Password Recovery Cisco 2500 / 2600 Routers Passwords are recorded in the startup-config file which is stored in NVRAM. The key to password recovery is to prevent startup-config from being copied to running-config during the boot process. Bit 6 of the Configuration Register may be altered to prevent startup-config in NVRAM from being copied to running-config in RAM during the boot sequence. If the password is lost, the Configuration Register may be altered while the ROM monitor mode. ROM monitor mode may be accessed by pressing the <CNTRL> and <BREAK> keys while the IOS is being loaded from flash memory. While practicing on a functioning router, you may reboot from privileged mode by simply typing reload. router# show version Cisco Internetwork Operating System Software 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2142 (will be 0x2102 at next reload) -------------------------------------------------------------------------------- Password Reset - Cisco 2500 Series 01) cycle power (with ENABLE mode = practice) router# reload 02) press <Ctrl> & <Break> keys <CTRL><BREAK> 03) change config register to 0x2142 2500: > o/r 0x2142 2600: rommon 1> confreg 0x2142 2600: rommon 2> reset 04) begin boot process > i 05) answer no to configuration setup? Enter Configuration Setup? [y,n] n or CTRL+C 06) enable privileged EXEC mode router> enable 07) recover configuration from NVRAM router# copy startup-config running-config 08) enable global config mode router# config terminal 09) configure new secret password router(config)# enable secret class 10) restore config register to 0x2102 router(config)# config-register 0x2102 11) return to privileged EXEC router(config)# exit 12) copy config to NVRAM router# copy running-config startup-config 13) router# reload -------------------------------------------------------------------------------- Type o/r 0x42 at the router> prompt. This tells the router to boot from Flash Memory without loading the configuration file. If you want to boot from ROM instead, type o/r 0x41. However, booting from ROM allows you to only view the encrypted password or erase the configuration. You cannot change the password. Here is the link that points to all the password recovery procedures for all the Cisco products through the 12000 series: http://www.cisco.com/warp/public/474/index.shtml Also, here is the link that helps you to find the break sequence for the communication program you are using: http://www.cisco.com/warp/public/701/61.html -------------------------------------------------------------------------------- How do I reset the enable secret password using SNMP There is lots of information to recover lost passwords on the Cisco Website. Most, if not all, involve having console access to the router - but say the router is on the other side of the world? Answer - Use 3 simple steps via SNMP. 1. Read the config to a tftp server… "snmpset -c <write community string> <routerIP/name> .1.3.6.1.4.1.9.2.1.55.ipaddress.of.tftpserver octetstring <filename on server>" 2. Next edit the configuration substituting the new, plain text, enable secret password and save it back to a tftp server on the same network as the router. "enable secret <new password>" 3. Then tell the router to boot the config on your tftp server (tftp server needs to be on the same subnet). "snmpset -c <write community string> <routerIP/name> .1.3.6.1.4.1.9.2.1.50.ip.address.of.tftpserver octetstring <filename on server>" And the new config is running, telnet to the router and try your new password. Then copy the running config to startup.