Scribd
Upload
245 views

Password Recovery Procedure Overview - 3650

The password recovery procedure overview involves 3 steps: 1) Reset the configuration register to ignore the startup configuration and boot from flash memory. 2) Log in and view the startup configuration file to see existing passwords. 3) Replace or recover lost passwords and reset the configuration register.

Uploaded by

tuananh0788
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
245 views

Password Recovery Procedure Overview - 3650

The password recovery procedure overview involves 3 steps: 1) Reset the configuration register to ignore the startup configuration and boot from flash memory. 2) Log in and view the startup configuration file to see existing passwords. 3) Replace or recover lost passwords and reset the configuration register.

Uploaded by

tuananh0788
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Password Recovery Procedure Overview

Following is an overview of the steps in the password recovery procedure:


• If you can log in to the router, enter the show version command to determine the existing configuration register
value.
• Press the Break key to go to the bootstrap program prompt (ROM monitor). You might need to reload the system
image by power-cycling the router.
• Change the configuration register so that the following functions are enabled:
– Break
– Ignore startup configuration
– Boot from Flash memory

Note  The key to recovering a lost password is to set the configuration register bit 6 (0x2142) so that the
startup configuration (usually in NVRAM) is ignored. This allows you to log in without using a
password and to display the startup configuration password.

• Power cycle the router by typing reload at the rommon> prompt.


• Log in to the router and enter the privileged EXEC mode.
• Enter the show startup-config command to display the passwords.
• Recover or replace the displayed passwords.
• Change the configuration register back to its original setting.

Note  To recover a lost password if the break function is disabled on the router, you must have physical
access to the router.

Password Recovery Procedure


To recover or replace a lost enable, enable secret, or console login password, use this procedure:

Step 1  Attach an ASCII terminal to the console port on the router.

Step 2  Configure the terminal to operate at 9600 baud, 8 data bits, no parity, and 1 stop bit.

Step 3  If you can log in to the router as a nonprivileged user, enter the show version command to display the
existing configuration register value, then go to Step 6. If you cannot log in to the router at all, go to the
next step.

Step 4  Press the Break key or send a break from the console terminal.

• If break is enabled, the router enters the ROM monitor, indicated by the ROM monitor prompt (rommon>). Go to
Step 6.
• If break is disabled, power cycle the router (turn off the router or unplug the power cord, and then restore power).
Then go to Step 5.
Step 5  Within 60 seconds of restoring the power to the router, press the break key or send a break. This action
causes the router to enter the ROM monitor and display the ROM monitor prompt (rommon>).

Step 6  Set the configuration register using the configuration register utility. Enter the confreg command at the ROM
monitor prompt as follows:
rommon> confreg

Answer yes to the enable "ignore system config info?"


Step 7  Reboot the router by entering the reset command:

rommon> reset

The router initializes, the configuration register is set to 0x142, and the router boots the system image from Flash
memory and enters the system configuration dialog (setup):
--- System Configuration Dialog --

Step 8  Enter no in response to the system configuration dialog prompts until the following message appears:

Press RETURN to get started!

Step 9  Press Return. The user EXEC prompt appears:

Router>

Step 10  Enter the enable command to enter privileged EXEC mode. Then enter the show startup-
config command to display the passwords in the configuration file as follows:

Router# show startup-config

Step 11  Scan the configuration file display, looking for the passwords (the enable passwords are usually located
near the beginning of the file, and the console login or user EXEC password is near the end). The
passwords displayed appear similar to the following:

enable secret 5 $1$ORPP$s9syZt4uKn3SnpuLDrhuei


enable password 23skiddoo
.
.
line con 0
password onramp

The enable secret password is encrypted and cannot be recovered; it must be replaced. Go to the next step to
replace an enable secret, console login, or enable password. If there is no enable secret password, note the enable
and console login passwords. If the enable and console login passwords are not encrypted, go to Step 16.

Caution   Do not execute the next step unless you have determined you must change or replace the enable, enable secret, or
console login passwords. Failure to follow the steps as shown might cause you to erase the router configuration.

Step 12  Enter the copy startup-config running-config command to load the startup configuration file into running
memory. This action allows you to modify or replace passwords in the configuration.

Router# copy startup-config running-config

Step 13  Enter the privileged EXEC command configure terminal to enter configuration mode:

Router# configure terminal

Step 14  Change all three passwords using the following commands:

Router(config)# enable secret newpassword1


Router(config)# enable password newpassword2
Router(config)# line con 0
Router(config-line)# password newpassword3
Change only the passwords necessary for your configuration. You can remove individual passwords by using the no
form of the above commands. For example, entering the no enable secret command removes the enable
secret password.
Step 15  You must configure all interfaces to avoid having the system be administratively shut down:

Router(config)# interface fastethernet 0/0


Router(config-int)# no shutdown

Enter the equivalent commands for all interfaces that were originally configured. If you omit this step, all interfaces
are administratively shut down and unavailable when the router is restarted.
Step 16  Use the config-register command to set the configuration register to the original value noted in Step 3 or
Step 7, or to the factory default value 0x2102.

Router(config)# config-register 0x2102

Step 17  Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and
return to the EXEC command interpreter.

Caution  Do not execute the next step unless you have changed or replaced a password. If you skipped Step 12 through Step
15, go to Step 19. Failure to observe this caution causes you to erase the router configuration file.

Step 18  Enter the copy running-config startup-config command to save the new configuration to NVRAM.

Step 19  Enter the reload command to reboot the router.

Step 20  Log in to the router using the new or recovered passwords.

You might also like