If one thing is for certain, it’s that at some point you’ll forget the password that you assigned to a router, or be asked to configure a router whose password you cannot be provided with. The good news is that with physical access to the console port, you’re in luck. Now that you know about configuration register settings, you know that you can change its setting to ignore the startup configuration file on a router, thus allowing you to bypass any passwords. Once you reboot the router, you can then change (and save) new passwords.
For the purpose of this example, let’s assume that we’re using a Cisco 2600 router. The steps on a Cisco 2500 are similar, with the exception of the ROM Monitor mode commands.
The first step is to access ROM Monitor mode and changing the configuration register setting to 0x2142, such that the router will ignore the contents of the startup configuration file. After rebooting the router, issue the break sequence, and then enter the confreg and reset commands.
rommon 1>confreg 0x2142
rommon 2>reset
The router should now reload, ignoring the contents of the startup configuration file. Press Enter to access user mode, and then enter privileged mode using the enable command. Notice that no password is required.
Press RETURN to get started.
Router>enable
Router#
Now that we’ve accessed privileged mode, the next step is to overwrite the current running configuration with the information stored in the startup configuration. Loading this configuration into RAM will allow us to change the password, as well as to save it.
Router#copy star run
Be very careful not to mistakenly issue the copy run start command – that would cause you to lose all configuration settings stored in the startup configuration file.
Even though we’ve copied the startup configuration into RAM, all of the interfaces are still shutdown. To verify this, use the show run command. As such, your last steps will be to access all interfaces and issue the no shutdown command. Our main goal is still to change the enable secret password, so that’s our next step.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret cisco
After setting our new enable secret password (and any other passwords that we may need changed), issue the no shutdown command for all interfaces, and then change the configuration register back to the default value (or whichever value you require) using the config-register command. In this case, we’ll set the register back to 0x2102, and then issue the all-important copy run star command to save our changes.
Router(config)#config-register 0x2102
Router(config)#^Z
Router#copy run star>/code>
And there you have it. You don’t even require a reboot at this point (assuming that you remembered to issue the no shutdown command for all necessary interfaces). The next time the router does reboot, its configuration register will be set to 0x2102. This means that it will not ignore the startup configuration file, allowing you complete and normal access using our newly configured password.