Cisco Routers Password Reset
Learn how to reset and/or clear the console and enable passwords from a Cisco 2900 Series Router(s) and other routers including the 1700, 3600, 3700, 1800, 2800, 3800 and the New ISR G2′s Series routers.
The Cisco 2900 Series routers are by far the most popular routers used in Lab environments and many still exist today in production as many business have the moto “if it works then Don’t fix it.”
Recovering passwords or sanitizing the NVRAM contents on a Cisco router rather it be the 2900 series or newer generation routers is a very common procedure and should be known by any CCNA without referring to documentation.
Lab Prerequisites
- A Cisco 2900 Series router or greater that has an unknown console or enable password.
- An active Serial Console session to the device that you’re unable to log into.
Lab Objectives
- Break the boot sequence when powering on the Cisco 2900 Series router to place yourself in ROM monitor mode.
- Change the configuration register to 0×2142 to make the router bypass the contents of NVRAM when booting then reset the router
- (Option 1) – Once booted, place yourself into privileged mode and copy the start up-config to the running config. Afterward, you may change the line password or enable password and write the configuration by to NVRAM by issuing the copy run start command.
- (Option 2) – Once booted, place yourself into privileged mode and do a write erase to clear the contents of the NVRAM.
- Now change the configuration register back to 0×2102 to boot set the router to boot normally and load the NVRAM contents upon boot.
Lab Instruction
As shown below is a Cisco 2900 router that has a console password on the device. With such a password you cannot access exec mode without authenticating this password correctly. When buying routers used, you may commonly be faced with scenario.
Router con0 is now available
Press RETURN to get started.
User Access Verification
Password:
Step 1. Power cycle the router or power on the router initially. While the router is booting you’ll need to break the boot sequence to boot the router into bootrom, you do this by holding down CTRL and pressing PAUSE BREAK. Do this repeatedly till you are placed at the bootrom prompt.
System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Copyright (c) 2003 by cisco Systems, Inc.
C2600 platform with 262144 Kbytes of main memory
monitor: command "boot" aborted due to user interrupt
rommon 1 >
Step 2. Change the configuration register so that the router will ignore the contents of the NVRAM when booting into Cisco IOS. Set the configuration register to 0×2142 and boot the router.
rommon 1 >confreg 0x2142
rommon 2 >reset
Step 3 (Option 1) – After the router has booted into Cisco IOS, you’ll be prompted by the initial configuration dialog, type n here and press enter and you’ll be placed into user mode. Now you’re able to place your self into privileged mode by typing enable. Once in privileged mode you can copy the start-up configuration to the running configuration and then change the passwords manually then saved the configuration by to NVRAM by typing copy run start.
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>enable
Router#copy start run
Destination filename [running-config]?
506 bytes copied in 3.868 secs (168 bytes/sec)
IMAROUTER#configure terminal
IMAROUTER(config)#enable secret NEWENABLEPASSWORD
IMAROUTER(config)#line con 0
IMAROUTER(config-if)#password NEWPASSWORD
IMAROUTER(config-if)#end
IMAROUTER#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
IMAROUTER#