One of the most frustrating moments as a network administrator is when you desperately want to log on to a Cisco router and you try all possible passwords you have with no success. Fortunately there is a Cisco password recovery procedure for IOS routers which you can follow and bypass password control in order to get access to the device. The bad thing is that this procedure will cause network downtime since you have to reboot the router a couple of times. Follow the steps below to recover (or change) the forgotten router password:
The following procedure is applicable for virtually any Cisco router, such as 800, 2600, 3600, 1800,2800,3800 etc.
Connect to the router with a serial console cable and open your terminal emulation software (I personally use secureCRT). Use the normal terminal settings (9600 baud, no parity, 8 data bits, 1 stop bit, no flow control). After that, you should get the command prompt.
Now you have to power OFF the router from the power switch. Get ready on your keyboard and turn the power switch to ON. Immediately press the CTRL+BREAK keys on your keyboard several times until the router goes into ROMMON mode. You will see the rommon 1> prompt on your terminal window.
Now you need to change the configuration register of your router. This register is responsible to control several boot-up and hardware parameters on the device. The normal value of this register is 0x2102. We will need to change it to 0x2142. This new value tells the router to bypass the startup-configuration (where the password is stored) and boot with the factory default configuration (i.e no password request).
At the rommon prompt type the following:
rommon 1> confreg 0x2142
rommon 2> reset
The “reset” command will reboot the device.
After the router reboots, it will ignore the startup configuration and will behave like the very first time that you switched on the device. It will therefore run the initial setup script. Type “no” at the setup request or press “Ctrl-C” to terminate the initial setup procedure.
Now you will get the Router> prompt. Type “enable” to get into privilege mode.
Now we need to load the “Startup-Config” into the “Running-Config”.
Router# copy startup-config running-config
IMPORTANT: DO NOT copy the running config into the startup config because now the running config is basically empty (factory default) so it will erase all of your startup config.
Now we are ready to change our passwords. Change the enable password as below.
Router(config)# enable secret newpassword
Another important step now is to change the configuration register back to its normal value which is 0x2102
Now save the configuration and reboot.
After the router boots up, log on with your new password and enable all interfaces (using “no shutdown”) because during the recovery procedure the interfaces get shut down.
What we have done in the above 10 steps is that we bypassed the original configuration that has the forgotten password, and then we got to the privileged mode without the need to know the password. Then we loaded the original configuration into RAM (so we don’t loose it) and imposed a new password and saved things back to the NVRAM. And then we got back to the original boot sequence.
- Comparison of Static vs Dynamic Routing in TCP/IP Networks
- Cisco OSPF DR-BDR Election in Broadcast Networks – Configuration Example
- How to Configure Port Forwarding on Cisco Router (With Examples)
- Adjusting MSS and MTU on Cisco 800 routers for PPPoE over DSL
- The Most Important Cisco Show Commands You Must Know (Cheat Sheet)