This document describes how to recover the enable password and the enable secret passwords. These passwords protect access to privileged EXEC and configuration modes. The enable password password can be recovered, but the enable secret password is encrypted and must be replaced with a new password. Use the procedure described in this document in order to replace the enable secret password.
Refer to Password Recovery Procedure for the Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers in order to recover a password on Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers.
Note: You may encounter boot problems with some Cisco 800 Series Routers. Cisco 801, 802, 803, 804, 805, 811, and 813 routers boot into TinyROM at power-up or after they save any configuration from the console port with Cisco IOS® Software Release 12.1(3) and later. Refer to Field Notice: Cisco 801-805 and Cisco 811 and 813 Boots into TinyROM for details about the affected unit serial number and the procedure required in order to solve the boot problem.
There are no specific requirements for this document.
The information in this document is based on these hardware versions:
Cisco 801 Series Router
Cisco 802 Series Router
Cisco 803 Series Router
Cisco 804 Series Router
Cisco 805 Series Router
Cisco 811 Series Router
Cisco 813 Series Router
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Password Recovery Procedures for information on how to recover passwords for related products.
Refer to Cisco Technical Tips Conventions for information on document conventions.
Follow these steps in order to recover your password:
Attach a terminal or PC with terminal emulation to the console port of the router.
Use these terminal settings:
9600 baud rate
No parity
8 data bits
1 stop bit
No flow control
The required console cable specifications are described in Cabling Guide for Console and AUX Ports.
Use the power switch in order to turn off the router, and then turn the router back on.
Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
Type set at the boot# prompt, and record the current value of the configuration register.
boot#set set baud =9600 set data-bits =8 set parity =none set stop-bits =1 set console-flags =0 set mac-address =0050.7307.C329 set unit-ip =10.200.40.65 set serv-ip =255.255.255.255 set netmask =255.255.252.0 set gate-ip =10.200.40.1 set pkt-timeout =8 set tftp-timeout =16 set boot-action =flash set file-name ="c800-nsy6-mw.122-10b.bin" set watchdog =off set prompt ="boot" set ios-conf =0x2102 !--- The ios-conf variable sets the value for the !--- configuration register. Record this value.
Type set ios-conf = 142 at the boot# prompt.
Note: The best setting is 142 if the Flash is intact. If the Flash is not installed or is erased, use 141. With this setting, you can view or erase the configuration, but you cannot change the password.
Type boot at the boot# prompt in order to initialize the router.
The router reboots, but ignores the saved configuration.
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
Type enable at the Router> prompt.
Once the Router# prompt appears, you are in enable mode.
Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.
Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration.
Type show running-config.
The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.
Type configure terminal.
The hostname(config)# prompt appears.
Type enable secret <password> in order to change the enable secret password. For example:
hostname(config)#enable secret cisco
Issue the no shutdown command on every interface that you use.
If you issue a show ip interface brief command, every interface that you want to use displays up up.
Type config-register <configuration_register_setting>. Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:
hostname(config)#config-register 0x2102
Press Ctrl-z or end in order to leave the configuration mode.
The hostname# prompt appears.
Type write mem or copy running startup in order to commit the changes.
Type reload.
Once the router reloads, the configuration register value changes from 0x142 to 0x2102.
This section provides an example of the password recovery procedure. This example was created with a Cisco 803 Series Router. Even if you do not use a Cisco 803 Series Router, this output provides an example of what you should experience on your product.
Router>show version Cisco Internetwork Operating System Software IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 11-Jul-02 19:53 by pwade Image text-base: 0x000F2000, data-base: 0x0086C000 ROM: TinyROM version 1.0(3) leased uptime is 1 minute System returned to ROM by power-on System image file is "flash:c800-nsy6-mw.122-10b.bin" Cisco C803 (MPC850) processor (revision 1) with 52940K bytes of virtual memory. Processor board ID JAD03325506 (2953252) CPU part number 0x2100 X.25 software, Version 3.0.0. Bridging software. Basic Rate ISDN software, Version 1.1. 2 POTS Ports 1 Ethernet/IEEE 802.3 interface(s) 1 ISDN Basic Rate interface(s) 12M bytes of physical memory (DRAM) 8K bytes of non-volatile configuration memory 12M bytes of flash on board (8M from flash card) Configuration register is 0x2102 !--- The router was just powercycled. !--- At bootup a break sequence is sent to the router. TinyROM version 1.0(3) Fri Apr 30 18:22:12 1999 Copyright (c) 1998-1999 by cisco Systems, Inc. All rights reserved. POST ......... OK. 12MB DRAM, 8MB Flash. boot# set set baud =9600 set data-bits =8 set parity =none set stop-bits =1 set console-flags =0 set mac-address =0050.7307.C329 set unit-ip =10.200.40.65 set serv-ip =255.255.255.255 set netmask =255.255.252.0 set gate-ip =10.200.40.1 set pkt-timeout =8 set tftp-timeout =16 set boot-action =flash set file-name ="c800-nsy6-mw.122-10b.bin" set watchdog =off set prompt ="boot" set ios-conf =0x2102 boot# set ios-conf = 142 !--You can use 0x142 or 0x2142. boot# boot Booting "c800-nsy6-mw.122-10b.bin"..., Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C800 Software (C800-Y6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 11-Jul-02 19:53 by pwade Image text-base: 0x000F2000, data-base: 0x0086C000 Cisco C803 (MPC850) processor (revision 1) with 52940K bytes of virtual memory. Processor board ID JAD03325506 (2953252) CPU part number 0x2100 X.25 software, Version 3.0.0. Bridging software. Basic Rate ISDN software, Version 1.1. 2 POTS Ports 1 Ethernet/IEEE 802.3 interface(s) 1 ISDN Basic Rate interface(s) 12M bytes of physical memory (DRAM) 8K bytes of non-volatile configuration memory 12M bytes of flash on board (8M from flash card) --- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no Press RETURN to get started! (press Enter) 00:26:02: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 11-Jul-02 19:53 by pwade 00:26:02: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start 00:26:02: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down 00:26:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state to down 00:26:03: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 00:26:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down Router>enable Router#copy startup-config running-config Destination filename [running-config]? (press Enter) % Login disabled on line 1, until 'password' is set % Login disabled on line 2, until 'password' is set % Login disabled on line 3, until 'password' is set % Login disabled on line 4, until 'password' is set % Login disabled on line 5, until 'password' is set 797 bytes copied in 2.304 secs (346 bytes/sec) 00:27:47: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:27:47: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down 00:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down 00:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to down
Note: After you copy the configuration file from NVRAM to RAM, you can perform one of these procedures:
Password recovery—Perform this procedure if the enable password (which is in plain text format) is configured.
Password replacement—Perform this procedure if the enable-secret password (which is in encrypted format) is configured based on how the password is last configured.
Note: In order to check the format in which the password is configured in the router, use the show running-config command, and look for enable password or enable secret password in the configuration. For more information, see Example of Enable Password Recovery and Example of Password Replacement.
This example output from the show running-config command shows that enable password is configured.
Router#show running-config Building configuration... Current configuration : 820 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! boot system flash c800-nsy6-mw.122-10b.bin enable password cisco !--- Here the password is plain text. You can either maintain !--- the same password or replace it with a new password. !--- Output omitted.
This example output from the show running-config command shows that enable secret password is configured. As a result, password replacement can be performed as shown in this example:
Router#show running-config Building configuration... Current configuration : 835 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! boot system flash c800-nsy6-mw.122-10b.bin enable secret 5 $1$O80N$NjrO/6P5jpi0PZYzAj/vX0 !--- Password replacement is performed because !--- the password is encrypted. !--- Output omitted. Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret letmein Router(config)# 00:03:39: %SYS-5-CONFIG_I: Configured from console by console
Once the password recovery or replacement is done, the remaining steps are the same, as shown in this example:
Router#show ip interface brief Interface IP-Address OK? Method Status Protocol BRI0 unassigned YES TFTP administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down Ethernet0 10.200.40.65 YES TFTP administratively down down Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface ethernet 0 Router(config-if)#no shutdown Router(config-if)# 00:30:02: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:30:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up Router(config)#config-reg 0x2102 Router(config)#^Z Router# 00:04:36: %SYS-5-CONFIG_I: Configured from console by console Router#write memory
After you issue the config-reg 0x2102 command, the new configuration register value is not immediately applied. The new value is applied only after the router is reloaded. This output from the show version command shows the current value (0x142) and the value that is applied after the next reload (0x2102).
Router#show version Cisco Internetwork Operating System Software IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 11-Jul-02 19:53 by pwade Image text-base: 0x000F2000, data-base: 0x0086C000 ROM: TinyROM version 1.0(3) leased uptime is 7 minutes System returned to ROM by power-on System image file is "flash:c800-nsy6-mw.122-10b.bin" Cisco C803 (MPC850) processor (revision 1) with 52940K bytes of virtual memory. Processor board ID JAD03325506 (2953252) CPU part number 0x2100 X.25 software, Version 3.0.0. Bridging software. Basic Rate ISDN software, Version 1.1. 2 POTS Ports 1 Ethernet/IEEE 802.3 interface(s) 1 ISDN Basic Rate interface(s) 12M bytes of physical memory (DRAM) 8K bytes of non-volatile configuration memory 12M bytes of flash on board (8M from flash card) Configuration register is 0x142 !--- This value becomes 0x2102 at next reload.
Router#show version Cisco Internetwork Operating System Software IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 11-Jul-02 19:53 by pwade Image text-base: 0x000F2000, data-base: 0x0086C000 ROM: TinyROM version 1.0(3) leased uptime is 0 minutes System returned to ROM by power-on System image file is "flash:c800-nsy6-mw.122-10b.bin" Cisco C803 (MPC850) processor (revision 1) with 52940K bytes of virtual memory. Processor board ID JAD03325506 (2953252) CPU part number 0x2100 X.25 software, Version 3.0.0. Bridging software. Basic Rate ISDN software, Version 1.1. 2 POTS Ports 1 Ethernet/IEEE 802.3 interface(s) 1 ISDN Basic Rate interface(s) 12M bytes of physical memory (DRAM) 8K bytes of non-volatile configuration memory 12M bytes of flash on board (8M from flash card) Configuration register is 0x2102