Recover the password in Cisco Router

No Comments
Recover the password in cisco router

Today we will see how to recover the password in Cisco Router. I will illustrate step by step commands with screenshots to show the process of password recovery.

The process of password recovery is applicable in several models of Cisco routers. Here I choose a 2900 series Router to illustrate in Packet tracer. In fact, it works in most of the Routers. You just can check your Router whether it has the same configuration Register or not if you have an access to that.

Just Type “Show Version” from the User Config mode, the screen will show a lot of parameters. Just check the line ” Configuration Register is 0x2102″, if it is the same there, it will definitely work. 

Router>show version OR sh ver
Recover Password in Cisco router: config reg

Configuration Register: There are 2 numbers of 16 bit Config Register, 0x2102, and 0x2142. The prefix 0x signifies that the next bits are in Hexadecimal. So, 2102 and 2142 are the Hex values for 16 bit.

The default value of the Configuration Register is 0x2102. We are going to change the value of the configuration register to 0x2142. Register 0x2142 ignores the contents of Non-Volatile RAM (NVRAM), i.e. Startup Configuration. Hence in the next restart the Router boots without any Startup Configuration.

So, it will not ask for any password, you can enter Global config mode to change the passwords. Remember, the running-config is empty now, if you change the password and save here, it will replace the Original Startup config.

So, be careful to copy startup-config to Running config first. Then change the Parameters and copy it back to start up config when you are done.

Recover the password in Cisco Router: Step by step process

Connect your Router with the PC with console cable as explained earlier.

Summary of the process

  • When your router boots, send a Break signal from the keyboard within 60 Seconds to Enter ROMMON mode.
  • From ROMMON mode change the Config- Reg value to 0x2142 and restart the router
  • Copy Startup Config to Running Config (Don’t forget this step, else you will lose the old configuration )
  • Now make changes to the Running Config Accordingly, i.e. set new password/Secret.
  • The Interfaces will go to Shut mode, Run No Shut at each Interface.
  • Copy Running Config to Start-up Config
  • Change the Config reg back to Default value 0x2102
  • Restart the Router
Recover Password in Cisco router: Router topology

Here I have taken a 2911 Router and configured three interfaces. Enable Secret & password, Line Console password, VTY password, and Auxiliary password are assigned to the Router. The following images show the initial configuration of the router in snaps. It is worthwhile to mention here, that the Enable secret characters will not be displayed in plain text as you can see in the first image. It just shows the hash value of the secret passphrase.

recover cisco router password: Start up config
recover cisco router password: Line console
recover cisco router password: Interface config

You may see the “Show Start” command output. The startup configuration contains all the passwords, hostname, Interface configuration, and other configurations. 

Entering the ROMMON Mode

Now I will restart the router, then from the Keyboard will press Break key to enter ROMMON mode. In your case, switch on your router and press Break key from keyboard within 60 seconds to enter ROMMON mode. You will find the Break key in your keyboard, in laptops, it may be provided a combination with the Function key. Else, you can use a combination of Control+C or Shift+Control+6 keys.

Here I use command Reload and press Enter when asked for the confirmation. Note that, the command to restart router is ‘reload’ from CLI, and in ROMMON mode its ‘reset’ command.

The prompt in ROMMON mode will have a ‘>’ sign with ‘rommon’ as shown in the figure below. The line count increases with each command. The first line prompts “rommon 1>”.

Rommon mode

Change Configuration Register from the ROMMON mode

From Rommon mode I will first Change the Configuration register to 0x2142 and restart the Router.

rommon 1 > confreg 0x2142
rommon 2 > reset
Reboot after confreg 0x2142

Look at the image above, the router boots with a new Configuration Register and you will find a User Exec prompt like “Router>”. This time it will not load the startup configuration so the hostname will be default as Router. Don’t worry your configuration is safe in NVRAM (Startup config). All you have to do is first copy that config file to RAM (Running config). The config register just ignored the start-up configuration and boot without any configuration. So, you are able to get into the Privilege and Global Config mode. Hope you understand the logic of changing the Config Reg value.

Copy Start up Config to Running Config

After rebooting, the first and important task is to copy startup-config to running-config from Privilege Exec Mode. The configuration file stored in NVRAM is copied to RAM. All the configurations of your router are there in NVRAM as Startup config, which is ignored during booting. Type enable command (or a simple ‘en’ command) to enter privilege exec mode. Once you enter here, you can set any password as desired. But first, copy that startup-config to Running config so that any changes you made will be overwritten in the original config file and rest configuration will remain unchanged.

Just type ‘enable’ to enter privilege exec mode then type ‘copy start run’ or ‘copy startup-config running-config’ as shown in the figure below. Hit Enter button when asked filename confirmation. Note that the host-name changes after copying to the original name.

Copy Start to Run
Router#copy startup-config running-config 
Destination filename [running-config]? 

857 bytes copied in 0.416 secs (2060 bytes/sec)
NetworkHope#

Set the New Passwords

Now you have access to all the configuration part. Change all the passwords and note down the new one. This way you can recover your lost password in Cisco Router. Once you are done with the passwords, do the following configurations.

Just type the following commands from Global configuration mode to set the passwords. Replace the asterisks symbols with your desired characters. Here NetworkHope is the hostname of my Router.


NetworkHope(config)#enable password ****
NetworkHope(config)#enable secret ****
NetworkHope(config)#line con 0
NetworkHope(config-line)#password ****
NetworkHope(config-line)#login
NetworkHope(config-line)#exit
NetworkHope(config)#line aux 0
NetworkHope(config-line)#password ****
NetworkHope(config-line)#login
NetworkHope(config-line)#exit
NetworkHope(config)#line vty 0 4
NetworkHope(config-line)#password ****
NetworkHope(config-line)#login
NetworkHope(config-line)#exit

Configure the IP Interfaces

The interfaces like FE, GE, or Serial will go to shutdown mode during the process. Configure them to No Shut mode.

You can see in the above image, that all the interfaces have the IP address but are in administrative shutdown mode. Now, enable them one by one by the following command.

NetworkHope#config t

Enter configuration commands, one per line.  End with CNTL/Z.

NetworkHope(config)#interface g0/0
NetworkHope(config-if)#no shut

%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

NetworkHope(config-if)#exit
NetworkHope(config)#interface g0/1
NetworkHope(config-if)#no shut

%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

NetworkHope(config-if)#exit
NetworkHope(config)#interface g0/2
NetworkHope(config-if)#no shut

%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up

NetworkHope(config-if)#exit
NetworkHope(config)#

Now all the interfaces are administratively up. If you have a working PC in any Network segment you can check that by pinging that interface.

Change the Config Register to default

Now change the configuration Register to it’s the default value. Save the running-config to startup-config first. To save the running Config you can type ‘copy running-config startup-config’ or ‘write memory’(or ‘copy run start’ / ‘wr mem’ in short). Hit the enter button for confirmation if you are using the copy command.

NetworkHope(config)#config-register 0x2102
NetworkHope(config)#exit

NetworkHope#copy run start

Destination filename [startup-config]? 
Building configuration...
[OK]

NetworkHope#reload
Proceed with reload? [confirm]

After successful copying, you may Reload the Router. Confirm reload by hitting the Enter button.

If you want to check it before the restart, run the show start command to view the startup configuration.

The password reset is done. After a restart, you may log in with the new credentials.

Please don’t forget to comment with your precious feedback/suggestions and share the article.

Share this article.


Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *