Retrieving your password using the majority of Cisco routers is easily achieved by accessing the console port. The problem is that Cisco has bought out a large number of other companies and placed their company label on the router. As a result, password retrieval procedures differ significantly among Cisco devices. Furthermore, the retrieval process changed significantly because of IOS upgrades. The intent of this article is to offer basic instructions that will allow the majority of Cisco device users to accomplish this task. Through following these instructions, you will be able to retrieve your lost password from most Cisco routers. Please note that these instructions are designed to assist those using the 2000, 2500, 3000, 4000, 7000, and IGS devices.
Section I: Checking your Configuration Register
The first step in retrieving your password is to establish a connection between a terminal, or a PC operating terminal emulation software, and the console port on your Cisco router. The terminal settings should be 9600 bps with eight data bits. Select no parity, and choose two stop bits. Be aware that some routers, like the AccessPro Card, require one rather than two stop bits. Next, power cycle your router. Before 60 seconds have elapsed from the time that you power on the router, be sure to send a BREAK signal. This should be done either from the terminal or from the software being used.
* Persons using Telix should key in [CTRL-END]. * Those using Procomm, key in [ALT-B]. * If using Hyperterminal, key [CTRL-PAUSE]
If the signal from the cable being used to connect with the router is adequate, and the command is entered correctly, a ?>? prompt will appear on the screen. Do not mistake this for an IOS prompt. It is a prompt for the ROM monitor.
* The ROM prompt for certain routers, including the Cisco 1003, 1600, 2600, 3600, 4500, 7200, 7500, 12000, AS5200, AS5300, uBR7246 and IDT Orion-Based routers is ?rommon?. * The boot monitor prompt used for the 3800 ERM is ?3800-ERM (boot)?. Through this prompt, the privileged mode can be entered immediately from this point. When this is done, the prompt will then revert to ?3800-ERM(boot)#?.
Carefully examine the configuration's register by entering ?e/s 2000002?. Record the listed value that identifies the register. Key in ?Q? to quit viewing the register and re-access the prompt for the ROM monitor.
* If it is possible to login to your router, examine the register by typing ?show version?.
access the prompt for the ROM monitor.
* If it is possible to login to your router, examine the register by typing ?show version?. With some routers, a password is not necessary to login through the console port. * Certain routers, including the 1003, 1600, 2600, 3600, 4500, 7200, 7500, 12000, AS5200
. With some00, 2600, 3600, 4500, 7200, 7500, 12000, AS5200, AS5300, as well as the uBR7246 and IDT Orion versions, require users to enter the commands ?confreg? or ?config-register? to access this register. Users see several questions. Only the following questions should be answered with yes:
* o Do you wish to change the configuration? o Ignore system config info? o Change boot characteristics?
Answer no to every other question. When you reach the prompt asking you to ?enter to boot?, key in ?2? and hit ENTER. Respond negatively when asked whether you wish to change the configuration at this point. To set the configuration register, key in ?o/r0x42?. This command will order your router to reboot from flash ROMs. If you receive a message that these are corrupted, type in ?o/r0x41?, which orders the router to boot from the boot ROMs.
* To alter the configuration register in certain early routers, including the CGS, MGS, AGS, AGS+, and early 7000 series routers, you must move the hardware jumpers. Sometimes, these are on the CSC processor card, and users must change them by moving jumper eight to position fifteen.
DIP switches are employed by earlier versions of the IGS routers to set values in the configuration register. Those using this model should flip switches 0 through 3 OFF (the UP position), while switching 7 ON (the DOWN position).
Section II: How to Modify the Configuration
* Power cycle your router. * Respond negatively to all questions concerning setup. * When you reach the ?Router >? prompt, key in ?enable?. This command will permit you to access privileged mode. The corresponding ?Router#? prompt will appear. * Enter the command ?show startup-config?. This permits you to see the file containing device configurations. Locate the
# onfig?. This permits you to see the file containing device configurations. Locate the password. If it is not encoded, write it down and reboot your router. If it is encoded, continuing following the directions below. # Enter the command ?configure memory?. This permits you to copy the router's configuration file from NVRAM over to RAM. Note that prior to starting this task, the router's configuration file will be empty. After completing this task, it will be the same configuration that was originally stored in NVRAM by the router's administrator. # Key in the following command to access configuration mode: ?configure terminal?. # Determine which of the following security options you wish to use:
* Set a login password by entering the command ?password?. If you do not want to use a password, type in ?no password?. * Set an enable password by entering the command ?enable password?. If you do not want to use an enabled password, type in ?no enable password?. * Set a secret password by entering the command ?enable secret?. If you do not want to use a secret password, type in ?no enable secret?. * If you prefer to use a password for the console port, key in ?line 0?. Then key in ?password?. If you do not want to have a password on the console port, key in ?line 0?, followed by ?no password?.
