In this Management Lab you will recover a lost password on a Cisco router.

 

From user EXEC mode, enter the show version command to record the setting of the configuration register. The configuration register setting will be shown on the last line of the command output.

Notice that the configuration register setting is 0x2102. Write this down.

Task	Command
Display version information.	show version

 

When the router is booted, it starts to load the Cisco IOS® boot image from Flash. When the Cisco IOS Software starts, it loads the startup configuration file, containing all configured passwords, from NVRAM to RAM. To recover a configured password, we need to interrupt this standard bootup process and make the router enter ROM monitor mode by pressing a break key within 60 seconds of initial router powerup. Break keys vary by terminal or terminal-emulation setup. For more information, see Possible Key Combinations for Break Sequence During Password Recovery. Within this Cisco Interactive Mentor simulation environment (CIM-SE) simulation, the power switch and break key are simulated by buttons inside the CIM-SE window itself.

Now simulate powering the router down and then back up, by clicking on the Power Cycle button.

Within the first ten seconds of the boot process, simulate entering the break-key sequence on the console by clicking on the Break button. If you don't click the Break button in time, just click the Power Cycle button again and click the Break button within 10 seconds. On a real router you would have 60 seconds. The rommon 1 > prompt appears, telling you that you are in ROM monitor mode.

Type confreg 0x42 at the rommon 1 > prompt. This will configure the router to ignore NVRAM when booting.

 

Enter reset at the rommon 2 > prompt, and answer n at the "Would you like to enter the initial configuration dialog? [yes]:" prompt. Then press Return when prompted.

 

Enter the enable command at the Router> prompt. The router immediately enters privileged EXEC mode, because it booted from the Flash configuration, which doesn't have a password configured.

 

Enter the show startup-config command at the Router# prompt. The enable password will be shown toward the end of the configuration.

There are situations in which you might have to change the password, rather than just reading it out of the configuration (if it's encrypted, for example). Different Cisco router models also have different password-recovery steps. For instructions on how to recover the password on most Cisco products and how to change an encrypted password, see the Password Recovery Techniques document.

 

Enter global configuration mode by entering configure terminal at the Router# prompt. Then change the configuration register back to its original value of 0x2102. Then exit global configuration mode by entering Ctrl-Z.

Task	Command
From privileged EXEC mode, enter global configuration mode.	configure terminal
Reset the configuration register to 0x2102.	config-register 0x2102
Exit global configuration mode.	Ctrl-Z

 

Use the reload command to restart the router with the configuration you just looked at. Answer n to the "System configuration has been modified. Save?" question, and y to the "Proceed with reload? [confirm]" question.

 

Enter privileged EXEC mode, using the password you just viewed in the configuration.

 

You are finished with this Management Lab. Close the CIM-SE window and continue with the next section.