yourfirstserver.com

When “Open Sesame” just doesn’t cut the mustard – how to reset the passwords on a Cisco router

Tweet

I see a ton of routers on eBay and various other auction sites and inevitably they almost all say the same thing.  Can’t test because I don’t know the admin password.  This got me thinking (which can sometimes be a dangerous thing) What purpose does the admin password serve and is there a general set of instructions I can come up with that could give a person a “walk through” on how to go about resetting that password.. . . .

So here goes:

The answer to the first question is pretty obvious.  The admin password is designed to protect access to privileged EXEC and configuration modes within the router, thus ensuring that only “trusted” users can perform certain services.  There are actually 5 types of passwords that you can set on a Cisco router:

1. Console – this is a basic connection to every router.  In order to initially set up a router, you will have to connect to a console port; enable at least one port and set the VTY password.
2. Aux – This is referred to as the Axillary Port or Aux Port
3. VTY – Virtual Teletype – These lines are used to configure Telnet access to the router.
4. Enable Password – This is to allow security on a Cisco router when the admin is attempting to go from the user mode to the privileged mode.  This password is an unencrypted password.
5. Enable Secret – This serves the same purpose as the Enable, but IS encrypted by default and if is enabled, will outweigh the Enable password.  Also, if Secret is enabled, the default password need never be used, as this will supercede it.

Now that that bit of technical mumbo jumbo is over with, back to the lecture at hand. . . . how to reset the password on this router.

Step one: is to of course attach a pc with terminal emulation or an actual terminal to the console or aux port.  Here are the terminal settings:

- 9600 baud rate
– No parity
– 8 data bits
– 1 stop bit
– No flow control

Step two: using the router power switch, turn the unit off and back on.

Step three: Press “BREAK” on the terminal keyboard within 60 seconds of the power up.

Step 4: Type “config 0×2142″ at the rommon 1> prompt

Step 5: Type “reset” at the rommon 2> prompt

Step 6: Type “no” after each question the router asks OR press CTRL-C to skip this setup procedure.

Step 7: Type “Enable” at the router> prompt

Step 8: Type “copy startup-config running config” – this will copy the NVRAM (non-volatile RAM) into memory.

Step 9: Type “Show running-config” – you will now see the current configuration of the router including all passwords in either encrypted or unencrypted format.  The unencrypted ones can simply be written down and reused, the encrypted ones must be changed.

Step 10: Type “configure terminal” – this will allow you to make the changes.  The prompt should now be – Router(config)# you may also see hostname(config)#

Step 11: Type “enable secret yourpasswordhere” this will change the enable secret password.

Step 12: You will now need to provide a “no shutdown” command for every interface being used.  To see what interfaces are active type “show ip interface brief”

Step 13: Again, type “configure terminal” to enter configuration mode.  Step 13a:  Type “config-register 0×2102″ This will reset the configuration ask the router to boot from your saved config including all of your new passwords.

Step 14: Press CTRL-Z or END to leave the configuration mode.  You should now be at the prompt  hostname#

Step 15: Type “copy running-config startup-config” this will save the changes.  You should now be able to restart the router and login using your new passwords.

Congratulations!!  We did it.. . . well YOU did it, but I’d like to feel that I had a hand in helping you.

Of course, networkequipment.net has a well trained tech department and is happy to help you in your pursuit.