Table of Contents
What is password recovery?
If you forget the password to enter privileged EXEC mode, you will not be able to check your configuration or make changes to your configuration. Also, if you forget your console login password, you will not be able to even log in to the CLI. If you forget your password, changing it to a new one while retaining all your other configuration is called password recovery.
Password Recovery Procedure
Step 1. Connect to the console port
Connect to the console port of the router.
Step 2. Hard booting the router
Turn off the router and then turn it back on.
Step 3. A break signal is sent during router startup and it is started by ROM monitor
Terminal software such as Tera Term or other terminal software sends a break signal while deploying IOS to abort the boot process and start it on the ROM monitor.
Step 4. Change the configuration register to 0x2142
Change the configuration register from the ROM monitor to 0x2142. This allows the router to start in its initial state without loading startup-config when it starts up.
To change the configuration register, enter the following command.
rommon1>confreg 0x2142
Step 5. Executing the IOS boot from the ROM monitor
The reset command is used to boot the IOS.
Step 6. Move from user EXEC mode to privileged EXEC mode
The router boots up in its initial state, so you can go from user EXEC mode to privileged EXEC mode without entering a password.
Router>enable
Router#
Step7. Copy startup-config to running-config
When you start up in the initial state, the configuration is still stored in startup-config. Copy its contents to running-config with the copy startup-config running-config command. Note that if you go back to user EXEC mode here, you will still not know the password.
Step 8. No shutdown of the necessary interfaces
The interface is in the shutdown state because it is initially started. Therefore, the necessary interfaces must be enabled with the no shutdown command.
Step 9. Set a new password
Set a new password.
(config)#enable secret <password>
Step 10. Change the configuration register to 0x2102
Set the configuration register back to the original 0x2102. If you do not set it back, the router will start up again in its initial state when it is rebooted. To change the configuration register, enter the following command in global configuration mode.
(config)#config-register 0x2102
Step 11. Copy running-config to startup-config
Save the settings, including the newly set password. If you don’t save your settings, when you reboot the router, you won’t be able to move to privileged EXEC mode without knowing the password again.
By following the steps above, you can change the password you’ve lost track of to a new one. And all your settings except for the password will remain the same.
Example of Password Recovery
The following is an example of output from a Cisco 1841 router performing password recovery.
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
~省略~
program load complete, entry point: 0x8000f000, size: 0x10f9d58
Self decompressing the image : ################################# ←Step3.
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142 ←Step4.
You must reset or power cycle for new config to take effect
rommon 2 > reset ←Step5.
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
- omitted -
program load complete, entry point: 0x8000f000, size: 0x10f9d58
Self decompressing the image : ###################################################
##################################################################################
########################################## [OK]
- omitted -
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
- omitted -
Router>enable ←Step6.
Router#copy startup-config running-config ←Step7.
Destination filename [running-config]?
821 bytes copied in 0.332 secs (2473 bytes/sec)
N-Study# ←The hostname changes as the configuration is loaded.
N-Study#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N-Study(config)#interface fastehternet 0/0
N-Study(config-if)#no shutdown ←Step8. No shutdown of all necessary interfaces
N-Study(config-if)#exit
N-Study(config)#enable secret gene ←Step9.
N-Study(config)#config-register 0x2102 ←Step10.
N-Study(config)#exit
*Jun 13 01:31:01.827: %SYS-5-CONFIG_I: Configured from console by console
N-Study#copy running-config startup-config ←Step11.
Destination filename [startup-config]?
Building configuration...
[OK]
N-Study#
Cisco Basic
- Preparing for Cisco devices configuration
- Configuration files for Cisco devices
- The configuration steps for Cisco devices
- Basic knowledge of the Cisco CLI: Command types and modes
- Cisco device’s interface
- CLI help and completion
- The main error messages in CLI
- Cisco Deleting a configuration command
- default interface command -Initialize the interface settings-
- Entering commands in batches
- do command – Execute EXEC command from configuration mode –
- interface range command -Batch configuration of multiple interfaces-
- Filtering the display of the show command – displaying only the information you want to see –
- Cisco IOS Name Resolution Configuration
- terminal length command : configuration of the number of lines displayed in the command output
- debug command to verify real-time operation
- Automatically enter privileged EXEC mode upon CLI login
- Configure System Clock
- Saving and managing configuration files
- Version Management of Configuration Files ~archive command
- IOS File System Operations
- Managing Cisco Catalyst Switches :What it means to set an IP address on a switch.
- Remote management by VTY access (Telnet/SSH)
- terminal monitor command to display the log of Telnet/SSH login destination
- Multi-step Telnet Session Suspensions
- Set the minimum number of characters in the password [Cisco]
- Restrict login attempts : login block-for command
- Cisco Initial Configuration Example
- CDP – What are the connected devices? –
- Password recovery for Cisco routers
- Password Recovery for Catalyst Switches
