Password Recovery for Cisco Routers

Need help accessing a used router? Or perhaps you’ve just misplaced the “Enable Password” and don’t have access to “Privileged EXEC mode”? No worries! Here are some step by step instructions and explanations each step of the way to help you get through your problem!

1.Turn off or shut down the router

2. Take out the Compact flash of the router (this step will ensure that the router boots into rommon mode which is where we can bypass the current config file)

3. Turn on the router. You should see the following prompt.

rommon 1>

4. Reinsert the compact flash card into the router.

5. From the rommon prompt type “confreg 0x2142” and “reset” which may look like this

rommon 1>confreg 0x2142

rommon 2>reset

Changing the configuration register to 0x2142 tells the router to bypass the current configuration file and load as if there is no configuration file on the router, and then the “Reset” command will take us out of rommon mode and boot the router like normal now that the flash is reinserted.

6. Wait for the router to boot up and enter “No” when prompted to enter the initial configuration dialogue.

System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

Copyright (c) 2009 by cisco Systems, Inc.

TAC:Home:SW:IOS:Specials for info

C2900 platform with 524288 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image:  ######################################################################################################################################################################################################################################################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software – Restricted Rights clause at FAR sec. 52.227-19 and subparagraphc) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,

RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Wed 02-Dec-09 15:23 by prod_rel_team

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.

Processor board ID FHH1230P04Y

1 DSL controller

3 Gigabit Ethernet interfaces

9 terminal lines

1 Virtual Private Network (VPN) Module

1 Cable Modem interface

1 cisco Integrated Service Engine-2(s)

Cisco Foundation 2.2.1 in slot 1

DRAM configuration is 64 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

248472K bytes of ATA System CompactFlash 0 (Read/Write)

62720K bytes of ATA CompactFlash 1 (Read/Write)

 — System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

 

7. Type “enable” at the Router> prompt.

Router>enable

Router#

8. Enter “copy startup-config running-config” this will copy the existing configuration file from NVRAM your running config or RAM

Router#copy startup-config running-config

Destination filename [running-config]?

1324 bytes copied in 2.35 secs (662 bytes/sec)

Router#

9. From the privilege prompt enter global configuration by typing “config t”

Router#config t

Router(config)#

10. From global configuration type in “enable secret <password>” to change the password to what you want

Router(config)#enable secret cisco

Router(config)#

11. Don’t forget to save your work!!! “copy running-config startup-config”

Router(config)#end

Router#copy running-config startup-config

NOTE: If you’re not comfortable with removing the compact flash there is also a way to perform a password recovery by leaving the flash where it is. Follow the same instructions but ignore step #2 and step #4. After you turn on the router it should look a little something like this…

System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) Copyright (c) 2009 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2900 platform with 524288 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################

While the image is decompressing enter the routers break sequence by pressing <Ctrl+Break> this should bring you to rommon mode where you can follow the same instructions to recover the password.

To see networking training offered at Sunset Learning Institute, please visit our Routing & Switching page.  

To see other blog posts from the SLI Instructor team visit out Blog page

SLI Main Menu