Note:This Document Describes The Procedure For Recovering An Enable Password Or Enable Secret Passwords. These Passwords Are Used To Protect Access To Privileged EXEC And Configuration Modes. The Enable Password Password Can Be Recovered But The Enable Secret Password Is Encrypted And Can Only Be Replaced With A New Password Using The Procedure Below.
DB9 / CONSOLE / RJ45 / AUX / "MODE" BUTTON:
The Auxiliary (AUX) Port Is Not Active During The Boot Sequence Of A Router. Therefore, It Is No Use If You Send A Break Through The AUX Port. You Need To Have Connection To The Console Port, And Have These Settings: Break Key Sequence Simulation Is Useful If Your Terminal Emulator Does Not Support The Break Key, Or If A Bug Does Not Allow Your Terminal Emulator To Send The Correct Signal.
STEP-BY-STEP PASSWORD RECOVERY PROCEDURE
Step1 :Attach A Terminal Or PC With Terminal Emulation To The Console Port Of The Router (Attach A Terminal Or PC With Terminal Emulation To The Console Port Of The Router). Use The Following Terminal Settings:
9600 Baud Rate
No Parity
8 Data Bits
1 Stop Bit
No Flow Control
The Required Console Cable Specifications Are Described In The Cabling Guide For RJ-45 Console And AUX Ports (Cisco's 1000 Series, 2500 Series, And AS5100).
If You Can Access The Router, Type “Show Version” At The Prompt, And Record The Configuration Register Setting.
Step2 :Using The Power Switch, Turn The Router Off And Then Turn It Back On.
Use The Power Switch In Order To Turn Off The Router, And Then Turn The Router Back On.
Step3: Press Break (Press Ctrl - Break) On The Terminal Keyboard Within 60 Seconds Of The Power-Up To Put The Router Into ROMMON.
If The Break Sequence Doesn't Work, See Possible Key Combinations For Break Sequence During Password Recovery For Other Key Combinations.
Step4: Type O At The > Prompt And Record The Current Value Of The Configuration Register (Usually 0x2102, Or 0x102):
The Configuration Register Is Usually Set To 0x2102 Or 0x102. If You Can No Longer Access The Router (Because Of A Lost Login), You Can Safely Assume That Your Configuration Register Is Set To 0x2102.
Step5: >o
Step5: Configuration Register = 0x2102 At Last Boot
Step6: Type Confreg 0x2142 At The Rommon 1> Prompt In Order To Boot From Flash.
This Step Bypasses The Startup Configuration Where The Passwords Are Stored.
Step7: Type Reset At The Rommon 2> Prompt.
The Router Reboots, But Ignores The Saved Configuration.
Step8: Type No After Each Setup Question, Or Press Ctrl-C In Order To Skip The Initial Setup Procedure.
Step9: Type Enable At The Router> Prompt.
You Are In Enable Or Privileged Exec Mode And Should See The Router# Prompt.
Step10: Type “Copy Startup-Config Running-Config” In Order To Copy The Nonvolatile RAM (NVRAM) Into Memory.
Important: Do Not Type “Copy Running-Config Startup-Config Or Write”. These Commands Erase Your Startup Configuration.
Step12: Type “Show Running-Config”.
The “Show Running-Config” Command Shows The Configuration Of The Router. In This Configuration, The Shutdown Command Appears Under All Interfaces, Which Indicates All Interfaces Are Currently Shut Down. In Addition, The Passwords (Enable Password, Enable Secret, Vty, Console Passwords) Are In Either An Encrypted Or Unencrypted Format. You Can Reuse Unencrypted Passwords. You Must Change Encrypted Passwords To A New Password.
Step13: Type Configure Terminal.
The Hostname(Config)# Prompt Appears.
Step14: Type Enable Secret
Hostname(Config)#Enable Secret Cisco
Step15: Issue The No Shutdown Command On Every Interface That You Use.
If You Issue A “ Show IP Interface Brief” Command, Every Interface That You Want To Use Should Display Up Up.
Step16: Type Config-Register
For Example: Hostname(Config)#Config-Register 0x2102
Step17: Press Ctrl-Z Or End In Order To Leave The Configuration Mode.
The Hostname# Prompt Appears
Step18: Type Copy Running-Config Startup-Config In Order To Commit The Changes.
You Should Now Be Able To Reload The Router And Log In As Normal.
Step19: Verify That The Configuration Register Is Indeed Set Back To 0x2102 By Typing “ Show Version”
EXAMPLE OF PASSWORD RECOVERY ON A CISCO 2500 ROUTER
Router>enable Password: Password: Password: % Bad secrets Router>show version Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 0x80008088, data-base: 0x80C524F8 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by abort at PC 0x802D0B60 System image file is "flash:c2600-is-mz.120-7.T" cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) Configuration register is 0x2102 Router>
!--- The router was just powercycled and during bootup a
!--- break sequence was sent to the router.
!
*** System received an abort due to Break Key ***
signal= 0x3, code= 0x500, context= 0x813ac158
PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 32768 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x6fdb4c
Self decompressing the image : ###############################
##############################################################
##############################################################
##############################################################
############################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0x80008088, data-base: 0x80C524F8
cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to down
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, changed state to down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret cisco
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.200.40.37 YES TFTP administratively down down
Serial0/0 unassigned YES TFTP administratively down down
BRI0/0 193.251.121.157 YES unset administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES TFTP administratively down down
Serial0/1 unassigned YES TFTP administratively down down
Loopback0 193.251.121.157 YES TFTP up up
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Ethernet0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
Router(config-if)#interface BRI0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 68 changed to up
Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
--- output truncated ---
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)
Configuration register is 0x2142
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0x2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
--- output truncated ---
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)
Configuration register is 0x2142 (will be 0x2102 at next reload)
Router#
STANDARD BREAK KEY COMBINATIONS:
| Software | Platform | Operating System | Try This |
|---|---|---|---|
| Hyperterminal | IBM Compatible | Windows XP | Ctrl-Break |
| Hyperterminal | IBM Compatible | Windows 2000 | Ctrl-Break |
| Hyperterminal | IBM Compatible | Windows 98 | Ctrl-Break |
| Hyperterminal (version 595160) | IBM Compatible | Windows 95 | Ctrl-F6-Break |
| Kermit | Sun Workstation | UNIX | Ctrl-\l |
| Ctrl-\b | |||
| MicroPhone Pro | IBM Compatible | Windows | Ctrl-Break |
| Minicom | IBM Compatible | Linux | Ctrl-a f |
| ProComm Plus | IBM Compatible | DOS or Windows | Alt-b |
| SecureCRT | IBM Compatible | Windows | Ctrl-Break |
| Telix | IBM Compatible | DOS | Ctrl-End |
| Telnet | N/A | N/A | Ctrl-], then type send brk |
| Telnet to Cisco | IBM Compatible | N/A | Ctrl-] |
| Teraterm | IBM Compatible | Windows | Alt-b |
| Terminal | IBM Compatible | Windows | Break |
| Ctrl-Break | |||
| Tip | Sun Workstation | UNIX | Ctrl-], then Break or Ctrl-c |
| ~# | |||
| VT 100 Emulation | Data General | N/A | F16 |
| Windows NT | IBM Compatible | Windows | Break-F5 |
| Shift-F5 | |||
| Shift-6 Shift-4 Shift-b (^$B) | |||
| Z-TERMINAL | Mac | Apple | Command-b |
| N/A | Break-Out Box | N/A | Connect pin 2 (X-mit) to +V for half a second |
| Cisco to aux port | N/A | Control-Shft-6, then b | |
| IBM Compatible | N/A | Ctrl-Break |
Note: Hyperterminal:
Hyperterminal Windows 7, 8, Xp, And Vista Terminal Emulation Software Is Now Available.
Hyperterminal Private Edition Is Our Award Winning Terminal Emulator Capable Of Connecting To Systems Through Tcp/Ip Networks, Dial-Up Modems, And Com Ports. If You Need Hyperterminal For Windows 7, 8, Or Vista Hyperterminal Private Edition V7.0 Is The Program For You. Some Uses Of Hyperterminal Private Edition:
Use A TCP/IP Network To Connect To Systems On The Internet Or Your Network Using Telnet Or Secure Shell (SSH)
Use A Dial-Up Modem To Dial Into Modem Based Systems
Talk Directly To Many Different Types Of Devices Using Serial Com Ports.
◙ - ➤ Also For More About - > Replacing / Recovering Password On A Cisco Router:
SUMMARY OF RECOVERY PROCEDURES ON A CISCO ROUTER
TACACS+: Enhanced and continually improved version of TACACS that allows a TACACS+ server to provide the services of AAA independently.
XTACACS: Defines the extensions that Cisco added to the TACACS protocol to support new and advanced features.
Note: The Configuration Register Is Usually Set To 0x2102 Or 0x102. If You Can No Longer Access The Router (Because Of A Lost Login Or Tacacs Password), You Can Safely Assume That Your Configuration Register Is Set To 0x2102.
FOLLOW THESE STEPS TO RECOVER A PASSWORD: If Your Password Is Encrypted, You Cannot Recover It. You Must Configure A New Password.
Step 1 Beginning In The Privileged Executive Mode, Enter The Show Version Command And The Configuration Register Value. The Default Value Is 0x2102.
Step 2 Power Cycle The Switch Router.
Step 3 Within 60 Seconds Of Turning The Switch Router On, Press The Break Key Sequence Or Send A Break Signal, Which Is Usually ^]. If You Do Not See The > Prompt With No Switch Router Name, The Terminal Is Not Sending The Correct Break Signal. In That Case, Check The Terminal Or Terminal Emulation Setup.
Step 4 Enter The Confreg Command At The > Prompt.
Step 5 Answer Yes To The Do You Wish To Change Configuration [Y/N]? Prompt.
Step 6 Answer No To All The Questions That Appear Until You Reach The Ignore System Config Info [Y/N] Prompt. Answer Yes.
Step 7 Answer No To The Remaining Questions Until You Reach The Change Boot Characteristics [Y/N]? Prompt. Answer Yes.
Step 8 At The Enter To Boot: Prompt, Enter 2.
Step 9 Answer No To The Do You Wish To Change Configuration [Y/N]? Prompt.
Step 10 Enter The Reset Command At The Rommon> Prompt.
Step 11 Enter The Enable Command At The Switch> Prompt. You'll Be In Enable Mode And See The Switch# Prompt.
Step 12 Enter The Show Startup-Config Command To View Your Password.
Step 13 If Your Password Is Clear Text, Proceed To Step 16.
Or
If Your Password Is Encrypted, Continue With Step 14.
Step 14 If Your Password Is Encrypted, Enter The Configure Memory Command To Copy The NVRAM Into Memory.
Step 15 Enter The Copy Running-Config Startup-Config Command.
Step 16 Enter The Configure Terminal Command.
Step 17 Enter The Enable Secret Password Command.
Step 18 Enter The Config-Register Value Command, Where Value Is Whatever Value You Entered In Step 1.
Step 19 Enter The Exit Command To Exit Configuration Mode.
Step 20 Enter The Copy Running-Config Startup-Config Command.
Step 21 Enter The Reload Command At The Prompt.
CONCLUSION:
The Goal Of This Article Is To Give An Easy Way To Understand The “Password Recovery Procedures On Cisco Router" And Also We Hope This Guide Will Help Every Beginner Who Are Going To Start Cisco Lab Practice Without Any Doubts. Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here!Hands - On Experience Is An Invaluable Part Of Preparing For The Lab Exam And Never Pass Up An Opportunity To Configure Or Troubleshoot A Router ( If You Have Access To Lab Facilities, Take Full Advantage Of Them) There Is No Replacement For The Experience You Can Gain From Working In A Lab, Where You Can Configure Whatever You Want To Configure And Introduce Whatever Problems You Want To Introduce, Without Risk Of Disrupting A Production Network. Thank You And Best Of Luck
This Article Written Author By: Premakumar Thevathasan - CCNA, CCNP, MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+ And Etc.
WARNING AND DISCLAIMER:
Routers Direct And Control Much Of The Data Flowing Across Computer Networks. This Guide Provides Technical Guidance Intended To Help All Network Students, Network Administrators And Security Officers Improve Of Their Demonstrated Ability To Achieve Specific objectives Within Set Timeframes.This Document Carries No Explicit Or Implied Warranty. Nor Is There Any Guarantee That The Information Contained In This Document Is Accurate. Every Effort Has Been Made To Make All Articles As Complete And As Accurate As Possible, But No Warranty Or Fitness Is Implied.
It Is Offered In The Hopes Of Helping Others, But You Use It At Your Own Risk. The Author Will Not Be Liable For Any Special, Incidental, Consequential Or Indirect Any Damages Due To Loss Of Data Or Any Other Reason That Occur As A Result Of Using This Document. But No Warranty Or Fitness Is Implied. The Information Provided Is On An "As Is" Basic. All Use Is Completely At Your Own Risk.
Home Page Of - > The School Of Cisco Networking (SCN)
Page Of - > SCN InF4 TECH
Contact Details / About Us Page
To Send Email
Window Minimize /
Window Maximize
No comments:
Post a Comment