Cisco IOS Router Password Recovery

It happens to the best of us, you are doing some labs and forgot what password you set for enable mode…perhaps another student was working on the router before and you have no idea what password he picked. Maybe you need to reset the password of a router you didn’t configure…

Whatever the reason, let me show you how to reset the password of your Cisco router. This only applies to routers, if you need to reset the password for a switch then you need another lesson.

Let’s take a look:

Router>enable
Password: 
Password: 
Password: 
% Bad secrets

Ouch…bad secrets means we didn’t type the correct password. To fix this problem you need to connect your router to the console port, you can’t do this remotely through telnet or SSH.

Cisco Rollover Cable

Reboot the router (just hit the power switch) and send the BREAK signal. This tells the router to ignore loading the IOS (Cisco’s Operating System). If you are using Windows and Putty you can probably use the CTRL-BREAK combination to send a break signal. If this doesn’t work you can try some of the other methods that are described here.

When the router accepts your BREAK, it will head into ROMMON mode. ROMMON is like a mini operating system that helps to initialize the hardware and boots the Cisco IOS. Here’s what it looks like:

Readonly ROMMON initialized
rommon 1 > 

This tells us that we are in ROMMON mode. We can only configure a couple of items here, one of the things we can do is tell the router to ignore it’s startup-configuration when booting the IOS image. This is exactly what we want because it means it will also not load the password that we configured (and forgot). Here’s how to do it:

rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

We set the configuration-register to 0x2142 with the confreg command. This tells the router to ignore the startup-configuration when booting. The router is nice enough to tell us we should reboot, so let’s follow its advice:

rommon 2 > reset
c2811 platform with 786432 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC enabled


Readonly ROMMON initialized
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0x38bbd64
Self decompressing the image : #######################

The router will boot and load its IOS image. Once it’s ready, you will see the following wizard:

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no 

Because the router is not loading its startup-configuration it will show you the wizard that is shown when there is no configuration. Just type no, and you will end up at the command-line. We will now go to enable mode:

Router>enable
Router#

Great! We now have full access to the router, and it didn’t prompt for a password. We will now copy the startup-configuration to the running-configuration ourselves. By doing this, your configuration will be active, but we will still be in privileged mode, which allows us to change the password:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 800 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
529 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags:


Forum Replies

  1. When you login to a router or switch how can you tell if someone applied the confreg 0x2142 command,but didn’t set the device back to the config-register 0x2102?

  2. Is it possible to perform password recovery without losing configurations?

  3. Alexis,
    Yes, the standard procedure for recovering a password does not cause you to lose your startup configuration information. The exact procedure differs slightly for different products, so I will use a 2900 series router as an example below.

    A high level overview of the process is:
    -Attach the terminal cable to the console port
    -Reboot the router and issue a BREAK during the boot
    -Change the configuration register so that the device boots to ROMMON (usually 0x2142)
    -Issue the Reset command at the rommon> prompt
    *******************
    Important Step for your Q

    ... Continue reading in our forum

  4. Hi,

    So it is correct that once we reboot the router in ROMMON mode - start-up config will be intact ?

    Thanks
    Abhishek

14 more replies! Ask a question or join the discussion by visiting our Community Forum