Cisco Router Password Recovery

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

There are times when you need to recover Cisco Router password. This tutorial shows how to do it in few simple and detailed steps. Depending on the router model, the configuration might be slightly different, but the concept remains same (check Summarized Steps)

Although it is possible to bypass router password feature, but it is not possible to recover encrypted passwords. Plain text passwords can be viewed from saved configuration but the encrypted passwords must be changed to a new password.

Summarized Steps

Connect to router console port using terminal or PC using terminal emulation with appropriate settings.
(Optional) Find configuration register
Enter ROMMON mode
Change the configuration register
Recover or change passwords
Change back the configuration register

Connect to Router

Attach a PC with terminal emulation to the console port of the router using the following settings

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control

Make sure to use rollover cable for connection

(Optional) Find configuration register

Use the following command to check configuration register.

Router>show version
...
DRAM configuration is 64 bits wide with parity enabled.
55K bytes of NVRAM.
16384K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

Router>

Configuration register is at the end of the output.

Entering ROMMON mode

Power cycle the router. Turn it off using power switch and turn the router back on.
Within 60 seconds press Break in terminal to enter ROMMON mode
Note : The break sequence is different in every terminal emulation software (usually it is Ctrl+Break), check the documentation for details.

Here are the few common standard break key combination

Hyperterminal : Ctrl + Break
Putty : Ctrl + Break
Telnet : Ctrl + ], then type “send brk”

Configuration Register

By default the configuration register is set to 0×2102. In order to bypass the router password, the configuration register has to be changed to 0×2142.
Under ROMMON mode enter the following command

rommon 1>confreg 0x2142
rommon 2>reset

reset command will reboot the router

Recovering passwords

When the router reboots, it will not prompt for password because of the configuration register. The router will be loaded from flash, so the configuration (NVRAM) will be blank.
Important : Do not type “copy running-config startup-config”. This will overwrite the startup config with blank configuration file.

Copy the configuration to the running-config

Router#copy startup-config running-config

Thats it. Now all you have to do is reassign the password if it is encrypted, or recover from running-config if it is unencrypted.

Revert Configuration Register

After everything is done, set the configuration register back to 0×2102 (or whatever value was at the beginning of password recovery process)

Router(config)#config-register 0x2102

Save the configuration file to commit all the changes.

Summary

Depending on the router model there might be minor differences in setting configuration register. Check Cisco documentation for details.

Extra Reading : Disable Password Recovery

Cisco, IOS, Password, Router

About the author

Multi skilled Cisco network engineer, web programmer and system administrator, lost in different career path :-)

This entry was posted by Arsalan A. Suzuki on August 24, 2010 at 7:33 pm, and is filed under Cisco, IOS, Security. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.

Related Posts
Comments (0)

No comments yet.

No trackbacks yet.

Basic Frame Relay Configuration

about 6 months ago - 446No commentsBasic+Frame+Relay+Configuration2011-08-09+16%3A18%3A32Arsalan+A.+Suzuki

This article shows how to configure basic frame relay without using inverse ARP. We’ll be using the above topology for the configuration. The IP addresses of the routers are 192.168.1.X, where X is the router number. Configuration Steps Assign IP address to the serial interface Configure frame relay encapsulation Set frame map for each router…

Ping Multiple Addresses Using TCL Script Part 2

about 7 months ago - 431No comments2011-06-18+06%3A08%3A44Arsalan+A.+Suzuki

Part 1 of this tutorial showed how to ping multiple IP addresses using TCL script. This tutorial will further refine the script which was in Part 1. Instead of foreach loop, we will be using for loop to make the script shorter. TCL Script Here is the sample script for { set i 1 }…

Ping Multiple Addresses Using TCL Script Part 1

about 7 months ago - 406No comments2011-06-14+00%3A45%3A45Arsalan+A.+Suzuki

There might be situation where you might need to ping multiple IP addresses to check the full connectivity between devices. This tutorial shows you exactly how to do that using TCL script. I’ll be explaining how it works in details so you don’t need to have any programming or scripting experience. TCL Script Below is…

Enable Telnet Access on Cisco Router

about 8 months ago - 373No commentsEnable+Telnet+Access+on+Cisco+Router2011-05-16+19%3A10%3A37Arsalan+A.+Suzuki

This short tutorial shows how to enable telnet access on the router. Configuration Use the following commands to enable telnet access to the router. First check how many virtual terminal router supports. (Depending on the router model, the output might be different) Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line vty…

Cisco ūmi Home Telepresence on Your TV Set

about 1 year ago - 321No comments2010-10-07+08%3A26%3A22Arsalan+A.+Suzuki

Cisco announced Umi, a video conferencing appliance for typical consumers. Umi consists of camera mounted to the top of the screen which can capture Full HD 1080p video at 30 frames per second. The camera is connected to a device which act as a internet gateway for the TV. Umi which is scheduled to be…

Configuring Port Aggregation with EtherChannel

about 1 year ago - 308No comments2010-10-04+16%3A28%3A50Arsalan+A.+Suzuki

What is EtherChannel? EtherChannel is a link aggregation technology used primarily on Cisco switches. It can bundle two to eight physical port of the same Ethernet media type and speed. All bundled ports must have similar configuration. EtherChannel can be used to increase bandwidth, provide redundancy and load balance traffic EtherChannel Negotiation Protocols Cisco supports…

Configuring VLAN Access Control Lists (VACL)

about 1 year ago - 302No comments2010-09-27+14%3A10%3A27Arsalan+A.+Suzuki

What is VLAN Access Control Lists (VACL) used for? VLAN Access Control Lists (VACL) can be used to filter traffic within the same vlan Scenario Suppose a host is connected to VLAN 2 and we are required to drop all telnet traffic within VLAN 2. Configuration Make an access list to match telnet traffic Router(config)#access-list…

Configuring DHCP Snooping

about 1 year ago - 297No commentsConfiguring+DHCP+Snooping2010-09-09+13%3A34%3A34Arsalan+A.+Suzuki

What is DHCP Snooping DHCP snooping is a security feature inteneded to prevent rogue DHCP server from sending malicious DHCP replies. When DHCP snooping is enabled, the switch intercept all the DHCP requests, and discards DHCP replies coming from “untrusted” ports. The offending switch ports are automatically shut down and put in errdisable state. DHCP…

Cisco IOS Tips: Reload Command Explained

about 1 year ago - 247No comments2010-08-31+10%3A07%3A55Arsalan+A.+Suzuki

I guess the reload command is self explanatory. It reboots the router. Reload command can take two different kind of timer Execute at specific time or date (e.g at 11:00) Execute after certain number of minutes (e.g after 30mins) Note : The router clock must be set before the reload command can work properly. CLI…

Cisco IOS Tips: Display Interface The Smart Way

about 1 year ago - 238No comments2010-08-29+11%3A11%3A29Arsalan+A.+Suzuki

Use the following command to dsplay brief summary of interfaces Router#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.2 YES manual up up FastEthernet0/1 192.168.10.2 YES manual up up FastEthernet1/0 unassigned YES unset up down FastEthernet1/1 unassigned YES unset up down FastEthernet1/2 unassigned YES unset up down FastEthernet1/3 unassigned YES unset up…