Networks Training

  • About
  • My Books
  • SUGGESTED TRAINING
  • HOME
  • Cisco Networking
    • Cisco General
    • Cisco IOS
    • Cisco VPN
    • Cisco Wireless
  • Cisco ASA
    • Cisco ASA General
    • Cisco ASA Firewall Configuration
  • Certifications Training
    • CCNA Training
    • Cisco Certifications
    • I.T Training
  • General
    • General Networking
    • IP Telephony
    • Network Security
    • Product Reviews
    • Software
  • Cisco Routers
  • Cisco Switches
You are here: Home / Cisco Routers / Cisco Router Password Recovery-How to recover cisco router lost password

Cisco Router Password Recovery-How to recover cisco router lost password

One of the most frustrating moments as a network administrator is when you desperately want to log on to a Cisco router and you try all possible passwords you have with no success. Fortunately there is a Cisco password recovery procedure for IOS routers which you can follow and bypass password control in order to get access to the device. The bad thing is that this procedure will cause network downtime since you have to reboot the router a couple of times. Follow the steps below to recover (or change) the forgotten router password:

The following procedure is applicable for virtually any Cisco router, such as 800, 2600, 3600, 1800,2800,3800 etc.

Step1: 
Connect to the router with a serial console cable and open your terminal emulation software (I personally use secureCRT). Use the normal terminal settings (9600 baud, no parity, 8 data bits, 1 stop bit, no flow control). After that, you should get the command prompt.

Step2:
Now you have to power OFF the router from the power switch. Get ready on your keyboard and turn the power switch to ON. Immediately press the CTRL+BREAK keys on your keyboard several times until the router goes into ROMMON mode. You will see the rommon 1> prompt on your terminal window.

MORE READING:  Using TCP Intercept to mitigate DoS SYN Attacks

Step3:
Now you need to change the configuration register of your router. This register is responsible to control several boot-up and hardware parameters on the device. The normal value of this register is 0x2102. We will need to change it to 0x2142. This new value tells the router to bypass the startup-configuration (where the password is stored) and boot with the factory default configuration (i.e no password request).

At the rommon prompt type the following:

rommon 1> confreg 0x2142
rommon 2> reset

The “reset” command will reboot the device.

Step4:
After the router reboots, it will ignore the startup configuration and will behave like the very first time that you switched on the device. It will therefore run the initial setup script. Type “no” at the setup request or press “Ctrl-C” to terminate the initial setup procedure.

Step5:
Now you will get the Router> prompt. Type “enable” to get into privilege mode.

Router> enable
Router#  

Step6:
Now we need to load the “Startup-Config” into the “Running-Config”.

Router# copy startup-config running-config

MORE READING:  Cisco Show IP Route Command (Routing Table)-Example and Explanation

IMPORTANT: DO NOT copy the running config into the startup config because now the running config is basically empty (factory default) so it will erase all of your startup config.

Step7:
Now we are ready to change our passwords. Change the enable password as below.

Router#config t
Router(config)# enable secret newpassword

Step8:
Another important step now is to change the configuration register back to its normal value which is 0x2102

Router(config)#config-register 0x2102

Step9:
Now save the configuration and reboot.

Router(config)#exit
Router# write
Router# reload

Step10:
After the router boots up, log on with your new password and enable all interfaces (using “no shutdown”) because during the recovery procedure the interfaces get shut down.
 
What we have done in the above 10 steps is that we bypassed the original configuration that has the forgotten password, and then we got to the privileged mode without the need to know the password. Then we loaded the original configuration into RAM (so we don’t loose it) and imposed a new password and saved things back to the NVRAM. And then we got back to the original boot sequence.

Related Posts

  • Comparison of Static vs Dynamic Routing in TCP/IP Networks
  • Cisco OSPF DR-BDR Election in Broadcast Networks – Configuration Example
  • How to Configure Port Forwarding on Cisco Router (With Examples)
  • Adjusting MSS and MTU on Cisco 800 routers for PPPoE over DSL
  • The Most Important Cisco Show Commands You Must Know (Cheat Sheet)

Filed Under: Cisco Routers

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search this site

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Search

Suggested Cisco Training

CISCO CERTIFICATION TRAINING
CISCO CCNA 200-120 TRAINING
CCNA SECURITY 640-554 TRAINING
CCENT ICND1 TRAINING
CISCO ICND2 TRAINING
CISCO CCNP TRAINING

BLOGROLL

Tech21Century
Firewall.cx

Copyright © 2022 | Privacy Policy | Terms and Conditions | Hire Me | Contact | Amazon Disclaimer | Delivery Policy

0 shares