Password Recovery for Cisco Routers

January 29, 2019

By Tuan Nguyen | 3 Min Read | Technical Level: Intermediate

Need help accessing a used router? Or perhaps you’ve just misplaced the “Enable Password” and don’t have access to “Privileged EXEC mode”? No worries! Here are some step by step instructions and explanations to help you get through your problem!

1. Turn off or shut down the router

2. Take out the Compact flash of the router (this step will ensure that the router boots into rommon mode which is where we can bypass the current config file)

3. Turn on the router. You should see the following prompt.

rommon 1>

4. Reinsert the compact flash card into the router.

5. From the rommon prompt type “confreg 0x2142” and “reset” which may look like this

rommon 1>confreg 0x2142

rommon 2>reset

Changing the configuration register to 0x2142 tells the router to bypass the current configuration file and load as if there is no configuration file on the router, and then the “Reset” command will take us out of rommon mode and boot the router like normal now that the flash is reinserted.

6. Wait for the router to boot up and enter “No” when prompted to enter the initial configuration dialogue.

System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)

TAC:Home:SW:IOS:Specials for info

C2900 platform with 524288 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image: ######################################################################################################################################################################################################################################################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software – Restricted Rights clause at FAR sec. 52.227-19 and subparagraphc) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M1,

RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Wed 02-Dec-09 15:23 by prod_rel_team

Cisco CISCO2921/K9 (revision 1.0) with 475136K/49152K bytes of memory.

Processor board ID FHH1230P04Y

1 DSL controller

3 Gigabit Ethernet interfaces

9 terminal lines

1 Virtual Private Network (VPN) Module

1 Cable Modem interface

1 cisco Integrated Service Engine-2(s)

Cisco Foundation 2.2.1 in slot 1

DRAM configuration is 64 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

248472K bytes of ATA System CompactFlash 0 (Read/Write)

62720K bytes of ATA CompactFlash 1 (Read/Write)

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

7. Type “enable” at the Router> prompt.

Router>enable

Router#

8. Enter “copy startup-config running-config” this will copy the existing configuration file from NVRAM your running config or RAM

Router#copy startup-config running-config

Destination filename [running-config]?

1324 bytes copied in 2.35 secs (662 bytes/sec)

Router#

9. From the privilege prompt enter global configuration by typing “config t”

Router#config t

Router(config)#

10. From global configuration type in “enable secret <password>” to change the password to what you want

Router(config)#enable secret cisco

Router(config)#

11. Don’t forget to save your work!!! “copy running-config startup-config”

Router(config)#end

Router#copy running-config startup-config

NOTE: If you’re not comfortable with removing the compact flash there is also a way to perform a password recovery by leaving the flash where it is. Follow the same instructions but ignore step #2 and step #4. After you turn on the router it should look a little something like this…

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################

While the image is decompressing enter the routers break sequence by pressing <Ctrl+Break> this should bring you to rommon mode where you can follow the same instructions to recover the password.

Instructor Bio:

Tuan Nguyen has over 20 years of experience as a consultant, systems engineer, and Certified Cisco Systems Instructor. He specializes in Cisco routers and Cisco Internetworking Operating Systems (IOS). Mr. Nguyen also has extensive knowledge in all aspects of Local Area Network (LAN), and Wide Area Network (WAN) technologies, including design, implementation and support of Cisco IP Unified Communication, IP Multicasting, Multiprotocol Label Switching (MPLS), Frame Relay, Routing and Switching, Cisco Internetwork Service Provider (ISP), and Cisco Security. He is also proficient in interconnectivity, data communications, network and analyzing, baselining and troubleshooting, router configuration, Multi-Protocol routing, protocol analysis, security, and firewall configuration.

Tuan teaches courses across the enterprise, security, service provider, Data Center, and voice curricula. Tuan infuses best practices from his experience into what he teaches and relates the material to the tasks students perform on the job.

To see networking training offered at Sunset Learning Institute, please visit our Routing & Switching page.

See what tutorial videos we have on our YouTube Channel.

Tags: Cisco Enterprise Networking