Password Recovery Procedure for the Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers

Available Languages

Download Options

PDF (16.4 KB)
View with Adobe Reader on a variety of devices

Updated:January 4, 2007

Document ID:12732

Introduction

Prerequisites

Requirements

Components Used

Introduction

This document describes how to recover the enable password and the enable secret passwords. These passwords protect access to privileged EXEC and configuration modes. The enable password password can be recovered, but the enable secret password is encrypted and must be replaced with a new password. Use the procedure described in this document in order to replace the enable secret password.

Refer to Password Recovery Procedure for the Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers in order to recover a password on Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers.

Note: You may encounter boot problems with some Cisco 800 Series Routers. Cisco 801, 802, 803, 804, 805, 811, and 813 routers boot into TinyROM at power-up or after they save any configuration from the console port with Cisco IOS^® Software Release 12.1(3) and later. Refer to Field Notice: Cisco 801-805 and Cisco 811 and 813 Boots into TinyROM for details about the affected unit serial number and the procedure required in order to solve the boot problem.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these hardware versions:

Cisco 801 Series Router
Cisco 802 Series Router
Cisco 803 Series Router
Cisco 804 Series Router
Cisco 805 Series Router
Cisco 811 Series Router
Cisco 813 Series Router

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Related Products

Refer to Password Recovery Procedures for information on how to recover passwords for related products.

Conventions

Refer to Cisco Technical Tips Conventions for information on document conventions.

Step-by-Step Procedure

Follow these steps in order to recover your password:

Attach a terminal or PC with terminal emulation to the console port of the router.

Use these terminal settings:
- 9600 baud rate
- No parity
- 8 data bits
- 1 stop bit
- No flow control
The required console cable specifications are described in Cabling Guide for Console and AUX Ports.
Use the power switch in order to turn off the router, and then turn the router back on.
Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.

If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.

Type set at the boot# prompt, and record the current value of the configuration register.

boot#set 
set baud           =9600 
set data-bits      =8 
set parity         =none     
set stop-bits      =1 
set console-flags  =0 
set mac-address    =0050.7307.C329 
set unit-ip        =10.200.40.65      
set serv-ip        =255.255.255.255      
set netmask        =255.255.252.0      
set gate-ip        =10.200.40.1     
set pkt-timeout    =8 
set tftp-timeout   =16 
set boot-action    =flash
set file-name      ="c800-nsy6-mw.122-10b.bin"      
set watchdog       =off 
set prompt         ="boot"      
set ios-conf       =0x2102 
!--- The ios-conf variable sets the value for the !--- configuration register. Record this value.

Type set ios-conf = 142 at the boot# prompt.

Note: The best setting is 142 if the Flash is intact. If the Flash is not installed or is erased, use 141. With this setting, you can view or erase the configuration, but you cannot change the password.
Type boot at the boot# prompt in order to initialize the router.

The router reboots, but ignores the saved configuration.
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
Type enable at the Router> prompt.

Once the Router# prompt appears, you are in enable mode.
Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.

Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration.
Type show running-config.

The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.
Type configure terminal.

The hostname(config)# prompt appears.
Type enable secret <password> in order to change the enable secret password. For example:
```
hostname(config)#enable secret cisco
```
Issue the no shutdown command on every interface that you use.

If you issue a show ip interface brief command, every interface that you want to use displays up up.
Type config-register <configuration_register_setting>. Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:
```
hostname(config)#config-register 0x2102
```
Press Ctrl-z or end in order to leave the configuration mode.

The hostname# prompt appears.
Type write mem or copy running startup in order to commit the changes.
Type reload.

Once the router reloads, the configuration register value changes from 0x142 to 0x2102.

Sample Output Example

This section provides an example of the password recovery procedure. This example was created with a Cisco 803 Series Router. Even if you do not use a Cisco 803 Series Router, this output provides an example of what you should experience on your product.

Router>show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

ROM: TinyROM version 1.0(3)
leased uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"

Cisco C803 (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)

Configuration register is 0x2102

!--- The router was just powercycled. !--- At bootup a break sequence is sent to the router.

 
TinyROM version 1.0(3)
Fri Apr 30 18:22:12 1999
Copyright (c) 1998-1999 by cisco Systems, Inc.
All rights reserved.

POST ......... OK. 12MB DRAM, 8MB Flash.
boot# set 
set baud           =9600 
set data-bits      =8 
set parity         =none     
set stop-bits      =1 
set console-flags  =0 
set mac-address    =0050.7307.C329 
set unit-ip        =10.200.40.65      
set serv-ip        =255.255.255.255      
set netmask        =255.255.252.0      
set gate-ip        =10.200.40.1     
set pkt-timeout    =8 
set tftp-timeout   =16 
set boot-action    =flash
set file-name      ="c800-nsy6-mw.122-10b.bin"      
set watchdog       =off 
set prompt         ="boot"      
set ios-conf       =0x2102


boot# set ios-conf = 142 
!--You can use 0x142 or 0x2142.

boot# boot

Booting "c800-nsy6-mw.122-10b.bin"...,
        Restricted Rights Legend

Use, duplication, or disclosure by the Government is 
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

      cisco Systems, Inc.
      170 West Tasman Drive
      San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-Y6-MW), Version
12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

Cisco C803  (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)


    --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no


Press RETURN to get started! (press Enter)

00:26:02: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
00:26:02: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
00:26:02: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down
00:26:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state to down
00:26:03: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down
00:26:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state 
to down

Router>enable

Router#copy startup-config running-config
Destination filename [running-config]?  (press Enter)

% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
797 bytes copied in 2.304 secs (346 bytes/sec)

00:27:47: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:27:47: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down
00:27:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to down

Note: After you copy the configuration file from NVRAM to RAM, you can perform one of these procedures:

Password recovery—Perform this procedure if the enable password (which is in plain text format) is configured.
Password replacement—Perform this procedure if the enable-secret password (which is in encrypted format) is configured based on how the password is last configured.

Note: In order to check the format in which the password is configured in the router, use the show running-config command, and look for enable password or enable secret password in the configuration. For more information, see Example of Enable Password Recovery and Example of Password Replacement.

Example of Enable Password Recovery

This example output from the show running-config command shows that enable password is configured.

Router#show running-config
Building configuration...
Current configuration : 820 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash c800-nsy6-mw.122-10b.bin
enable password cisco


!--- Here the password is plain text. You can either maintain !--- the same password or replace it with a new password. !--- Output omitted.

Example of Password Replacement

This example output from the show running-config command shows that enable secret password is configured. As a result, password replacement can be performed as shown in this example:

Router#show running-config
Building configuration...
Current configuration : 835 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash c800-nsy6-mw.122-10b.bin
enable secret 5 $1$O80N$NjrO/6P5jpi0PZYzAj/vX0


!--- Password replacement is performed because !--- the password is encrypted. !--- Output omitted.


Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret letmein
Router(config)#
00:03:39: %SYS-5-CONFIG_I: Configured from console by console

Once the password recovery or replacement is done, the remaining steps are the same, as shown in this example:

Router#show ip interface brief 
Interface   IP-Address      OK?    Method   Status                 Protocol
BRI0        unassigned      YES    TFTP     administratively down  down
BRI0:1      unassigned      YES    unset    administratively down  down
BRI0:2      unassigned      YES    unset    administratively down  down
Ethernet0   10.200.40.65    YES    TFTP     administratively down  down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#no shutdown
Router(config-if)#
00:30:02: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:30:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up
Router(config)#config-reg 0x2102
Router(config)#^Z
Router#
00:04:36: %SYS-5-CONFIG_I: Configured from console by console
Router#write memory

After you issue the config-reg 0x2102 command, the new configuration register value is not immediately applied. The new value is applied only after the router is reloaded. This output from the show version command shows the current value (0x142) and the value that is applied after the next reload (0x2102).

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

ROM: TinyROM version 1.0(3)
leased uptime is 7 minutes
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"

Cisco C803  (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)

Configuration register is 0x142
 
!--- This value becomes 0x2102 at next reload.

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000

ROM: TinyROM version 1.0(3)
leased uptime is 0 minutes
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"

Cisco C803  (MPC850) processor (revision 1) with 52940K bytes of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)

Configuration register is 0x2102