Whether you’re preparing for the CCNA certification exam or not, you must be prepared for the following question:
“Hey, I reloaded this router and it wants an enable password. Do you know it?”
Because if you don’t, and there’s no one available who does, you need to perform a password recovery technique on the router – without erasing the current configuration. This involves manipulating the config register, and a misstep here can be fatal to the router’s chances of recovery!
Obviously, that can make you pretty nervous about changing the config register, CCNA or not. Different Cisco routers and switches have different techniques for password recovery, so the following discussion is limited to the 2500 series. If you need to do this for another model, do a quick search engine check for “password recovery cisco” and you should quickly find a document for the Cisco router you’re working with.
For the 2500 series, you start by reloading the router and sending a BREAK signal during the first 60 seconds of the reload. Depending on the terminal program you’re using, this can be the hardest part of the entire process! For most, just press CTRL-BREAK during this one-minute period. If this doesn’t work, you may need to check Help in your terminal program to find out how to send this break signal.
As a result of the break sequence, the router will go into ROM Monitor mode. The commands here are totally different than the ones you’re used to working with in the router’s IOS. Use the command o/r 0x2142 to change the config register setting, and reload the router by entering the letter “i”.
This config register setting doesn’t erase anything, but it does make the router ignore the contents of NVRAM. This means that you’ll be prompted to go into the dreaded Setup Mode, which you do NOT want to do. Simply press “N” and type “enable” when you’re at the router prompt. (If you do go into Setup Mode, you can always get out with CTRL-C, a handy command to know for the CCNA exam and for real life, as you can see!)
Be very careful with the next step. You want to enter the command “configure memory” or “copy start run” at this point – don’t enter “write memory” or “copy run start”. Success on the CCNA exam and in working with real-world networks is all about the details, and this is a very important detail.
At this point, you can look at the running configuration and see the passwords, and change them if you wish. However, we’re not done. The config register needs to be set back to its default of 0x2102, and you do so with the global command “config-register 0x2102”. Now you want to save your config with “write memory” or “copy run start”, and reload the router. The router will now boot as it normally would.
Knowing how to recover from a lost password is a vital skill for both the Cisco CCNA certification exam and for success in real-world networks. It’s not something we have to do every day, but when the time calls for it, we have to do it correctly and completely – and that includes that final config-register change!