Overview:
Password recovery is the process used to recover the enable password on a router. Configuration register can be used to change router behavior in different ways, but usually it's to specify how it boots up.
Study Notes:
- Password recovery procedures can be used to recover the enable password if it is unencrypted in the configuration
- The enable secret password is always encrypted and cannot be recovered. It must be replaced with a new password
- Use the following procedure to recover the enable password and replace the enable secret password
Password Recovery Procedures
Shut down the router
Remove the compact flash if it is removable
Boot the router into ROMMON mode (Standard Break Key Sequences)
Once the router is on, reinsert the flash
Change the configuration register to 0x2142 at the rommon 1> prompt in order to boot from the IOS image in flash. This step bypasses the startup configuration, which is the goal since you don't know the enable password contained in the startup configuration
rommon 1> confreg 0x2142
Type reset at the rommon 2> prompt. The router will reboot and ignore the saved configuration
rommon 2> reset
Type Ctrl-C to skip initial setup (or type no after each question)
At the Router> prompt enter enable
Router> enable
Copy the startup configuration to the running configuration
Router# copy startup-config running-config
Show the running-configuration to view the enable password
Router# show running-configuration
If the enable password is encrypted and you cannot view the unencrypted password, change it
Router# enable password <password>
Reset the enable secret password
Router# enable secret <password>
Change the configuration register back to 0x2102
Router# config-register 0x2102
Save the running-config to the startup-config
Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK]
Test the changes by rebooting the router and logging in with the new enable password and new enable secret password
Configuration Register
Configuration register values can be seen using the confreg command in ROMmon mode
rommon 1> confreg
Configuration Register values can be seen using the show version command in User-Exec mode
show version
If you know the value of your configuration register, you can determine its meaning.
0x102
- Ignores break
- 9600 console baud
0x1202
- 1200 baud rate
0x2101
- Boots into bootstrap
- Ignores break
- Boots into ROM if initial boot fails
- 9600 console baud rate
0x2102
- Ignores break
- Boots into ROM if initial boot fails
- 9600 console baud rate default value for most platforms
0x2120
- Boots into ROMmon
- 19200 console speed
0x2122
- Ignores break
- Boots into ROM if initial boot fails
- 19200 console baud rate
0x2124
- NetBoot
- Ignores break
- Boots into ROM if initial boot fails
- 19200 console speed
0x2142
- Ignores break
- Boots into ROM if initial boot fails
- 9600 console baud rate
- Ignores the contents of Non-Volatile RAM (NVRAM) (ignores configuration)
0x2902
- Ignores break
- Boots into ROM if initial boot fails
- 4800 console baud rate
0x2922
- Ignores break
- Boots into ROM if initial boot fails
- 38400 console baud rate
0x3122
- Ignores break
- Boots into ROM if initial boot fails
- 57600 console baud rate
0x3902
- Ignores break
- Boots into ROM if initial boot fails
- 2400 console baud rate
0x3922
- Ignores break
- Boots into ROM if initial boot fails
- 115200 console baud rate
PacketTracer Lab: CCNA-7.5.b-Password-recovery-and-configuration-register.pkt
Subscribe Now for access to the labs!
cisco vega
August 3, 2021 at 8:38 pmi’m in 0x2101 and there no command (no service password-recovery) on it , i’m afraid if change it to 0x2102 it will not reload correctly to apply command (no service password-recovery) , can any one give a help?