Académique Documents
Professionnel Documents
Culture Documents
Note You can recover a lost enable password, but not a password that you configured with the enable
secretcommand (enable secret password). This password is encrypted and must be replaced with a new
enable secret password. See the "Hot Tips" section on Cisco Connection Online (CCO) for information on
replacing enable secret passwords.
Follow these steps to recover a lost enable password:
Step 1 Connect an ASCII terminal or a PC running a terminal emulation program to the Console
port. For more information, see the Cisco 805 Router Hardware Installation Guide.
Step 2 Configure the terminal at 9600 baud, 8 data bits, no parity, and 1 stop bit.
Step 3 Reboot the router.
Step 4 From user EXEC mode, display the existing configuration register value:
Router> show version
Step 5 Record the setting of the configuration register. The setting is usually 0x2102 or 0x102.
Step 6 Record the break setting.
Note To enable break, enter the config-register 0x01 global configuration command.
Step 7 Do one of the following:
If break is disabled, turn the router to STANDBY, wait 5 seconds, and turn it to ON
again. Before the terminal displays Boot......, press Escape or Control-C. The
terminal displays the ROM monitor prompt (boot #). Go to Step 9.
Note Some terminal keyboards have a key labeled Break. If your keyboard does not have a Break key, refer to
the documentation that came with the terminal for instructions on how to send a break.
Step 8 Send a break. The terminal displays the following prompt:
boot#
The router cycles its power, and the configuration register is set to 0x142. The router
uses the boot ROM system image, indicated by the system configuration dialog:
--- System Configuration Dialog ---
Step 11 Enter no in response to the prompts until the following message is displayed:
Press RETURN to get started!
Specify the value that you recorded in Step 5 (usually 0x2102 or 0x102).
Step 17 Press Ctrl-Z to exit configuration mode.
Note To return to the configuration being used before recovering the lost enable password, do not save the
configuration changes before rebooting the router.
Step 18 Reboot the router, and enter the recovered password.
PDF
Downloads
Password
Recovery
Procedure
for the
Cisco 801,
802, 803,
804, 805,
811, and
813 Series
Routers
Share on printShare on
emailShare on favoritesShare
on googleShare on
twitterShare on facebook
Related Documents
Password Recovery Procedure for the Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers [Cisco 800 Series
Routers]
Password Recovery Procedure for the Cisco 806, 826, 827, 828, 831, 836, and 837 Series Routers [Cisco 800 Series
Routers]
ROMmon Recovery for the Cisco 800 Series Router
Cisco 800 Series Routers Password Recovery
Cisco IOS Software Release 12.3T New Features and Hardware [Cisco 800 Series Routers].
More...
Related Products/Technology
Related Discussion
Contents
Introduction
Prerequisites
Requirements
Components Used
Related Products
Conventions
Step-by-Step Procedure
Sample Output Example
Example of Enable Password Recovery
Example of Password Replacement
Cisco Support Community - Featured Conversations
Related Information
Introduction
This document describes how to recover the enable password and the enable secret passwords. These
passwords protect access to privileged EXEC and configuration modes. The enable password password
can be recovered, but theenable secret password is encrypted and must be replaced with a new
password. Use the procedure described in this document in order to replace the enable secret password.
Refer to Password Recovery Procedure for the Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers in
order to recover a password on Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers.
Note: You may encounter boot problems with some Cisco 800 Series Routers. Cisco 801, 802, 803, 804,
805, 811, and 813 routers boot into TinyROM at power-up or after they save any configuration from the
console port with Cisco IOS Software Release 12.1(3) and later. Refer to Field Notice: Cisco 801-805 and
Cisco 811 and 813 Boots into TinyROM for details about the affected unit serial number and the procedure
required in order to solve the boot problem.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make
sure that you understand the potential impact of any command.
Related Products
Refer to Password Recovery Procedures for information on how to recover passwords for related products.
Conventions
Refer to Cisco Technical Tips Conventions for information on document conventions.
Step-by-Step Procedure
Follow these steps in order to recover your password:
1.
