How to: Cisco 2600 Router's Password Recovery

As you might already know, the configuration register value is the key player in password recovery. This is due to the fact that the configuration register value controls the boot sequence. The part that matters in the configuration register here is the sixth bit. When this bit is off, the router look into the NVRAM for the configuration. If the bit is on, the router neglects the contents of NVRAM and acts as if there is no (startup-config). So, to get things going when you have forgotten the password, or a previous administrator does not give you the password due to lack of documentation, you can bypass this problem.

Go through the following steps carefully:

1. Interrupt the router booting operation. This is done by pressing (Ctrl+Break) key simultaneously as soon as you turn on the router. This step will get you to the ROM monitor mode (rommon).

You will have the following:

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Copyright (c) 1999 by cisco Systems, Inc.

TAC:Home:SW:IOS:Specials for info

PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0

C2600 platform with 32768 Kbytes of main memory

PC = 0xfff0a530, Vector = 0x500, SP = 0x80004374 monitor:

command "boot" aborted due to user interrupt

rommon 1 >

The (rommon 1 >) prompt is for the ROM monitor mode.

2. Now you should change the value of the configuration register in order to make the router neglect the contents of the NVRAM in the next boot up. This is achieved using the following command:

rommon 1 > confreg 0x2142

This command will change the sixth bit (originally the configuration register is 0x2102) to one. By doing so, the router will act as new in the next boot.

3. Perform a restart to the router using the following command:

rommon 1 > reset

4. The router now will restart and ask you if you want to use the setup mode and of course you will say no. Now, in order not to loose the configuration that you already have in the router, you should go to the USER privileged mode and perform:

Router#copy start run

This will get you back your old configuration but with one exception, you already are in the privileged mode without having to know the password..!!!!

Now you put a new password or passwords if you may:

Router(config)#enable secret blabla

And you can also put new console and telnet passwords if you like.

5. To get things going back to normal, change the value of the configuration register to its original form (0x2102) using the following global configuration command:

Router(config)#config-register 0x2102

6. Now you should save the configuration including the new passwords that you know:

Router#copy run start

7. Now reload and you are good to go:

Router#reload

What we have done in these steps is that we by passed the original configuration that has the unknown password, and then we got to the privileged mode without the need to know the password. And then we loaded the old configuration so we don?t loose it and imposed a new password and saved things back to the NVRAM. And then we got back to the original boot sequence. A piece of cake, isn?t it??