Lab 62: Performing Password Recovery

Lab Objective:

The objective of this lab exercise is for you to learn how to perform password recovery on a Cisco IOS router.

Lab Purpose:

Sometimes by mistake you can lose access to your Cisco device for something as simple as forgetting your credentials, so it’s important to know how to overcome this specific issue by performing password recovery. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to perform password recovery on your Cisco IOS router.

Certification Level:

This lab is suitable for CCENT certification exam preparation.

Lab Difficulty:

This lab has a difficulty rating of 5/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.

Lab Topology:

Please use the following topology to complete this lab exercise:

Task 1:

You are trying to log in to R1 via the console port but keep getting an error when entering your username/password, so you will perform password recovery. Reboot R1.

Task 2:

Press Ctrl+Break as soon as you receive a prompt showing the boot process.

Task 3:

Once you are in rom monitor mode, instruct the router to bypass the running-configuration bootup by changing the configuration register to 0x2142. After changing this configuration register, reset the router so you can boot up and finalize password recovery.

Task 4:

Once you are in, copy the startup configuration to the running configuration and make changes to the username and passwords that you are having issues with (Enable, AAA database, etc.).

Task 5:

Finally, change the configuration register to the default of 0x2102, save the configuration, and reboot the router.

Note: Your procedure may differ due to platform differences, so Google “Cisco password recovery” for your model. Cisco switches usually follow a different recovery procedure altogether.

Configuration and Verification

Task 1:

Reboot the router manually (i.e., disconnect power from the unit).

Task 2:

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) 
Copyright (c) 1999 by cisco Systems, Inc. 
TAC:Home:SW:IOS:Specials for info 
PC = 0xfff0a530, Vector = 0x500, SP = 0x680127c8 
C2600 platform with 65536 Kbytes of main memory 

program load complete, entry point: 0x80008000, size: 0xf54134 
PC = 0xfff0a530, Vector = 0x500, SP = 0x83fffe68 

Press <Ctrl + Break> as the router boots. 

monitor: command “boot” aborted due to user interrupt 
rommon 1 >

Task 3:

rommon 1>confreg 0x2142 
You must reset or power cycle for new config to take effect 
rommon 2>reset

Task 4:

Router#copy startup-config running-config 
Destination filename [running-config]? (hit enter) 
Building configuration... 
R1#configure terminal 
R1(config)#enable password cisco
R1(config)#enable secret enter 
R1(config)#line console 0 
R1(config-line)#password ccna 
R1(config)#username ccna-labs privilege 15 secret ccna

Or you could just use the no enable secret and no username commands.

Task 5:

R1#configure terminal 
R1(config)#config-register 0x2102 
R1#copy running-config startup-config 


Inline Feedbacks
View all comments
Would love your thoughts, please comment.x