Attach a terminal or PC with terminal emulation to the console port of the router.
Use these terminal settings:
o
o
o
o
o
The required console cable specifications are described in Cabling Guide for Console and AUX
Ports.
2.
3.
Use the power switch in order to turn off the router, and then turn the router back on.
Press Break on the terminal keyboard within 60 seconds of power up in order to put the router
into ROMMON.
If the break sequence does not work, refer to Standard Break Key Sequence Combinations During
Password Recovery for other key combinations.
4.
Type set at the boot# prompt, and record the current value of the configuration register.
5. boot#set
6. set baud
=9600
7. set data-bits
=8
8. set parity
=none
9. set stop-bits
=1
10. set console-flags =0
11. set mac-address
=0050.7307.C329
12. set unit-ip
=10.200.40.65
13. set serv-ip
=255.255.255.255
14. set netmask
=255.255.252.0
15. set gate-ip
=10.200.40.1
16. set pkt-timeout
=8
17. set tftp-timeout
=16
18. set boot-action
=flash
19. set file-name
="c800-nsy6-mw.122-10b.bin"
20. set watchdog
=off
21. set prompt
="boot"
22. set ios-conf
=0x2102
23. !--- The ios-conf variable sets the value for the
24. !--- configuration register. Record this value.
25.
26. Type set ios-conf = 142 at the boot# prompt.
Note: The best setting is 142 if the Flash is intact. If the Flash is not installed or is erased, use
141. With this setting, you can view or erase the configuration, but you cannot change the
password.
27. Type boot at the boot# prompt in order to initialize the router.
The router reboots, but ignores the saved configuration.
28. Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
29. Type enable at the Router> prompt.
Once the Router# prompt appears, you are in enable mode.
30. Type configure memory or copy startup-config running-config in order to copy the nonvolatile
RAM (NVRAM) into memory.
Important: Do not type copy running-config startup-config or write. These commands erase
your startup configuration.
31. Type show running-config.
The show running-config command shows the configuration of the router. In this configuration,
the shutdown command appears under all interfaces, which indicates all interfaces are currently
shut down. In addition, the passwords (enable password, enable secret, vty, console passwords)
are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You
must change encrypted passwords to a new password.
32. Type configure terminal.
The hostname(config)# prompt appears.
33. Type enable secret <password> in order to change the enable secret password. For example:
Router>show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b),
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000
boot# boot
Booting "c800-nsy6-mw.122-10b.bin"...,
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-Y6-MW), Version
12.2(10b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000
Cisco C803 (MPC850) processor (revision 1) with 52940K bytes
of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
8K bytes of non-volatile configuration memory
12M bytes of flash on board (8M from flash card)
--- System Configuration Dialog --Would you like to enter the initial configuration dialog?
[yes/no]: no
Press RETURN to get started! (press Enter)
00:26:02: %SYS-5-RESTART: System restarted -Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b),
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
on
on
on
on
on
in
set
set
set
set
set
Note: After you copy the configuration file from NVRAM to RAM, you can perform one of these
procedures:
Password recoveryPerform this procedure if the enable password (which is in plain text format)
is configured.
Password replacementPerform this procedure if the enable-secret password (which is in
encrypted format) is configured based on how the password is last configured.
Note: In order to check the format in which the password is configured in the router, use the show
running-config command, and look for enable password orenable secret password in the
configuration. For more information, see Example of Enable Password Recovery and Example of Password
Replacement.
Router#show running-config
Building configuration...
Current configuration : 820 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash c800-nsy6-mw.122-10b.bin
enable password cisco
!--- Here the password is plain text. You can either maintain
!--- the same password or replace it with a new password.
!--- Output omitted.
Example of Password Replacement
This example output from the show running-config command shows that enable secret password is
configured. As a result, password replacement can be performed as shown in this example:
Router#show running-config
Building configuration...
Current configuration : 835 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash c800-nsy6-mw.122-10b.bin
enable secret 5 $1$O80N$NjrO/6P5jpi0PZYzAj/vX0
!--- Password replacement is performed because
!--- the password is encrypted.
