What is password recovery?

If you forget the password to enter privileged EXEC mode, you will not be able to check your configuration or make changes to your configuration. Also, if you forget your console login password, you will not be able to even log in to the CLI. If you forget your password, changing it to a new one while retaining all your other configuration is called password recovery.

To understand how password recovery works, you need to know the meaning of the configuration register and the startup sequence of the router. Remember the meaning of the configuration registers and the router boot sequence and read the password recovery instructions below.



Password Recovery Procedure

Step 1. Connect to the console port

Connect to the console port of the router.

Step 2. Hard booting the router

Turn off the router and then turn it back on.

Step 3. A break signal is sent during router startup and it is started by ROM monitor

Terminal software such as Tera Term or other terminal software sends a break signal while deploying IOS to abort the boot process and start it on the ROM monitor.

Step 4. Change the configuration register to 0x2142

Change the configuration register from the ROM monitor to 0x2142. This allows the router to start in its initial state without loading startup-config when it starts up.

To change the configuration register, enter the following command.

rommon1>confreg 0x2142

Step 5. Executing the IOS boot from the ROM monitor

The reset command is used to boot the IOS.

Step 6. Move from user EXEC mode to privileged EXEC mode

The router boots up in its initial state, so you can go from user EXEC mode to privileged EXEC mode without entering a password.

Router>enable
Router#

Step7. Copy startup-config to running-config

When you start up in the initial state, the configuration is still stored in startup-config. Copy its contents to running-config with the copy startup-config running-config command. Note that if you go back to user EXEC mode here, you will still not know the password.

Step 8. No shutdown of the necessary interfaces

The interface is in the shutdown state because it is initially started. Therefore, the necessary interfaces must be enabled with the no shutdown command.

Step 9. Set a new password

Set a new password.

(config)#enable secret <password>

Step 10. Change the configuration register to 0x2102

Set the configuration register back to the original 0x2102. If you do not set it back, the router will start up again in its initial state when it is rebooted. To change the configuration register, enter the following command in global configuration mode.

(config)#config-register 0x2102

Step 11. Copy running-config to startup-config

Save the settings, including the newly set password. If you don’t save your settings, when you reboot the router, you won’t be able to move to privileged EXEC mode without knowing the password again.

By following the steps above, you can change the password you’ve lost track of to a new one. And all your settings except for the password will remain the same.

Example of Password Recovery

The following is an example of output from a Cisco 1841 router performing password recovery.

System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
~省略~

program load complete, entry point: 0x8000f000, size: 0x10f9d58
Self decompressing the image : ################################# ←Step3.
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142 ←Step4.


You must reset or power cycle for new config to take effect
rommon 2 > reset ←Step5.

System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
- omitted -

program load complete, entry point: 0x8000f000, size: 0x10f9d58
Self decompressing the image : ###################################################
##################################################################################
########################################## [OK]

- omitted -

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no 


Press RETURN to get started!

- omitted -
Router>enable ←Step6.
Router#copy startup-config running-config ←Step7.
Destination filename [running-config]? 

821 bytes copied in 0.332 secs (2473 bytes/sec)
N-Study# ←The hostname changes as the configuration is loaded.
N-Study#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
N-Study(config)#interface fastehternet 0/0
N-Study(config-if)#no shutdown ←Step8. No shutdown of all necessary interfaces
N-Study(config-if)#exit
N-Study(config)#enable secret gene ←Step9.
N-Study(config)#config-register 0x2102 ←Step10.
N-Study(config)#exit
*Jun 13 01:31:01.827: %SYS-5-CONFIG_I: Configured from console by console
N-Study#copy running-config startup-config ←Step11.
Destination filename [startup-config]? 
Building configuration...
[OK]
N-Study#

Related articles