Some basic domain knowledge but important for IT guys that hardly touch Cisco devices.
If you do not know/remember the enable password, and for which you do not want to lose the configuration present in NVRAM (startup), there are steps for obtaining privileged access again on a Cisco router.
Recovering a lost password is only possible when you are connected to the router through the console port. These procedures cannot be performed through a Telnet session.
Connect an ASCII terminal or a PC running a terminal emulation program to the CONSOLE port on the rear panel of the router. You will need a USB Serial Cable USB to RS232 Adapter to link up the console cable to your laptop.
Configure the terminal to operate at 9600 baud, 8 data bits, no parity, and 1 stop bit.
(baud rate can be other speed like 115200 too, but you need reliability and not to overrun the buffer.)
The “Configuration Register” is a parameter (expressed in hexadecimal) which supplies information to the bootstrap software present on the machine on how to start it. Its default value (0x2102 , which can be viewed using the show version command , an example of which follows) indicates, for example, that the IOS will be loaded from flash memory and the configuration from NVRAM.
You will need to confreg the flash to bypass 0x2102 to 0x2142 , which will tell bootstrap to ignore the startup configuration (still loading the IOS from the flash), thus presenting the prompt of an unconfigured machine.
To modify it without access privileges, you will need to:
- Power off router completely
- Power on and continuously press Ctrl-Break to get in to ROMMon mode
- when presented with rommon 1 > prompt, type confreg 0x2142
- Reboot by type boot at rommon 1 > prompt
- When “Continue with configuration dialog? [yes/no]:” prompt appears, type n
- At router> prompt type en or enable
- The prompt will change from router> to router# which indicates privileged EXEC mode.
- Type config terminal
- Type enable secret password or enable secret new-password
- Type your new password
- Save configuration changes – do copy running-config startup-config
- Restore registry value change using config-register 0x2102
- exit privilege mode ( Router(config)# exit )
- Reboot router for changes to take effect