!--- Output omitted.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret letmein
Router(config)#
00:03:39: %SYS-5-CONFIG_I: Configured from console by console
Once the password recovery or replacement is done, the remaining steps are the same, as shown in this
example:
Interface
IP-Address
OK?
Method
Status
Protocol
BRI0
unassigned
YES
TFTP
administratively
down down
BRI0:1
unassigned
YES
unset
administratively
down down
BRI0:2
unassigned
YES
unset
administratively
down down
Ethernet0
10.200.40.65
YES
TFTP
administratively
down down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface ethernet 0
Router(config-if)#no shutdown
Router(config-if)#
00:30:02: %LINK-3-UPDOWN: Interface Ethernet0, changed state
to up
00:30:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0, changed state to up
Router(config)#config-reg 0x2102
Router(config)#^Z
Router#
00:04:36: %SYS-5-CONFIG_I: Configured from console by console
Router#write memory
After you issue the config-reg 0x2102 command, the new configuration register value is not immediately
applied. The new value is applied only after the router is reloaded. This output from the show
version command shows the current value (0x142) and the value that is applied after the next reload
(0x2102).
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C800 Software (C800-NSY6-MW), Version 12.2(10b),
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 11-Jul-02 19:53 by pwade
Image text-base: 0x000F2000, data-base: 0x0086C000
ROM: TinyROM version 1.0(3)
leased uptime is 7 minutes
System returned to ROM by power-on
System image file is "flash:c800-nsy6-mw.122-10b.bin"
Cisco C803 (MPC850) processor (revision 1) with 52940K bytes
of virtual memory.
Processor board ID JAD03325506 (2953252)
CPU part number 0x2100
X.25 software, Version 3.0.0.
Bridging software.
Basic Rate ISDN software, Version 1.1.
2 POTS Ports
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
12M bytes of physical memory (DRAM)
collaborate with your peers. Below are just some of the most recent and relevant
conversations happening right now.
ocument ID:
15078
Downloads
ROMmon Recovery for the Cisco 2500, 3000, AS5100, and uBR900 Series Routers
Related Documents
Software Installation and Upgrade Procedure for the 1600, 2000, 2500, 3000, AS5100, and AS5200
Cisco uBR900 Series Cable Access Routers Troubleshooting TechNotes
Cisco 2500 Series Router Architecture [Cisco 2500 Series Routers]
Cisco 2500 Series Routers Troubleshooting TechNotes
Hardware Troubleshooting for Cisco uBR9xx Series Cable Modems [Cable Modems].
More...
Related Products/Technology
More...
Related Discussion
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Verify the Configuration Register Value
Download Cisco IOS Image Using the Boot Image from a Trivial File Transfer Protocol (TFTP) Server
Cisco Support Community - Featured Conversations
Related Information
Introduction
This document explains how to recover Cisco 2500, 3000, AS5100, and uBR900 Series Routers stuck in
ROMmon (rommon#> or > prompt).
Prerequisites
Requirements
To recover a router from ROMmon mode, the router should be physically accessible and should have a
terminal connected to the console port. Recovering a router from ROMmon is not possible by telneting to
any of the interfaces. You must know how to copy the Cisco IOS software image from a TFTP server to the
router.
Components Used
The information in this document is based on the:
The information presented in this document was created from devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If you are working in a live
network, ensure that you understand the potential impact of any command before using it.
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
If the ROMmon prompt is ">", type the following at the ROMmon prompt:
2. >o/r 0x2102
3. >i
4. System Bootstrap, Version 11.0(10c)XB2, RELEASE SOFTWARE
5. Copyright (c) 1986-2003 by cisco Systems
6. 2500 processor with 16384 Kbytes of main memory
7.
8. F3: 10021772+224116+562960 at 0x3000060
9.
10. Restricted Rights Legend
11.
