type enable to enter privileged exec mode.
7 View the startup-config from here.  Note any plain text passwords (such as the console login password).
8 Non-plain text passwords cannot be recovered, however you can change them.  Note that even if you don't wish to change any passwords the config-register must be changed back.  Type: copy startup-config running-config
configure terminal
to get to a point where you can change passwords and the config-register .
Don't forget this step!
9 To change the enable secret password to class, type: enable secret class
10 Now restore the config-register.  If your config-register is non-standard, use your normal value instead of the value shown: config-register 0x2102
11 Save your changes and inspect the results: ^Z
show running-config
12 Finally, save your changes to NVRAM and reboot the router: copy running-config startup-config
reload




Send comments to Wayne Pollock.