The Bit-Bucket > Resources > Techtorials > Router Password Reset

Router Password Reset

The Problem:

 

We’ve all been there – a ticket comes your way where someone asks you to change a config of a device router that no one has touched for ages. You ask around the NOC for the password and you’re met with a variety responses like:

“Its not documented in the password sheet”

“The one in the password sheet is old and out of date”

“Oh Dave used to know it but he’s now left”

Well there is good and bad news.

I’ll start with the good news:

If you have access to the console and the power control of the device you can reset it.

The bad news:

If the change wasn’t going to involve any downtime before, its going to now!

 

The Solution:

This solution works for nearly every model of Cisco router except the 800 series. Please take a look at the Switch Password Reset page to reset Cisco switch passwords

  1. First off connect to the console of the router needing the password reset. This could be through a variety of methods and I’m sure you’ll know the best way for your environment. This could be either:
    • Remote Access Terminal Server
    • Local console connection with a laptop

    If connecting locally the following settings are the default terminal settings:

    • Baud rate: 9600
    • Data Bits: 8
    • Parity: None
    • Stop Bits: 1
    • Flow Control: None
  2. Power off the router, then power it back on – while connected to the console
  3. While the router is going through the POST process, press the BREAK key (normally within about 60 seconds of powering back on the router).
    1. This will interrupt the normal boot process
    2. This will bring the router into ROMmon mode and you should see the following prompt:

    rommon 1>

  4. Type confreg 0x2142 at the prompt
    1. This will bypass the startup configuration (and all the passwords)
  5. Type reset at the rommon 2> prompt
    1. This resets the router and boots it up without a configuration file
  6. Enter No at each setup question prompt to bypass the setup proceedure
  7. Type enable to get to Privileged Exec mode
  8. Type copy startup-config running-config
    1. This will place the saved configuration into memory
    2. DO NOT TYPE COPY RUNNING-CONFIG STARTUP-CONFIG AS THIS WILL OVERWRITE THE SAVED CONFIGURATION WITH A BLANK CONFIG!
  9. Type show run to display the configuration.
    1. The passwords will now show up if there is no password encryption
  10. If there is password encryption and the passwords do not display correctly you will need to reset them.
  11. Type conf t to enter Global Configuration mode
  12. Type enable secret <password> to set a new enable password at the (config)# prompt
  13. Type username <username> priv 15 secret (config)# prompt if using a local user database for access.
  14. All interfaces will also be shutdown, so on each interface issue the no shutdown command
  15. Type config-register 0x2102 at the (config)# prompt to set the configuration register back to the original setting so when the router reloads it doesn’t bypass the startup config again.
  16. Type wr or copy running-config startup-config to save the running configuration to memory.

Print Friendly, PDF & Email