You must reset or power cycle the router for the new configuration to take effect:
You must reset or power cycle the router for the new configuration to take effect:
rommon 2>reset
System Bootstrap, Version 12.0(6r)T3, RELEASE SOFTWARE
(fc1) Copyright (c) 1999 by cisco Systems, Inc.
UBR924 platform with 16384 Kbytes of main
memory.......................
3.
4. >o/r 0x2101
5. >i
6. System Bootstrap, Version 11.0(10c)XB2, RELEASE SOFTWARE
7.
Copyright (c) 1986-1994 by cisco Systems
8.
2500 processor with 16384 Kbytes of main memory
9.
10. Restricted Rights Legend
11.
12. Use, duplication, or ................
13.
14.
15. !--- Output suppressed
16.
17.
18. .............16384K bytes of processor board System
flash (Read/Write)
19.
20. Press RETURN to get started!
21.
hostname(boot)>
Notice that the prompt is now "router (boot)>", confirming that the router has booted up using the
boot image.
Note: If the router boots up in ROMmon again, most likely the boot image is corrupt or missing
and the only way to recover is by replacing the processor board System Flash or hardware.
22. The next step is to upgrade the Cisco IOS software as follows:
23. hostname(boot)>enable
24. hostname(boot)#copy tftp flash
25. System flash directory:
26. File Length
Name/status
27.
28. 1
2416128 c2500-is-l.123-1a.bin [invalid checksum]
29.
30. [2416192 bytes used, 14361024 available, 16777216
total]
31. Address or name of remote host [255.255.255.255]?
172.16.1.2
32. Source file name? c2500-is-l.123-1a.bin
33. Destination file name [c2500-is-l.123-1a.bin]?
34. Accessing file 'c2500-is-l.123-1a.bin' on
172.16.1.2...
35. Loading c2500-is-l.123-1a.bin from 172.16.1.2 (via
Ethernet0): ! [OK]
36.
37. Erase flash device before writing? [confirm]
38.
39.
40. !--- Press Enter to confirm
41.
42.
43. Flash contains files. Are you sure you want to erase?
[confirm]
44.
45.
46. !--- Press Enter to confirm
47.
48.
49. Copy 'c2500-is-l.123-1a.bin' from server
50.
as 'c2500-is-l.123-1a.bin' into Flash WITH erase?
[yes/no]yes
91.
92.
93. !--- Output suppressed
94.
95.
96.
97. Press RETURN to get started!
98.
hostname>
99. Use the show version command to verify the configuration register value and the newly-loaded
Cisco IOS image version.
100.hostname>show version
101.Cisco Internetwork Operating System Software
102.IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(1a),
RELEASE SOFTWARE (fc1)
103.Copyright (c) 1986-2003 by cisco Systems, Inc.
104.Compiled Fri 06-Jun-03 07:46 by dchih
105.Image text-base: 0x0307F6E8, data-base: 0x00001000
106.
107.ROM: System Bootstrap, Version 11.0(10c)XB2, PLATFORM
SPECIFIC RELEASE SOFTWARE
108.(fc1)
109.BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version
11.0(10c)XB2, PLATFORM SP
110.ECIFIC RELEASE SOFTWARE (fc1)
111.
112.Router uptime is 2 minutes
113.System returned to ROM by reload
114.System image file is "flash:c2500-is-l.123-1a.bin"
115.
116.cisco 2500 (68030) processor (revision L) with
14336K/2048K bytes of memory.
117.Processor board ID 13587050, with hardware revision
00000000
118.Bridging software.
119.X.25 software, Version 3.0.0.
120.2 Ethernet/IEEE 802.3 interface(s)
121.2 Serial network interface(s)
122.32K bytes of non-volatile configuration memory.
123.16384K bytes of processor board System flash (Read
ONLY)
124.
125.Configuration register is 0x2102
The show version command output above shows that the router has loaded the new Cisco IOS image
and the configuration register value is 0x2102.
See Software Installation and Upgrade Procedure for the 1600, 2000, 2500, 3000, AS5100, and AS5200 for
more information.
Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and
collaborate with your peers. Below are just some of the most recent and relevant
conversations happening right now.