Open In App

Recovering password in Cisco Routers

Last Updated : 09 Aug, 2019
Improve
Improve
Like Article
Like
Save
Share
Report

Sometimes, it so happens that the admin doesn’t remember password of a device and locked out of the device. The same thing can happen with the Cisco routers. In any case, if admin forget enable password or secret password then, basically he/she will not be able to enter the Cisco router’s privilege mode from user mode. Let’s learn about how to handle these scenarios and recover a password in a Cisco router.

Recovering passwords :
There are different configuration values which tell the router to load the IOS from which place i.e NVRAM, flash, ROM. The default configuration register value is 0x2102 , meaning that the 6th bit is off. The router will use the default settings and load the configuration stored in NVRAM (configuration stored in NVRAM is known as startup-configuration). By turning on 6th bit i.e changing the configuration Register value to 0x2142, it will ignore the content of NVRAM.

Basic steps for recovering the passwords :

  1. Boot the router and interrupt the boot sequence by pressing Ctrl + Break key combination.

    By pressing this combination, the ROM monitor mode will be seen as shown in the figure. Because we don’t want the old startup-configuration to load as the enable or secret password is not available.

    Note : The Ctrl+break key combination will work only if connected to router via COM1.

  2. Now, Change the configuration register value to 0x2142.


    As already learned that by turning on 6th bit, we can ignore the startup-configuration contents. Therefore, changing the value to 0x2142, startup-configuration is bypass and will enter into setup mode.

  3. Simply reload the router by typing reset in ROMMON mode.
    After reloading the router, the router will ask to use setup mode. Answering No to it, we will enter the user mode and by typing enable in user mode, we will enter privilege mode.

    4.  

  4. Now, copy the running-configuration(RAM) to startup-configuration (NVRAM).
    This means now the configuration is running in RAM. Now, enter global configuration mode by typing config terminal in the privilege mode and the global configuration mode where we can change the password as per our need.

    After entering the global configuration mode, change the enable secret password to GeeksforGeeks as shown in the figure.
  5. Reset the configuration register to the default value i.e 0x2102.
    This is important as next time when we will load the router, the configuration will be loaded from NVRAM. 0x2102 (means IOS) will be loaded from flash and use speed of 9600 baud(default configuration register value).
  6. Save the configuration to NVRAM.
    The changed password is currently stored in running configuration (RAM), therefore, move the configuration to startup-configuration(NVRAM). By typing the command, copy running-config startup-config, move the contents to NVRAM.

Admin can verify secret password by typing show running-config in user execution mode as shown. Remember that the secret password will be in encrypted form (as shown in the figure).


Like Article
Suggest improvement
Previous
Router Boot Sequence
Next
Catalyst Switch Password Reset in Cisco
Share your thoughts in the comments

Similar Reads

Recovering Deleted Digital Evidence
How to Configure SSH on Cisco Routers and Switches?
How to Disable Telnet on Cisco Switches and Routers?
Longest Prefix Matching in Routers
Single band, Double band and Multi band Routers
Packet Queuing and Dropping in Routers
Advantage and Disadvantage of Routers
Backing up Cisco IOS Router image
Cisco Router modes
Cisco Router basic commands
author
saurabhsharma56
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox