How to recover the Cisco Router’s Password

Some time ago I wrote about all the different types of password you can set on a Cisco Router to tighten up its security. Read here in case you missed it.

Chances are rare that you have for whatever reason forgotten the router password (console or privilege) and want to reset it. Note that here we’re focusing on resetting the router password keeping the rest of its configuration intact. You can reset the router to factory default and enter a new password. But that will erase the configuration as well. Our aim is to only reset the password without touching the configuration of the router.

Here’s the idea: When the router boots up, bypass its startup-configuration which has the old password in it and enter into the rommon (ROM monitor) mode; load the startup-config into the running-config and enter the new password. Revert back the router to boot and load the startup-config which now has the new reset password.

Get the console connectivity of the router using a terminal emulator such as PuTTY or Teraterm. To enter into rommon, you have to hit break or ctl+break while the router is booting. Once there issue the command

confreg 0x2142

By default router configuration register’s value is 0x2102 which will load the configuration file from NVRAM where startup-configuration is stored. 0x2142 will keep the router from loading configuration from NVRAM.
Next issue reset command which will reboot the router and gives you the rommon prompt but doesn’t load the startup-config file.


Now you can copy the startup-config to running-config and reset the passwords.

copy startup-config running-config
conf t
enable password new_P@ssw0rd
line con 0
password secret new_seCr4t
do wr

After resetting the password, you have to change the confreg value to 0x2102 for the router boot and load the starup-config that has the reset passwords.

conf t
config-reg 0x2102

Note: The interfaces go to shutdown state due to the default shutdown command on reset. Make sure you bring up the interfaces by issuing no shut command on each of the relevant interfaces.

About Deepak Devanand

Seeker of knowledge
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s