Password Recovery for Old/Used Cisco Switch or Router

Sometimes you will obtain an old or used Cisco Switch or Router which has configurations on the device. You can still access the device if you don’t know the password. You can perform the following steps to recover the device all the while saving configurations too.

1.    Connect to the console port.
    a.    Ensure you have a console cable with the prolific device driver. Some cheaper console cables will not allow you to send the break signal during the router/switch boot process.

2.    Reboot the device and send a break signal within the first 30 seconds.
    a.    During reboot you have 30 seconds to send the break signal and interrupt the boot process. This is why you need a higher quality cable with the prolific device driver for break signals.
    b.    You are doing this to enter Rommon boot mode. To change were it looks for the startup configuration.
    c.    You have the following options for sending the break command since laptops and computers are all different:
        i.    Pause/Break key or Ctrl+Pause/Break on keyboard (This is usually the standard for regular keyboards)
        ii.    #Ctrl+Fn+F11
        iii.    #Fn+B
        iv.    #Ctrl+B
        v.    #Ctrl+Fn+B
    d.    Finally, PuTTY has an option to send the break command through the menus:
        i.    Under the PuTTY menu, hover over “Special Command”
        ii.    Then select the “Break” option there.

3.    Modify the Configuration register.
    a.    You are doing this in order to keep it from loading the previous configuration into the running-config. This allows us to bypass the password from the currently installed configuration.
    b.    In Rommon state, there is no OS loaded. It is for recovery purposes. We want to change the “confreg” setting. Type this in:
        i.    #confreg 0x2142
            1.    0x2142 puts it in a state of ignoring the VNRAM contents/startup configuration. But this keeps the old configuration in the system.
            2.    0X2102 is the normal state of boot. Makes it operate normally.
    c.    Next we reset the device to reboot with the new confreg code.
        i.    #reset

4.    Now you can recover your configuration in the router or switch and reset the passwords.
    a.    After reboot, you say “NO” to initial configuration dialog.
    b.    You are now in the router/switch without a configuration.
    c.    Your old configuration is in the startup-config. You can even do a:
        i.    #show startup-config
        ii.    And you can see your old configuration on the router/switch.
    d.    Now we can copy the startup-config into our running-config and we maintain admin rights without the old passwords blocking us:
        i.    #copy startup-config running-config
    e.    Also you can now reset your passwords in global config mode:
        i.    #conf t
        ii.    #enabled secret cisco
        iii.    #line con 0 password cisco
        iv.    And continue with others you wish to reset.
    f.    Make sure to save the configuration:
        i.    #write/#copy run start

5.    Revert the configuration register to the original boot so now you can load your configurations with the new password.
    a.    We have a final step to do. We will need to change that boot process again since that 0x2142 is not the normal boot state. We need to change it back to 0x2102.
        i.    #show version (shows the router/switch status and what the boot reg is set to)
        ii.    #conf t
        iii.    #config-register 0x2102
        iv.    #write
    b.    Now you can reboot with new passwords and your original configuration.