How to Recovering Passwords Cisco Router ………


Recovering Passwords

Recovering Passwords Cisco Router

If you are locked out of a router because you forgot the password, you can change the configuration register to help you recover. As noted earlier, bit 6 in the configuration register is used to tell the router whether to use the contents of NVRAM to load a router configuration.

The default configuration register value for bit 6 is 0x2102, which means that bit 6 is off. With the default setting, the router will look for and load a router  configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6, which will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142.

Here are the main steps to password recovery:

  1. Boot the router and interrupt the boot sequence by performing a break.
  2. Change the configuration register to turn on bit 6 (with the value 0x2142).
  3. Reload the router.
  4. Enter privileged mood.
  5. Copy the startup-config file to running-config.
  6. Change the password.
  7. Reset the configuration register to the default value.
  8. Reload the router.

These steps are discussed in more detail in the following sections, showing the commands to restore access to 2600 and 2500 series routers.

Interrupting the Router Boot Sequence

Your first step is to boot the router and perform a break. Typically, you perform a break by pressing the Ctrl+ Break key combination when using Hyper Terminal.

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Copyright (c) 1999 by cisco Systems, Inc.

TAC: Home: SW: IOS: Specials for info

PC= 0xfff0a530, Vector=0x500, SP = 0x680127b0

C2600 platform with 32786 Kbytes of main memory

PC= 0xfff0a530, Vector = 0x500, SP = 0x80004374

monitor: command “boot” aborted due to user interrupt rommon 1 > notice the line “boot” aborted due to user interrupt. At this point, you will be at the rommon 1 >  prompt on some routers.

Changing the Configuration Register

As explained earlier, you can change the configuration register by using the config-register command. To turn on bit 6, use the configuration register value 0x2142.

Cisco 2600 Series Commands

To change the bit value on a Cisco 2600 series router, simply enter the command at the rommon 1> prompt:

Roomon 1> confreg 0x2142

you must reset or power cycle for new con fig to take effect

Cisco 2500 Serious Commands

To change the configuration register on a 2500 series router, type o after creating a break sequence on the router. This brings up a menu of configuration register option settings. To change the configuration register, enter the command o/r, followed by the new register value. Here is an example of turning on bit 6 on a 2501 router:

System Bootstarp, Version 11.0(10c), SOFTWARE

Copyright (c) 1986-1996 by cisco Systems

2500 processor with 14336 Kbytes of main memory

Abort at 0x 1098FEC (PC)


 Configuration register = 0x2102 at last boot

Bit# Configuration register option settings:

15 Diagnostic mode disabled

14 IP broadcasts do not have network numbers

13 Boot default ROM software if network boot fails

12-11 Console speed is 9600 baud

10 IP broadcasts with ones

08 Break disabled

07 OEM disabled

06 Ignore configuration disabled

03-00 Boot file is cisco2-2500(or ‘boot system’ command)

>o/r 0x2142

Reloading the Router and Entering Privileged Mode

At this point, you need to reset the router, as follows:

_From the 2600 series router , type reset.

_From the 2500 series router , type I (for initialize).

The router will reload and ask if you want to use setup mode (because no startup-config is used). Answer No to entering setup mode, press enter to go into user mode, and then type enable to go into privileged mode.

Viewing and Changing the Configuration

Now you are past where you would need to enter the user mode and privileged mode passwords in a router. Copy the startup-config file to the running-config file:

copy running-config startup-config or use the shortcut: copy run start

The configuration is now running in RAM, and you are in privileged mode, which means that you can view and change the configuration. Although you cannot view the enable secret setting for the password, as follows:

config t

enable secret 1234

Resetting the configuration Register and Reloading the Router

After you are finished changing passwords, set the configuration register back to the default value with the config-register command:

Config-register 0x2102

Finally, reload the router.

                                                   ——————- Thanks everyone


About Author


Leave A Reply

Powered by