Recovering a Lost Router Password

About Password Recovery
Have you ever forgotten the password to a router? Maybe not, but sometime in your career, you can expect someone to forget, and you will need to recover it.
The first thing that you have to know about password recovery is that for security reasons, you need physical access to the router. You connect your PC to the router through a console cable.
The enable password and the enable secret password protect access to privileged EXEC and configuration modes. The enable password can be recovered, but the enable secret password is encrypted and must be replaced with a new password.

The configuration register is a concept that you will learn more about later in your studies. The configuration register is similar to your PC BIOS settings, which control the bootup process. Among other things, the BIOS tells the PC from which hard disk to boot. In a router, a configuration register, represented by a single hexadecimal value, tells the router what specific steps to take when powered on. Configuration registers have many uses, and password recovery is probably the most used.

Router Password Recovery Procedure
To recover a router password, do the following:

Prepare the Device

Step 1. Connect to the console port.
Step 2. If you have lost the enable password, you would still have access to user EXEC mode. Type show version at the prompt, and record the configuration register setting.

R>#show version

Configuration register is 0x2102

The configuration register is usually set to 0x2102 or 0x102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.

Step 3. Use the power switch to turn off the router, and then turn the router back on.

Step 4. Press Break on the terminal keyboard within 60 seconds of power up to put the router into ROMmon.
Step 5. Type confreg 0x2142 at the rommon 1> prompt. This causes the router to bypass the startup configuration where the forgotten enable password is stored.

Step 6. Type reset at the rommon 2> prompt. The router reboots, but ignores the saved configuration.

Step 7. Type no after each setup question, or press Ctrl-C to skip the initial setup procedure.

Step 8. Type enable at the Router> prompt. This puts you into enable mode, and you should be able to see the Router# prompt.

Step 9.
Type copy startup-config running-config to copy the NVRAM into memory. Be careful! Do not type copy running-config startup-config or you will erase your startup configuration.

Step 10. Type show running-config. In this configuration, the shutdown command appears under all interfaces because all the interfaces are currently shut down. Most importantly though, you can now see the passwords (enable password, enable secret, vty, console passwords) either in encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.

Step 11. Type configure terminal. The hostname(config)# prompt appears.

Step 12. Type enable secretpassword to change the enable secret password. For example:

R1(config)# enable secret cisco

Step 13. Issue the no shutdown command on every interface that you want to use. You can issue a show ip interface brief command to confirm that your interface configuration is correct. Every interface that you want to use should display up up.

Step 14. Type config-registerconfiguration_register_setting. The configuration_register_setting is either the value you recorded in Step 2 or 0x2102 . For example:

R1(config)#config-register 0x2102

Step 15. Press Ctrl-Z or type end to leave configuration mode. The hostname# prompt appears.

Step 16. Type copy running-config startup-config to commit the changes.

You have now completed password recovery. Entering the show version command will confirm that the router will use the configured config register setting on the next reboot.


Anonymous said...

nice post

Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog