Cisco Network Security

How to reset Cisco router password

Reset Cisco Router Password
Reset Cisco Router Password

There are multiple scenarios where you will be required to reset Cisco router password without knowing it. For example if your network administrator left the job without telling you the critical credentials that are required for network administration or you actually forgot the password for your Cisco router. In this article we are going to explore, how you can reset Cisco router password in such scenarios.

Configuration Register

Your Cisco router uses configuration register in order for users to modify router’s behavior. The configuration register is a 16-bit number, represented in hexadecimal, which administers everything from the way in which a Cisco router boots up to how will it process the contents of the startup configuration file. Two registers that we are going to deal with most are 0x2102 and 0x2142.

0x2102: Normal router operation. When the router starts up, it loads the startup configuration into the RAM and becomes the running-config. If there’s a power failure and router reboots, it still grabs the startup-config file from NVRAM and load it into the regular ram and everything will keep working just the way it was.

0x2142: Blank router operation. Router skips the startup-config and loads nothing into RAM giving up an empty config to start with. If there’s a power failure and router reboot it will still not load the startup-config file from NVRAM to regular RAM and everything will be initialized to factory settings.

0x2102 Boot Sequence

Normally your router is set on 0x2102. Here’s what boot sequence looks like when router is on 0x2102.

Router starts up, IOS loads up from the flash card. IOS then points to the NVRAM from where it grabs the startup-config. It makes the copy of the config-file and places the copy into the RAM and then it becomes the running-config.

0x2142 Boot Sequence

In 0x2102, iOS loads and it skips the startup-config file in NVRAM and goes right to the running and gives you blank config file to start with.

It doesn’t wipe the startup-configuration. It just leapfrogs over the configuration file and gives you a blank one to start with.

Also, Learn how to reset Linux Password

Reset Cisco Router password.

Password is stored in the startup-config file. So that’s what gets loaded and password authentication is performed every time router powers up. So we have to start the router. Stop it before it loads the startup-config, change the config-resister to 0x2142 and let it skip the startup file and get a blank running-config file. Once we are in running-config, we go into enable mode so we can pass the password authentication. After that we load the startup-config and change the password and save those changes in startup-config file in NVRAM.

As you can see above when we try to go to enable mode it asks for password. So first we are gonna power cycle the router and hit CTRL+Break at the same time.

Normally it says rommon 1> or rommon 2> as shown in the picture below.

Now first command you are going to type in is confreg. Confreg is short for configure register. You will be prompted with some yes and no questions and answer them as follows.

You will type in N for no to every question except one that says “ignore system config info”. For yes you will type in Y. Now as you can see in an image above when we first started the router, configuration register was at 0x2102 but now its atĀ 0x2142.

When question prompts are finished, there’s still a last question remaining “do you wish to change the configuration?”. Here everybody’s first instinct is to hit yes which will repeat the prompts again. So here you will not hit yes because you already changed the config register so hit no. At this point you need to power cycle the router or just type in reset and router will reload.

Now as you can see above, router is rebooted and it’s asking for initial configuration dialog. How you can tell that everything worked is you get this question “Would you like to enter the initial configuration dialog”. You only get this question when there’s no configuration running. So it’s either brand-new router or you skipped the startup configuration because register is set to 0x2142. Type in no for initial configuration dialog.

Now you are in the router and type enable command to get to the privilege mode. You will be asked no password as shown above. At this point you would like to restore all your previous configuration so everything works normally. Run the following command to load the startup-config file into the RAM.

#copy startup-config running-config

Now we have to do someĀ maintenance. First we have to change the password and then set the configuration register back to 0x2102.

Password is set in global configuration mode. Go to global configuration mode by applying following command.

#config terminal

After you get into the global configuration mode use the following command to change the password

#enable secret cisco

Now your new password is set to cisco. You can also use the alternate command.

#enable password cisco

Both command will set the password to cisco.

Another thing that we need to do is to change the configuration register to 0x2102 so that startup configuration is loaded when router is rebooted. Type in the following command.

#config-register 0x2102

Now exit the global configuration mode by using command exit and save the changes to startup-file using following command.

#copy running-config startup-config.

That’s all you need to do to reset Cisco router password.

About the author

Ajay Verma

A Computer Science Graduate, who works extensively on open source projects. His Areas Of interest are: Network Security, Linux Administration, FOSS, Python, and C programming.

Add Comment

Click here to post a comment