Below article covered how to break or recover Enable Secret Password on Cisco 2500 Router.
1. Attach a PC to the console port of the router. Password recovery cannot be done remotely.
2. Type a show version at the console prompt. You only have to be in User mode to run the show version command. Make a note of the configuration register number. It will almost always be 0x2102, but might be 0x102. If you cannot do a show version use 0x2102 or check a similar router for it’s configuration register.
3. Once you have this information follow these steps:
Basic Steps for Cisco Password Recovery:
Power reset the router.
Go into ROMMON mode for password recovery.
Set the configuration register to boot the router without loading the configuration file.
Reboot the router.
Copy the startup-configuration into memory.
Go into Global Configuration mode and change the password.
Reset the configuration register to boot the router using the startup configuration file.
Save the configuration back to NVRAM.
Reboot the router.
Step by Step Cisco Password Recovery Procedure:
Step 1. Power reset the Router.
Step 2. Within 60 seconds of the Router reboot, press the Ctrl+Break keys. This puts the Router in ROMMON mode.
Step 3. The Router should boot to a router> prompt with no Router name.
Step 4. Type o/r 0x42 on the router> prompt. This tells the router to boot from Flash Memory without loading the configuration file. If you want to boot from ROM instead, type o/r 0x41.
However, booting from ROM allows you to only view the encrypted password or erase the configuration. You cannot change the password.
Step 5. Type i at the router prompt. The Router will now reboot, but ignore it’s saved configuration (which contains the forgotten password).
Step 6. When the router boots up it will ask you if you want to configure the Router. Press Ctrl+C to break out of the startup configuration.
Step 7. Type enable at the router> prompt. This will put you in enable or Privileged mode and the prompt will look like this: router#
Step 8. Type copy startup-config running-config (or copy start run) to copy the startup configuration into memory. With the startup configuration in memory you can now change the enable secret password.
Step 9. At the router# prompt type config t to go into global configuration mode.
Step 10. At the router(config)# prompt type enable secret new_password where new_password is a new password.
Step 11. You now need to change your configuration register to tell the router to boot up with the startup configuration file. Type config-register 0x2102 and press enter. This tells the router to load the startup-config file in NVRAM when it boots up. (use the number you saved from the show version command)
Step 12. Press Ctrl+Z to leave global configuration mode.
Step 13. At the Router# prompt type copy running-config startup-config (or copy run start). This will save your password change to NVRAM.
Step 14. Type reload and press Enter to reboot the Router.
Filed Under: Password Recovery
About the Author: