Cisco IOS Router Password Recovery

This topic is to discuss the following lesson:

When you login to a router or switch how can you tell if someone applied the confreg 0x2142 command,but didn’t set the device back to the config-register 0x2102?

Hello Jack.

Using the show version command, you can see what the current configuration of the config register is. It’s usually the very last line in the output of the command. Take a look at the attached image that shows the output of the command.

I hope this has been helpful!

Laz

Is it possible to perform password recovery without losing configurations?

Alexis,
Yes, the standard procedure for recovering a password does not cause you to lose your startup configuration information. The exact procedure differs slightly for different products, so I will use a 2900 series router as an example below.

A high level overview of the process is:
-Attach the terminal cable to the console port
-Reboot the router and issue a BREAK during the boot
-Change the configuration register so that the device boots to ROMMON (usually 0x2142)
-Issue the Reset command at the rommon> prompt
*******************
Important Step for your Question:
-Copy startup configuration to running configuration (make sure you do NOT reverse this!!). This step loads your saved configuration into active memory, but since you are already in the privileged mode, you have essentially bypassed any security associated with the startup config.
*******************
-Set the passwords that were lost
-Change your config-register back to the default (probably 0x2102)
-Issue a Write Memory to save your password and config register changes
-Reboot the device

Here is a more detailed Cisco Article:
http://www.cisco.com/c/en/us/support/docs/routers/2800-series-integrated-services-routers/112033-c2900-password-recovery-00.html

Hi,

So it is correct that once we reboot the router in ROMMON mode - start-up config will be intact ?

Thanks
Abhishek

Hello Abhishek.

Yes, that is correct. The startup-config remains intact when you boot the router in ROMMON mode.

Laz

Hello Rene,

Could you please provide the steps to recover the switch password?

Thank you.
Swapnil

Hello Swapnil

You can take a look at this lesson for the recovery of a password from an IOS router. The procedure is very similar for a switch.

You can also look at this Cisco documentation for more information.

I hope this has been helpful!

Laz

Hello Sirs!
Can you tell me that how to reset the password of Cisco 3850 series?

Thanks in advance for the help in this regard.

Regards

Ajmal

Hello Ajmal

You can follow the steps found in this lesson:


This is for routers, but can also be applied to switches. The only difference is how you enter rommon mode. You can take a look at this post from the Cisco community as well:

I hope this has been helpful!

Laz

Thank you Liz Sir.

Regards

Ajmal

1 Like

Can i recover the password in user mode if i have forgotten the username and password…

one more thing is as rene run the command copy startup-config to runnig config , if i don’t do it , is that mean i will loose my startup configuration ??

Hello Narad

In the example in the lesson, the problem is that the enable password has been forgotten. However, this process can also be used to recover the username and password used to log in to user mode as well. Once you go through the same process, as soon as you issue the copy startup-config running-config command, you have full access to modify anything you like, including username and passwords to the local database.

If you don’t issue this command, you won’t lose your startup-config. The startup-config will still be safely stored in the NVRAM. However, by issuing this command, you are reverting the device to the configuration stored there. In other words, the startup-config is moved into RAM and is the currently active config.

I hope this has been helpful!

Laz