Home | Basic Management | Accessing pg1 | Accessing pg2
Router(IOS) Software | Commands | IOS Naming | Configuration Register

Password Recovery Procedures

The following is a brief review of password recovery procedures as they pertain to Cisco routers. More information may be found at Cisco's Website, but you will find this guide useful as a quick reference to troubleshooting password problems. Password recovery procedures are to be undertaken by the system administrator or by those who are responsible for the operation of the router.

If you are locked out of a router because you forgot the password, you can change the configuration register to help you recover. Bit 6 in the configuration register is used to tell the router whether to use the contents of NVRAM to load a router configuration. The default configuration register value for bit 6 is 0x2102, which means that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6, which will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142. Here are the main steps to password recovery for three common Cisco routers:

2500 Password Recovery Procedures
1700 and 2600 Password Recovery Procedures

For reasons of security the procedures discussed here require physical access to the device.
For Cisco routers there are two different recovery procedures. Both begin with the same first step.

Make sure your terminal program is running with the following characteristics.
  1. >9600 baud rate
    >No parity
    >Data bits set to 8
    >1 stop bit
    >Flow control off

  2. Connect the console cable from the back of your computer to the console port on your router

  3. Turn on your router

  4. Just after the router flashes the processor information with the system memory press the following key combination, Control+F6+Break. Different break key sequences exist for different emulation programs. Check HERE for others. The previous combination is for Hyper Terminal, which continues to be a popular Windows terminal emulation program. Other combinations can be found on the Cisco Website. If you completed this last step correctly then your program should now read one of two things. The first is:

    monitor: command "boot" aborted due to user interrupt
    rommon 1 >

    The second is just a prompt that looks like this:


    If you have either of these screens then you have successfully brought the router into rommon mode and are ready to issue commands.

  5. The next step to the first example above is to type confreg. Confreg will cause the router to enter the configuration summary, where you will see the settings currently loaded for that individual router. You will also see the question:

    do you wish to change the configuration? y/n [n]:

    Type y and hit return to enter a menu. For the purpose of this discussion we are only interested in one command in this menu. Hit return, or n for no, until you come to the question:

    enable "ignore system config info"? y/n [n]:

    Type y or yes to tell the router to ignore its previously saved configuration. Hit n or return until you reach the bottom of the list and the list starts asking if you want to change the configuration. Type n or no this time, and you will receive the following screen.

    You must reset or power cycle for new config to take effect

    Type reset and the machine will load with a blank configuration. The first step in the second example is to type

    o/r 0x2142

    at the > prompt. This resets the register. Issue the


    command to reboot. The bootstrap and platform are the deciding factors determining which screen you will see. The newer more common style I have listed first. The older second style is still seen. Either style has the same effect, and your routers should now be resetting.

  6. Your router now should be at the setup screen. Depending upon your focus of password recovery, your job might be done here. You have gained access into your router and should now have all commands and functions available to you. Make sure you write your new config to the NVRAM, so that your new config will be used at next boot. Before you issue that command the router still thinks that the old config is still valid, and will boot off of it at next boot. The command

    erase startup-config

    will permanently erase the stored config prompting you with a setup screen until such time as you save a configuration to NVRAM. If you are attempting to gain access to the configuration saved in NVRAM then you need to issue the following command from the enable prompt.

    copy start running

    This will copy the startup configuration into the running configuration. You can now see the password either encrypted or not, as well as the interfaces and other information by typing:

    show running

    you may then check previously held configurations, access lists, and protocols. You may change them or erase them completely. Make sure you save your new existing or new configurations with your new passwords. Issue the following command from the enable prompt.

    copy running start