It happens to the best of us, you are doing some labs and forgot what password you set for enable mode…perhaps another student was working on the router before and you have no idea what password he picked. Maybe you need to reset the password of a router you didn’t configure…
Whatever the reason, let me show you how to reset the password of your Cisco router. This only applies to routers, if you need to reset the password for a switch then you need another lesson.
Let’s take a look:
Router>enable Password: Password: Password: % Bad secrets
Ouch…bad secrets means we didn’t type the correct password. To fix this problem you need to connect your router to the console port, you can’t do this remotely through telnet or SSH.
Reboot the router (just hit the power switch) and send the BREAK signal. This tells the router to ignore loading the IOS (Cisco’s Operating System). If you are using Windows and Putty you can probably use the CTRL-BREAK combination to send a break signal. If this doesn’t work you can try some of the other methods that are described here.
When the router accepts your BREAK it will head into ROMMON mode. ROMMON is like a mini operating system that helps to initialize the hardware and boots the Cisco IOS. Here’s what it looks like:
Readonly ROMMON initialized rommon 1 >
This tells us that we are in ROMMON mode. We can only configure a couple of items here, one of the things we can do is tell the router to ignore it’s startup-configuration when booting the IOS image. This is exactly what we want because it means it will also not load the password that we configured (and forgot). Here’s how to do it:
rommon 1 > confreg 0x2142 You must reset or power cycle for new config to take effect
We set the configuration-register to 0x2142 with the confreg command. This tells the router to ignore the startup-configuration when booting. The router is nice enough to tell us we should reboot so let’s follow its advice:
rommon 2 > reset c2811 platform with 786432 Kbytes of main memory Main memory is configured to 64 bit mode with ECC enabled Readonly ROMMON initialized program load complete, entry point: 0x8000f000, size: 0xcb80 program load complete, entry point: 0x8000f000, size: 0xcb80 program load complete, entry point: 0x8000f000, size: 0x38bbd64 Self decompressing the image : #######################
The router will boot and load its IOS image, once it’s ready you will see the following wizard:
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no
Because the router is not loading its startup-configuration it will show you the wizard that is shown when there is no configuration. Just type no and you will end up at the command-line. We will now go to enable mode:
Great! We now have full access to the router and it didn’t prompt for a password. We will now copy the startup-configuration to the running-configuration ourselves. By doing this your configuration will be active but we will still be in privileged mode which allows us to change the password:
When you login to a router or switch how can you tell if someone applied the confreg 0x2142 command,but didn’t set the device back to the config-register 0x2102?
show versioncommand, you can see what the current configuration of the config register is. It’s usually the very last line in the output of the command. Take a look at the attached image that shows the output of the command.
I hope this has been helpful!
Is it possible to perform password recovery without losing configurations?
Yes, the standard procedure for recovering a password does not cause you to lose your startup configuration information. The exact procedure differs slightly for different products, so I will use a 2900 series router as an example below.
A high level overview of the process is:... Continue reading in our forum
-Attach the terminal cable to the console port
-Reboot the router and issue a BREAK during the boot
-Change the configuration register so that the device boots to ROMMON (usually 0x2142)
-Issue the Reset command at the rommon> prompt
Important Step for your Q
So it is correct that once we reboot the router in ROMMON mode - start-up config will be intact ?