CISCO – Password Recovery
Recovering the passwords for most Cisco devices via the console port is very simple. However, Cisco has purchased so many other manufacturers and put the Cisco label on their devices that the procedures forrecovery vary greatly from one Cisco device to another. In addition, the Cisco password recovery procedures have also changed with IOS upgrades. I have attempted to make these password recovery instructions as generic as possible, to account for past and future oddities that you may run into.
These Cisco password recovery instructions will enable you to recover from a lost password or most Cisco devices. Unless otherwise stated the instruction below refer to the 2000, 2500, 3000, 4000, 7000 and IGS series routers.
Part I: The Configuration Register
To begin password recovery, connect a terminal or a data bits, no parity, and two stop bits.running terminal emulation software to the console port of the Cisco device. Set your terminal to 9600 bps, eight
Some Cisco devices, such as the AccessPro Card, prefer 9600 bps, eight data bits, no parity, and one stop bit.
Power cycle the Cisco device.
Within 60 seconds of turning on the Cisco device, send a BREAK signal from your terminal or terminal emulation software. If you are using:
- Telix, press <CONTROL-END>
- Procomm, press <ALT-B>
- Hyperterminal, press <CONTROL-PAUSE>
If the cable you are using to connect to the Cisco device is good and you are sending a break signal correctly, you will be rewarded with a ‘>’ prompt. This is not an IOS prompt. This is the ROM monitor prompt.
Note: The Cisco 1003, 1600, 2600, 3600, 4500, 7200, 7500, 12000, AS5200, AS5300, uBR7246 and IDT Orion-Based routers use “rommon” as the ROM monitor prompt.
Note: The Cisco 3800 ERM uses “3800-ERM(boot)>” as the boot monitor prompt. You can enter privileged mode directly from the 3800 ERM boot monitor, at which point the prompt changes to “3800-ERM(boot)#”.
Look at the configuration register using the command `e/s 2000002`. Write down the value of the configuration register. Use the `Q` command to return to the ROM monitor prompt.
Note: If you can login to the device, you can view the configuration register simply by using the command `show version`. Some Cisco devices do not require passwords to login from the console port.
Note: The Cisco 1003, 1600, 2600, 3600, 4500, 7200, 7500, 12000, AS5200, AS5300, uBR7246 and IDT Orion-Based routers use the `confreg` or `config-register` command to enter the configuration register utility. You will be asked a series of questions. Answer yes to “Do you wish to change the configuration[y/n]?”, “ignore system config info[y/n]?”, and “change boot characteristics[y/n]?”. Answer no to all of the other questions. At the “enter to boot:” prompt enter `2` and press return. Answer no to the question “Do you wish to change the configuration[y/n]?” the second time you see it.
Set the configuration register. Enter the command `o/r0x42` to cause the device to boot from the flash ROM’s. If the flash ROM’s are corrupted, you can use the command `o/r0x41` to cause the device to boot from the boot ROM’s.
Note: Some older Cisco devices, such as CGS, MGS, AGS, AGS+ and early 7000 routers require you to change the configuration register by moving hardware jumpers. On many of these devices the jumpers are on the CSC processor card and must be changed by removing jumper eight and placing it in position fifteen.
Early Cisco IGS routers use DIP switches to set the configuration register. On the IGS, you will need you will need to set switches 0-3 OFF/UP and switch 7 ON/DOWN.
Part II: Modifying The Configuration
Power cycle the device.
Answer `No` to all of the setup questions.
At the “Router>” prompt, use the `enable` command to enter privileged mode. Your prompt will change to “Router#”.
Use the `show startup-config` command to view the devices configuration file. Look for the passwords. If the passwords are not encrypted, note the passwords and reboot the device. If the passwords are encrypted, continue along with these directions.
Use the `configure memory` command to copy the configuration file from NVRAM into RAM. Before you do this, the device configuration will be empty. After you do this, the device configuration will be the configuration previously stored in NVRAM by the devices administrator.
Use the `configure terminal` command to enter configuration mode.
If desired, use the `password` command to set the login password, or the `no password` command to remove the login password.
If desired, use the `enable password` command to set the enable password, or the `no enable password` command to remove the enable password.
If desired, use the `enable secret` command to set the secret password or the `no enable secret` command to remove the secret password.
If desired, use the `line 0` and `password` commands to set a password on the console port, or the `line 0` and `no password` commands to remove a password on the console port.
Changing these password may inconvenience and annoy any previous administrator of this device! If the passwords are not encrypted, you will not need to change them. If the password are encrypted, you will need to either change them or decrypt them. For information on decrypting these passwords, read How do I decrypt Cisco passwords?.
Press <CONTROL-Z> to exit configuration mode.
Use the `copy running-config startup-config` command to copy the configuration you have been editing back into the startup-config. This will save the changes you have just made to the configuration.