Some time ago I wrote about all the different types of password you can set on a Cisco Router to tighten up its security. Read here in case you missed it.
Chances are rare that you have for whatever reason forgotten the router password (console or privilege) and want to reset it. Note that here we’re focusing on resetting the router password keeping the rest of its configuration intact. You can reset the router to factory default and enter a new password. But that will erase the configuration as well. Our aim is to only reset the password without touching the configuration of the router.
Here’s the idea: When the router boots up, bypass its startup-configuration which has the old password in it and enter into the rommon (ROM monitor) mode; load the startup-config into the running-config and enter the new password. Revert back the router to boot and load the startup-config which now has the new reset password.
Get the console connectivity of the router using a terminal emulator such as PuTTY or Teraterm. To enter into rommon, you have to hit break or ctl+break while the router is booting. Once there issue the command
By default router configuration register’s value is 0x2102 which will load the configuration file from NVRAM where startup-configuration is stored. 0x2142 will keep the router from loading configuration from NVRAM.
Next issue reset command which will reboot the router and gives you the rommon prompt but doesn’t load the startup-config file.
Now you can copy the startup-config to running-config and reset the passwords.
copy startup-config running-config conf t enable password new_P@ssw0rd line con 0 password secret new_seCr4t do wr
After resetting the password, you have to change the confreg value to 0x2102 for the router boot and load the starup-config that has the reset passwords.
conf t config-reg 0x2102 restart
Note: The interfaces go to shutdown state due to the default shutdown command on reset. Make sure you bring up the interfaces by issuing no shut command on each of the relevant interfaces.