If you are locked out of a router because you forgot the password, you can change the configuration register to help you recover. As noted earlier, bit 6 in the configuration register is used to tell the router whether to use the contents of NVRAM to load a router configuration.
The default configuration register value for bit 6 is 0x2102, which means that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6, which will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142.
Here are the main steps to password recovery:
- Boot the router and interrupt the boot sequence by performing a break.
- Change the configuration register to turn on bit 6 (with the value 0x2142).
- Reload the router.
- Enter privileged mood.
- Copy the startup-config file to running-config.
- Change the password.
- Reset the configuration register to the default value.
- Reload the router.
These steps are discussed in more detail in the following sections, showing the commands to restore access to 2600 and 2500 series routers.
Interrupting the Router Boot Sequence
Your first step is to boot the router and perform a break. Typically, you perform a break by pressing the Ctrl+ Break key combination when using Hyper Terminal.
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC: Home: SW: IOS: Specials for info
PC= 0xfff0a530, Vector=0x500, SP = 0x680127b0
C2600 platform with 32786 Kbytes of main memory
PC= 0xfff0a530, Vector = 0x500, SP = 0x80004374
monitor: command “boot” aborted due to user interrupt rommon 1 > notice the line “boot” aborted due to user interrupt. At this point, you will be at the rommon 1 > prompt on some routers.
Changing the Configuration Register
As explained earlier, you can change the configuration register by using the config-register command. To turn on bit 6, use the configuration register value 0x2142.
Cisco 2600 Series Commands
To change the bit value on a Cisco 2600 series router, simply enter the command at the rommon 1> prompt:
Roomon 1> confreg 0x2142
you must reset or power cycle for new con fig to take effect
Cisco 2500 Serious Commands
To change the configuration register on a 2500 series router, type o after creating a break sequence on the router. This brings up a menu of configuration register option settings. To change the configuration register, enter the command o/r, followed by the new register value. Here is an example of turning on bit 6 on a 2501 router:
System Bootstarp, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0x 1098FEC (PC)
Configuration register = 0x2102 at last boot
Bit# Configuration register option settings:
15 Diagnostic mode disabled
14 IP broadcasts do not have network numbers
13 Boot default ROM software if network boot fails
12-11 Console speed is 9600 baud
10 IP broadcasts with ones
08 Break disabled
07 OEM disabled
06 Ignore configuration disabled
03-00 Boot file is cisco2-2500(or ‘boot system’ command)
Reloading the Router and Entering Privileged Mode
At this point, you need to reset the router, as follows:
_From the 2600 series router , type reset.
_From the 2500 series router , type I (for initialize).
The router will reload and ask if you want to use setup mode (because no startup-config is used). Answer No to entering setup mode, press enter to go into user mode, and then type enable to go into privileged mode.
Viewing and Changing the Configuration
Now you are past where you would need to enter the user mode and privileged mode passwords in a router. Copy the startup-config file to the running-config file:
copy running-config startup-config or use the shortcut: copy run start
The configuration is now running in RAM, and you are in privileged mode, which means that you can view and change the configuration. Although you cannot view the enable secret setting for the password, as follows:
enable secret 1234
Resetting the configuration Register and Reloading the Router
After you are finished changing passwords, set the configuration register back to the default value with the config-register command:
Finally, reload the router.
——————- Thanks everyone