* Be aware that if you change any of these password settings, you will quite probably irritate any prior router administrator. It is not necessary to change any of the passwords unless they are encoded. If, however, they were encoded, you must either change or decode them. To read further about the procedure for decoding passwords, read the following FAQ on How do I decrypt Cisco passwords?. * By keying in [CTRL-Z], you can exit the configuration mode. Enter the command ?copy running-config startup config?, which will copy the edited configuration into the startup-config. Entering this command allows you to save your changes to the router's configuration.
Section III: Completing the task
Power cycle your router.
Reset the configuration register to its previous value. To do this, key in ?configure terminal?. This allows you to enter the necessary mode. Set the register value by typing ?config-register?, and then enter the value that you previously recorded. If the value was not previously available, using a default setting of 0x2102 is nearly always sufficient. (This value is the default setting for most Cisco routers.)
1. If you are using the Router Switch Processor (RSP4), use the value 0x0101 instead. 2. If any jumpers were moved, or DIP switches were set during this process, return them to their original settings.
With some routers, you may have to erase the entire configuration registry to retrieve your lost password. For example, users of the Catalyst 2820 ATM are required to access the Port Configuration Menu, and then reset registry values to factory default settings. The 500-CS model will revert to factory default very easily. Just depress the reset button located atop the router's case simultaneously with turning on the device. If you are using the Catalyst 3000, you will need to depress the SysReq button, which is located on the router's back panel, for a period of five seconds. After you release the button, choose the menu option ?Clear Non-Volatile RAM?.
It might happen on your CCNA exam, it might happen on your production network - but sooner or later, you're going to have to perform password recovery on a Cisco router or switch. This involves manipulating the router's configuration register, and that is enough to make some CCNA candidates and network administrators really nervous!
It's true that setting the configuration register to the wrong value can damage the router, but if you do the proper research before starting the password recovery process, you'll be fine.
Despite what some books say, there is no "one size fits all" approach to Cisco password recovery. What works on a 2500 router may not work on other routers and switches. There is a great master Cisco document out on the Web that you should bookmark today. Just put "cisco password recovery" in your favorite search engine and you should find it quickly.
The following procedure describes the process in recovering from a lost password on a Cisco 2500 router. As always, don't practice this at home. It is a good idea to get some practice with this technique in your CCNA / CCNP home lab, though!
The password recovery method examined here is for 2500 routers.
An engineer who finds themselves locked out of a router can view and change the password by changing the configuration register.
The router must first be rebooted and a ?break? performed within the first 60 seconds of the boot process. This break sequence can also vary depending on what program is used to access the router, but is the usual key combination.
The router will now be in ROM Monitor mode. From the rom monitor prompt, change the default configuration register of 0x2102 to 0x2142 with the o/r 0x2142 command. Reload the router with the letter i. (As you can see, ROM Monitor mode is a lot different than working with the IOS!)
This particular config register setting will cause the router to ignore the contents of NVRAM. Your startup configuration is still there, but it will be ignored on reload.
When the router reloads, you'll be prompted to enter Setup mode. Answer ?N?, and type enable at the router> prompt.
Be careful here. Type configure memory or copy start run. Do NOT type write memory or copy run start!
Enter the command show running-config. You'll see the passwords in either their encrypted or unencrypted format.
Type config t, then use the appropriate command to set a new enable secret or enable password.
Don't forget to change the configuration register setting back to the original value! The command config-register 0x2102 will do the job. Save this change with write memory or copy run start, and then run reload one more time to restart the router.
This process sounds hard, but it's really not. You just have to be careful, particularly when you're copying the startup config over the running config. You don't want to get that backwards! So take your time, check the online Cisco documentation before starting, get some practice with this procedure with lab equipment, and you'll be ready for success on the CCNA exam and in your production network!
Both Robert D. Thomson & Chris Bryant are contributors for EditorialToday. The above articles have been edited for relevancy and timeliness. All write-ups, reviews, tips and guides published by EditorialToday.com and its partners or affiliates are for informational purposes only. They should not be used for any legal or any other type of advice. We do not endorse any author, contributor, writer or article posted by our team.
Robert D. Thomson has sinced written about articles on various topics from Dog Care, Real Estate and Dental Practice. Kyle Campbell writes on topics such as ,. Robert D. Thomson's top article generates over 2240000 views. to your Favourites.
Chris Bryant has sinced written about articles on various topics from CISCO CCNA, Personal Desktop and Cisco CCNP. Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free and CCNP tutorials! Pass the. Chris Bryant's top article generates over 27100 views. to your Favourites.