Password Recovery Procedures and the Configuration Register

This chapter provides information and commands concerning the following topics:

• The configuration register

— A visual representation

— Console terminal baud rate settings

— Changing the console line speed: CLI

— Changing the console line speed: ROM Monitor mode

• Password-recovery procedures for Cisco routers

• Password-recovery procedures for 2960 series switches

The Configuration Register

router#show version

The last line of output tells you what the configuration register is set to.

router#configure terminal

Moves to global configuration mode.

router(config)#config- register 0x2142

Changes the configuration register to 2142.

A Visual Representation

The configuration register is a 16-bit field stored in NVRAM. The bits are numbered from 15 to 0 looking at the bit stream from left to right. Bits are split up into groups of 4, and each group is represented by a hexadecimal digit.

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

Bit places

0 0 1 0 0 0 0 1 0 1a 0 0 0 0 1 0

Register bits

2 1 4 2

Bits represented in hex

What the Bits Mean

Bit Number

Hexadecimal

Meaning

00-03

0x0000-0x000F

Boot field.

06

0x0040

Ignore NVRAM contents.

07

0x0080

OEM bit enabled.

08

0x0100

Break disabled.

09

0x0200

Causes system to use secondary bootstrap (typically not used).

10

0x0400

IP broadcast with all 0s.

5, 11, 12

0x0020, 0x0800, 0x1000

Console line speed.

13

0x2000

Boots default ROM software if network boot fails.

14

0x4000

IP broadcasts do not have net numbers.

15

0x8000

Enables diagnostic messages and ignores NVRAM contents.

The Boot Field

NOTE: Even though there are 16 possible combinations in the boot field, only 3 are used.

Boot Field

Meaning

00

Stays at the ROM Monitor on a reload or power cycle

01

Boots the first image in flash memory as a system image

02-F

Enables default booting from flash memory

Enables boot system commands that override default booting from flash memory

TIP: Because the default boot field has 14 different ways to represent it, a configuration register setting of 0x2102 is the same as 0x2109, or 210F. The boot system command is described in Chapter 16, "Backing Up and Restoring Cisco IOS Software and Configurations."

Console Terminal Baud Rate Settings

Baud

Bit 5

Bit 12

Bit 11

115200

1

1

1

57600

1

1

0

38400

1

0

1

19200

1

0

0

9600

0

0

0

4800

0

0

1

2400

0

1

1

1200

0

1

0

Changing the Console Line Speed: CLI

router#configure terminal

router(config)#line console 0

Enters console line mode

router(config-line)#speed 19200

Changes speed to 19200 baud

TIP: Cisco IOS Software does not allow you to change the console speed bits directly with the config-register command.

Changing the Console Line Speed: ROM Monitor Mode

rommonl>confreg

Shows configuration summary. Step through the questions, answering with the defaults until you can change the console baud rate.

Configuration Summary enabled are:

load rom after netboot fails console baud: 9600

boot: image specified by the boot system commands or default to: x (name of system image)

do you wish to change the configuration? y/n [n]: y enable "diagonstic mode"? y/n [n]: n enable "use net in IP bcast address"? y/n [n]: n disable "load rom after netboot fails"? y/n [n]: n enable "use all zero broadcast"? y/n [n]: n enable "break/abort has effect"? y/n [n]: n enable "ignore system config info"? y/n [n]: n change console baud rate? y/n [n]: y enter rate: 0=9600, 1=4800, 2=1200, 3=2400

4=19200, 5=38400, 6=57600, 7=115200

[0]: 7

Configuration Summary enabled are:

load rom after netboot fails console baud: 115200

boot: image specified by the boot system commands or default to: x (name of system image)

change the boot characteristics? y/n [n]: n

After the summary is shown again, choose n to not change the configuration and go to the rommon>prompt again.

rommon2>

TIP: Make sure that after you change the console baud rate, you change your terminal program to match the same rate!

Password-Recovery Procedures for Cisco Routers

Step

2500 Series Commands

1700/2600/ISR Series Commands

Step 1: Boot the router and interrupt the boot sequence as soon as text appears on the screen.

Press Ç-l^^ >

Press Ç-l^^ rommon 1>

Step 2: Change the configuration register to ignore contents of NVRAM.

>o/r 0x2142

rommon l>confreg 0x2142

>

rommon 2>

Step 3: Reload the router.

>i

rommon 2>reset

Step 4: Enter privileged mode. (Do not enter setup mode.)

Router>enable

Router>enable

Router#

Router#

Step 5: Copy the startup configuration into the running configuration.

Router#copy startup-config running-config

Router#copy startup-config running-config

...<output cut>...

...<output cut>...

Denver#

Denver#

Step 6: Change the password.

Denver#configure terminal

Denver#configure terminal

Denver(config)#enable secret new

Denver(config)#enable secret new

Denver(config)#

Denver(config)#

Step 7: Reset the configuration register back to its default value.

Denver(config)#config-register 0x2102

Denver(config)#config-register 0x2102

Denver(config)#

Denver(config)#

Step 8: Save the configuration.

Denver(config)#exit

Denver(config)#exit

Denver#copy running-config startup-config

Denver#copy running-config startup-config

Denver#

Denver#

Step 9: Verify the configuration register.

Denver#show version

Denver#show version

...<output cut>...

...<output cut>...

Configuration register is 0x2142 (will be 0x2102 at next reload)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Denver#

Denver#

Step 10: Reload the router.

Denver#reload

Denver#reload

Password Recovery for 2960 Series Switches

Unplug the power supply from the back of the switch.

Press and hold the Mode button on the front of the switch.

Plug the switch back in.

Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.

Issue the following commands:

switch: flash_init

Initializes the flash memory.

switch: load_helper

switch: dir flash:

Do not forget the colon. This displays which files are in flash memory.

switch: rename flash:config.text flash:config.old

You are renaming the configuration file. The config.text file contains the password.

switch: boot

Boots the switch.

When asked whether you want to enter the configuration dialog, enter n to exit out to the switch prompt.

Takes you to user mode.

switch>enable

Enters privileged mode.

switch#rename flash:config.old flash:config.text

Renames the configuration file back to the original name.

Destination filename [config.text]

Press ®.

switch#copy flash:config.text system:running-config

Copies the configuration file into memory.

768 bytes copied in 0.624 seconds

2960Switch#

The configuration file is now reloaded. Notice the new prompt.

2960Switch#configure terminal

Enters global configuration mode.

2960Switch(config)#

Proceed to change the passwords as needed

2900Switch(config)#exit

2900Switch#copy running-config startup-config

Saves the configuration into NVRAM with new passwords.

This page intentionally left blank

Was this article helpful?

+1 0

Post a comment