Sometimes, it so happens that the admin doesn’t remember password of a device and locked out of the device. The same thing can happen with the Cisco routers. In any case, if admin forget enable password or secret password then, basically he/she will not be able to enter the Cisco router’s privilege mode from user mode. Let’s learn about how to handle these scenarios and recover a password in a Cisco router.
Recovering passwords :
There are different configuration values which tell the router to load the IOS from which place i.e NVRAM, flash, ROM. The default configuration register value is
0x2102 , meaning that the 6th bit is off. The router will use the default settings and load the configuration stored in NVRAM (configuration stored in NVRAM is known as startup-configuration). By turning on 6th bit i.e changing the configuration Register value to 0x2142, it will ignore the content of NVRAM.
Basic steps for recovering the passwords :
- Boot the router and interrupt the boot sequence by pressing
Ctrl + Breakkey combination.
By pressing this combination, the ROM monitor mode will be seen as shown in the figure. Because we don’t want the old startup-configuration to load as the enable or secret password is not available.
Note : The
Ctrl+breakkey combination will work only if connected to router via COM1.
- Now, Change the configuration register value to 0x2142.
As already learned that by turning on 6th bit, we can ignore the startup-configuration contents. Therefore, changing the value to
0x2142, startup-configuration is bypass and will enter into setup mode.
- Simply reload the router by typing reset in ROMMON mode.
After reloading the router, the router will ask to use setup mode. Answering No to it, we will enter the user mode and by typing enable in user mode, we will enter privilege mode.
- Now, copy the running-configuration(RAM) to startup-configuration (NVRAM).
This means now the configuration is running in RAM. Now, enter global configuration mode by typing config terminal in the privilege mode and the global configuration mode where we can change the password as per our need.
After entering the global configuration mode, change the enable secret password to GeeksforGeeks as shown in the figure.
- Reset the configuration register to the default value i.e 0x2102.
This is important as next time when we will load the router, the configuration will be loaded from NVRAM. 0x2102 (means IOS) will be loaded from flash and use speed of 9600 baud(default configuration register value).
- Save the configuration to NVRAM.
The changed password is currently stored in running configuration (RAM), therefore, move the configuration to startup-configuration(NVRAM). By typing the command, copy running-config startup-config, move the contents to NVRAM.
Admin can verify secret password by typing
show running-config in user execution mode as shown. Remember that the secret password will be in encrypted form (as shown in the figure).
- Longest Prefix Matching in Routers
- Wi-Fi Password of All Connected Networks in Windows/Linux
- Backing up Cisco IOS Router image
- Cisco Router modes
- Cisco Router basic commands
- Password Authentication Protocol (PAP)
- TELNET and SSH in Cisco devices
- Cisco ASA Redistribution example
- Single band, Double band and Multi band Routers
- One Time Password (OTP) algorithm in Cryptography
- Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) in Data Link Layer
- Difference between Direct and Arbitrated Digital Signature
- Principle of Information System Security
- Types of VPN Tunelling
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.