Password Recovery

enable password and enable secret are used to control access to the privileged EXEC mode. lost password can be recovered while lost secret should be replaced by a new one because it's encrypted. for security reason, you recover lost password or secret by connectring your PC to the device through a console cable. the configuration register, is something similar to the BIOS configuration in a PC. for example, BIOS determine from which hard disk should the PC boot. for a router, the configuration register, which is represented by a single hexadecimal value, tells the router what steps to take when booting. configuration register has many uses, password recovery might be the most used one.

the steps are:
  • step 1. connect your PC to the router.
  • step 2. record the configuration register by entering the command "show version" (the configuration register information usually will be at the last line). if you don't have access to the user EXEC mode anymore. you can safely assume that the configuration register value is 0x2102 (the configuration register is usually set to 0x2102 or 0x102).
  • step 3. turn off the router and then turn it back on.
  • step 4. press Break on the keyboard, within 60 seconds of power up to put router into ROMmon.
  • step 5. change the configuration register value to 0x2142 in ROMmon by entering the command "confreg 0x2142". this will cause the boot process to bypass the startup-configuration where the forgotten password is stored.
  • step 6. reboot the router by entering the command "reset" in ROMmon. the router will then reboot and ignores the saved configuration.
  • step 7. ignore the initial setup procedure by typing "no" at boot process.
  • step 8. go to the privileged EXEC mode with the command "enable".
  • step 9. copy your startup-configuration to running-configuration with the command "copy startup-config running-config".
  • step 10. now you use "show running-config" to see the password. if your password is encrypted, then you have to set a new password. (you will also see that all interfaces are on shutdown state).
  • step 11. to set a new password go into the global configuration level with the command "configure terminal".
  • step 12. set a new secret with the command "enable secret password". for example if you want to set the password to cisco then type "enable secret cisco".
  • step 13. because all interfaces are in shutdown state, issue "no shutdown" on every interface that should be up. issue "show interface brief" to confirm it.
  • step 14. reset the configuration register to the its value (that you've recorded) with the command "config-register confreg-value". enter the command "config-register 0x2102", if you want to set it to 0x2102.
  • step 15. all is set, then you might want to copy the running-configuration to the startup-configuration so that your new password is stored in startup-configuration.