Password Recovery

Sometimes, the Cisco-enable or secret password is unknown and you must use password recovery to attain or change the enable/secret password.

Password recovery allows the network administrator to recover a lost or unknown password on a Cisco router. For password recovery, an administrator must have physical access to the router through the console or auxiliary port. When an EXEC user enters an incorrect enable password, the user receives an error message similar to the message shown in Example 4-17; the password entered is Cisco which is displayed as *****.

Example 4-17 Incorrect Password Error Message


Password: ****** Password: ***** Password: ***** % Bad passwords R1>

When a user receives a % Bad passwords message, the user can neither access the advanced command set (in this case, enable mode), nor make any configuration changes. Fortunately,

Cisco provides the following 10-step method to recover a lost password without losing configuration files:

Step 1 Power cycle the router.

Step 2 Issue a Control Break or the Break key command on the application (for Windows 2000, it is Control-Pause) to enter into boot ROM mode. The Control Break key sequence must be entered within 60 seconds of the router restarting after a power cycle.

Step 3 After you are in ROM mode, change the configuration register value to ignore the startup configuration file that is stored in NVRAM. Use the o/r 0x2142 command.

Step 4 Allow the router to reboot by entering the i command.

Step 5 After the router has finished booting up without its startup configuration, look at the show startup-config command output. If the password is encrypted, move to Step 6, which requires you to enter the enable mode (type enable and you will not be required to enter any password) and copy the startup configuration to the running configuration with the copy startup-config running-config command. Then, change the password. If the password is not encrypted and the enable secret command is not used, simply document the plain text password and go to Step 8.

Step 6 Copy the startup configuration to RAM.

Step 7 Enable all active interfaces.

Step 8 Change the configuration register to 0x2102 (default).

Step 9 Reload the router.

Step 10 Check the new password.

NOTE These are the generic steps for password recovery on a Cisco router. Some commands and steps might be slightly different depending on the hardware platform. Refer to the Password Recovery Procedures Index ( for more information on each platform.

To review, look at an example. Assume you are directly connected to Router R1 and you do not know the enable password. You power cycle the router and press the Control Break key (the Esc key) to enter boot mode.

Example 4-18 shows the dialog displayed by the router after a break is issued.

Example 4-18 Password Recovery Dialog on a Cisco Router

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

Copyright (c

) 1986-1995 by cisco Systems

Abort at 0x10EA882 (PC)

icontrol break issued followed by ? to view help options


>control break issued followed by ? to view help options


Toggle cache state

B [filename]

[TFTP Server IP address 1 TFTP Server Name]

Load and EXECute system image from ROM

or from TFTP server

C [address]

Continue EXECution [optional address]

D /S M L V

Deposit value V of size S into location L with

modifier M

E /S M L

Examine location L with size S with modifier M

G [address]

Begin EXECution


Help for commands




Stack trace

L [filename]

[TFTP Server IP address 1 TFTP Server Name]

Load system image from ROM or from TFTP server,

but do not begin EXECution


Show configuration register option settings


Set the break point


Single step next instruction

T function

Test device (? for help)

As you can see in Example 4-18, the ? symbol can display all the available options. To view the current configuration register, issue the e/s 2000002 command, which displays the value of the configuration register. Example 4-19 displays the current configuration register.

Example 4-19 e/s 200002 Command in Boot Rom Mode

>e/s 2000002

! This command will display the current configuration register 2000002: 2102

The default value for the configuration register on Cisco IOS routers is 2102. For illustrative purposes, change the register to 0x2142, which tells the IOS to ignore the configuration in NVRAM.

The command to change the configuration register in Boot ROM mode is 0/r 0x2142 followed by the initialize (i) command, which will reload the router. Example 4-20 displays the configuration change and initializing of the router from boot ROM mode.

Example 4-20 Changing the Configuration Register to 0x2142

The i command reboots the router and ignores your startup configuration because the configuration register has been set to 0x2142. The aim here is to change the password without losing your original configuration. Example 4-21 shows a truncated display by the Cisco IOS after the router is reloaded.

Example 4-21 Dialog After Reload

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE Copyright (c) 1986-1995 by Cisco Systems 2500 processor with 6144 Kbytes of main memory F3: 9407656+151288+514640 at 0x3000060

Restricted Rights Legend Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-AJS40-L), Version 11.2(17) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 05-Jan-99 13:27 by ashah Image text-base: 0X030481E0, data-base: 0x00001000 Basic Rate ISDN software, Version 1.0.

1 Ethernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

2 Low-speed serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read ONLY)


Example 4-21 Dialog After Reload (Continued)

— System Configuration Dialog — At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.

Would you like to enter the initial configuration dialog? [yes]:No Press RETURN to get started!

Router>ena !(no password required or entered) Router#

Notice that the router reverts to the default configuration. Enter the enable command to enter privilege EXEC mode. In this example, you will not be prompted for the enable password because there isn't one; by default, no enable password is configured when a Cisco IOS router boots from the default configuration (no passwords are configured in this default state).

You can view the startup config by using the show startup-config command (or show config in IOS versions predating version 10.3), as shown in Example 4-22. Example 4-22 show startup-config Command

Router#show startup-config

Using 1968 out of 32762 bytes

! Last configuration change at 16:35:50 UTC


May 18


! NVRAM config last updated at 16:35:51 UTC


May 18


version 2.2

service password-encryption

hostname R1

! Note there is no secret password either

enable password 7 05080F1C2243

As you can see in Example 4-22, the enable password is encrypted. In instances where the password is not encrypted, you could view the password using the show startup-config command. When a password is encrypted, you must copy the startup configuration to the running configuration and change the password manually by using the following IOS command:

copy startup-config running-config

At this point, you are still in privileged mode, so you can now enter global configuration mode to change the password back to its original setting (cisco, in this instance).

Example 4-23 displays the password change in global configuration mode set to the new password of cisco.

Example 4-23 Changing a Password and Setting the Configuration Registry Commands hostname#copy startup-config running-config

Destination filename [running-config]?

2818 bytes copied in 1.475 secs (2818 bytes/sec)

R1#config terminal

R1(config)#enable password cisco

R1(config)#config-register 0x2102



You complete password recovery by changing the configuration register back to the default value (0x2102).

NOTE If a secret password is also configured, you must use the enable secret password IOS command because the secret password overrides the enable password. Example 4-23 includes no secret password, so you can use the enable password command.

When the Cisco IOS router reloads, it will load the new configuration file with the password set to cisco.

0 0

Post a comment