Recovering Passwords
If you are locked out of a router because
you forgot the password, you can change the configuration register to
help you recover. As noted earlier, bit 6 in the configuration register
is used to tell the router whether to use the contents of NVRAM to load a
router configuration.
The default configuration register value
for bit 6 is 0×2102, which means that bit 6 is off. With the default
setting, the router will look for and load a router configuration
stored in NVRAM (startup-config). To recover a password, you need to
turn on bit 6, which will tell the router to ignore the NVRAM contents.
The configuration register value to turn on bit 6 is 0×2142.
Here are the main steps to password recovery:
- Boot the router and interrupt the boot sequence by performing a break.
- Change the configuration register to turn on bit 6 (with the value 0×2142).
- Reload the router.
- Enter privileged mood.
- Copy the startup-config file to running-config.
- Change the password.
- Reset the configuration register to the default value.
- Reload the router.
These steps are discussed in more detail
in the following sections, showing the commands to restore access to
2600 and 2500 series routers.
Interrupting the Router Boot Sequence
Your first step is to boot the router and
perform a break. Typically, you perform a break by pressing the Ctrl+
Break key combination when using Hyper Terminal.
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC: Home: SW: IOS: Specials for info
PC= 0xfff0a530, Vector=0×500, SP = 0x680127b0
C2600 platform with 32786 Kbytes of main memory
PC= 0xfff0a530, Vector = 0×500, SP = 0×80004374
monitor: command “boot” aborted due to
user interrupt rommon 1 > notice the line “boot” aborted due to user
interrupt. At this point, you will be at the rommon 1 > prompt on
some routers.
Changing the Configuration Register
As explained earlier, you can change the
configuration register by using the config-register command. To turn on
bit 6, use the configuration register value 0×2142.
Cisco 2600 Series Commands
To change the bit value on a Cisco 2600 series router, simply enter the command at the rommon 1> prompt:
Roomon 1> confreg 0×2142
you must reset or power cycle for new con fig to take effect
Cisco 2500 Serious Commands
To change the configuration register on a
2500 series router, type o after creating a break sequence on the
router. This brings up a menu of configuration register option settings.
To change the configuration register, enter the command o/r, followed
by the new register value. Here is an example of turning on bit 6 on a
2501 router:
System Bootstarp, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0x 1098FEC (PC)
>o
Configuration register = 0×2102 at last boot
Bit# Configuration register option settings:
15 Diagnostic mode disabled
14 IP broadcasts do not have network numbers
13 Boot default ROM software if network boot fails
12-11 Console speed is 9600 baud
10 IP broadcasts with ones
08 Break disabled
07 OEM disabled
06 Ignore configuration disabled
03-00 Boot file is cisco2-2500(or ‘boot system’ command)
>o/r 0×2142
Reloading the Router and Entering Privileged Mode
At this point, you need to reset the router, as follows:
_From the 2600 series router , type reset.
_From the 2500 series router , type I (for initialize).
The router will reload and ask if you
want to use setup mode (because no startup-config is used). Answer No to
entering setup mode, press enter to go into user mode, and then type enable to go into privileged mode.
Viewing and Changing the Configuration
Now you are past where you would need to
enter the user mode and privileged mode passwords in a router. Copy the
startup-config file to the running-config file:
copy running-config startup-config or use the shortcut: copy run start
The configuration is now running in RAM,
and you are in privileged mode, which means that you can view and change
the configuration. Although you cannot view the enable secret setting
for the password, as follows:
config t
enable secret 1234
Resetting the configuration Register and Reloading the Router
After you are finished changing passwords, set the configuration register back to the default value with the config-register command:
Config-register 0×2102
Finally, reload the router.