|How to Reset The Admin Password On A Cisco Router (Local)
This is the first in my series of guides to cisco routers.
Cisco border routers are what seperates the internal network from the internet.
It is important to understand how they work, because an insecure border router means an insecure network.
Please email me any ideas about cisco related guides you would like to read about, my next article will be a guide to hardening the security of Cisco routers.
This guide describes the procedure for recovering an enable password or enable secret passwords.
These passwords are used to protect access to privileged EXEC and configuration modes.
The enable password password can be recovered but the enable secret password is encrypted and can only be replaced with a new password.
Physical access to the router
Basic cisco experience
PC with hyperterminal
RJ-45 rollover cable
1. Attach a terminal or PC with terminal emulation (such as hyperterminal) to the console port of the router.
Use the following terminal settings:
- 9600 baud rate
- No parity
- 8 data bits
- 1 stop bit
- No flow control
For additional information on cabling and connecting a terminal to the console port or the AUX port, refer to the following documents
Cabling Guide for Console and AUX Ports on Cisco Routers - http://www.cisco.com/warp/public/701/14.html
2. Using the power switch, turn off the router and then turn it back on.
3. Press Break on the terminal keyboard within 60 seconds of the power-up to put the router into ROMMON
*** System received an abort due to Break Key ***
signal= 0x3, code= 0x500, context= 0x813ac158
PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030
rommon 1 >
4. Type confreg 0x2142 at the rommon 1> prompt to boot from Flash without loading the configuration.
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
5. Type reset at the rommon 2> prompt.
The router reboots but ignores its saved configuration.
6. Type no after each setup question or press Ctrl-C to skip the initial setup procedure.
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: n
Press RETURN to get started!
7. Type enable at the Router> prompt.
You'll be in enable mode and see the Router# prompt.
8. Type copy startup-config running-config to copy the nonvolatile RAM (NVRAM) into memory.
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,
changed state to down
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,
changed state to down
9. Type show running-config.
The show running-config command shows the configuration of the router. In this configuration you see under all the interfaces the shutdown command, which means all interfaces are currently shutdown. Also, you can see the passwords (enable password, enable secret, vty, console passwords, and so on) either in encrypted or unencrypted format. The unencrypted passwords can be re-used, the encrypted ones will have to be changed with a new one.
10. Type configure terminal and to make the changes.
The prompt is now hostname(config)#.
11. Type enable secret <password> to change the enable secret password.
Router(config)#enable secret cisco
12. Issue the no shutdown command on every interface that is used.
(To find out what interfaces are available, issue a "show ip interface brief" command)
Router(config)#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.200.40.37 YES TFTP administratively down down
Serial0/0 unassigned YES TFTP administratively down down
BRI0/0 18.104.22.168 YES unset administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES TFTP administratively down down
Serial0/1 unassigned YES TFTP administratively down down
Loopback0 22.214.171.124 YES TFTP up up
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0,
TEI 68 changed to up
Router(config-if)#^Z <------ Control + Z
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Now check the interfaces are all up (hint: show ip interface brief)
13. Enter config mode and type config-register 0x2102, this will reset the config register to boot from your saved configuration file (with all your new passwords)
14. Press Ctrl-z or end to leave the configuration mode.
The prompt is now hostname#.
15. Type copy running-config startup-config to save the changes.
Your done! Restart the router and login
Email : firstname.lastname@example.org
CMS : rapture