Cisco routers password recovery

1 Principle to the password recovery

(1) the Cisco router keeps several different configuration parameters, and stored in different memory modules. Cisco series router memory: ROM, flash memory (Flash memory), RAM, not variable RAM and dynamic memory(DRAM) 5 (the function table 1). In general, the router startup, first run theROM program, system test and guide, and then run the Flash in ISO, and look for the router configuration in NVRAM, and in DRAM.

(2) the key password recovery is the configuration register (ConfigurationRegister Value) (see Table 2) is modified, so that the router uses differentparameters from different memory table to start. Valid password stored in NVRAM, essence therefore change password is to let the registration codedoes not work, so it can directly start, after the completion of the registrationcode recovery (such as forgetting recovery, router restarted after themodification of the configuration may be lost).

The memory effect

ROM storage system boot program, similar to PC's BIOS, is a read-only memory, system power down mirror program does not missing flash storage of Cisco IOS, similar to the PC hard disk, is an erasable, programmable ROM,system power down data will not be lost NVRAM configuration files (Startup  config) the RAM storage system using configuration (Running  config) DRAM mainly contains the routing table, ARP cache, Fastswitch cache, data cache,also include the running configuration file, the system power down the memory data can be lost in table 2Cisco series router configuration access code

Configuration Register Value

The 0X2102 default settings

Boot field=0X20X2101 from Flash to guide the normal operation mode

Boot field=0X10X142 into the boot ROM operation mode of Router (boot).

Bit8=0X0040 to enter the boot monitor mode or rommon > >

Boot field=0X2 from Flash to guide the normal operation mode

2 preparations

The manufacturer offers a Console in the design of router products (console),it is an important interface to configure the router, the first step is thepassword recovery: interface and cross line by using DB25, the terminal or asuper terminal software PC to router Console port. Terminal parameter settings are as follows: 9600 speed: BPS; data bits: 8; parity: No; stop bit: 1;control: No. As shown in figure 1.

The 3800 Series Router (in 801 cases) specific operation method

(1) press the interrupt key Ctrl+Break at the start of the 60 s, if the Breakshield could be used for starting, the device enters the ROM monitor state,prompt ">".

(2) enter the set command in ROM monitor:

Ios-conf the current note value, this is 0x2102.

Boot# set


Set prompt= "boot"

Set ios-conf=0X2102

(3) enter the set ios-conf 142, as follows: boot# set ios-conf 142.

(4) enter the boot guidance system, if the requirements of the equipmentinitialization configuration during the reboot, the way to answer "No", as shown below:

Boot# boot


8Kbytes of non volatile configuration


8Mbytes of flash on board (4M from flash card)

-- system configuration dialog --

Would you like to enter the initial configuration dialog? (yes/no): n

Press reture to get started (press enter)!

(5) enter, enable, then enter, enter the enable state, the command sequenceis as follows:



(6) the input config MEM, transferred to the original configuration file, and enter configuration mode (Note: not conf T), the command sequence is as follows:

Router# conf mem

801 (config) #

(7) to restore the original value of the configuration register and activate allports:

801#configure terminal

801 (config) #config register0X2102

801 (config) #interface XX

801 (config) #no shutdow

(8) query and record the lost password:

801#show configuration (show startup config)

(9) to change the password:

801#configure terminal

801 (config) line console 0

801 (config  line) #login

801 (config  line) #password xxxxxxxxx

801 (config  line) #

801 (config  line) #write memory (copy running config startup config)

