How to recover from lost passwords on a Cisco router or switch

Change the configuration register value to 0x2142 on the router or switch to prevent it from loading the configuration file stored in NVRAM upon boot, and instead boot it into setup mode.

  • First boot the router into ROM monitor mode by entering Ctrl+Break upon boot. 
System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2010 by cisco Systems, Inc.
Total memory size = 512 MB - On-board = 512 MB, DIMM0 = 0 MB
CISCO2911/K9 platform with 524288 Kbytes of main memory
Main memory is configured to 72/-1(On-board/DIMM0) bit mode with ECC disabled
Readonly ROMMON initialized
program load complete, entry point: 0x80803000, size: 0x1b340
program load complete, entry point: 0x80803000, size: 0x1b340
IOS Image Load Test
___________________
Digitally Signed Release Software
 program load complete, entry point: 0x81000000, size: 0x3bcd3d8
 Self decompressing the image :
 ###########                                                             (press Ctrl+Break here)
 monitor: command "boot" aborted due to user interrupt
  • Change the configuration register value at the ROM Monitor mode and then reset it.

rommon 1 > confreg 0x2142 rommon 2 > reset

System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2010 by cisco Systems, Inc.
Total memory size = 512 MB - On-board = 512 MB, DIMM0 = 0 MB
CISCO2911/K9 platform with 524288 Kbytes of main memory
Main memory is configured to 72/-1(On-board/DIMM0) bit mode with ECC disabled
[output cut]
  • Type no at setup mode.
--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: no

Press RETURN to get started!

  • Copy the startup-config to the running-config by using copy start run.

Router>en Router#copy start run

Destination filename [running-config]? 793 bytes copied in 0.416 secs (1906 bytes/sec) CoreRouter#

  • At this point there has been no password prompt. Replace any passwords on the lines or the privileged mode.

CoreRouter#conf t CoreRouter(config)#enable secret iForgotMyPassword

  • Revert back to the default configuration register of 0x2102.

CoreRouter(config)#config-register 0x2102 CoreRouter(config)#exit CoreRouter#

  • Write the running configuration file to NVRAM.

CoreRouter#wr Building configuration… [OK]

  • Reboot the box by using the reload command.

CoreRouter#reload

Leave a comment