Cisco Router / Switch Password recovery procedure
Hi Folks ,
The best way manage logins for cisco router / switches is using the tacacs server.
Provides central authentication / privilidge levels etc....
But one big problem u face is that when the connectivity to tacacs goes down the router falls back to the default authentication procedure.
Many a times you forget the default enable passwords and you are in a fix if the connectivity goes down .... thats what happened with me :(.
Btw if you wanna know how to get your cisco routers on tacacs please go to :
http://www.cisco.com/warp/public/480/tacplus.shtml#intro
But the important part is how to break the current password :
Step 1 : Attach a terminal or PC with terminal emulation to the console port of the router. Use the following terminal settings (Generally Hyper terminal is used) :
9600 baud rate
No parity
8 data bits
1 stop bit
No flow control
Step 2 : Type show version and record the setting of the configuration register. Click here to see output of ashow version command.
The configuration register setting is usually 0x2102 or 0x102.
Step 3 : Reboot the cisco router
Step 4: Press Break (ctrl + break) on the terminal keyboard within 60 seconds of the powerup to put the router into ROMMON.
Type confreg 0x2142 at the rommon 1> prompt to boot from Flash without loading theConfiguration
Step 5: Type reset at the rommon 2> prompt.
Now with output from a test router a below :
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)Copyright (c) 1999 by cisco Systems, Inc.TAC:Home:SW:IOS:Specials for infoC2600 platform with 32768 Kbytes of main memoryprogram load complete, entry point: 0x80008000, size: 0x6fdb4cSelf decompressing the image :
Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.cisco Systems, Inc.170 West Tasman DriveSan Jose, California 95134-1706Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)Copyright (c) 1986-1999 by cisco Systems, Inc.Compiled Tue 07-Dec-99 02:21 by phanguyeImage text-base: 0x80008088, data-base: 0x80C524F8cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.Processor board ID JAB031202NK (3878188963)M860 processor: part number 0, mask 49Bridging software.X.25 software, Version 3.0.0.Basic Rate ISDN software, Version 1.1.2 Ethernet/IEEE 802.3 interface(s)2 Serial(sync/async) network interface(s)1 ISDN Basic Rate interface(s)32K bytes of non-volatile configuration memory.8192K bytes of processor board System flash partition 1 (Read/Write)8192K bytes of processor board System flash partition 2 (Read/Write)--- System Configuration Dialog ---4 of 7 10/5/2000 3:22 PM
Step 6 : Would you like to enter the initial configuration dialog? [yes/no]: n (please do a ctrl + c or no at this prompt )
Press RETURN to get started!00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
00:00:50: %SYS-5-RESTART: System restarted --Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)Copyright (c) 1986-1999 by cisco Systems, Inc.Compiled Tue 07-Dec-99 02:21 by phanguye00:00:50: %LINK-5-CHANGED: Interface BRI0/0, changed state to administratively do00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administrative00:00:52: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administrative00:00:52: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed st00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed st
Sorry for the above garbled router :
After booting you come to the prompt below without asking for a password :
Router>
Router>en
Step 7 : Router#copy start run
Destination filename [running-config]?1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, changed state
Step 8 : Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.Router(config)
Chnage the password for the cisco router :
Step 9 : Router#enable secret cisco
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
This step is very important as interfaces are generally shut down after the recovery procedure :
Check the interfaces which are shutdown and un shut them.
Step 10 : Router#sh ip int brief
Interface IP-Address OK? Method Status Prot
Ethernet0/0 10.200.40.37 YES TFTP administratively down down
Serial0/0 unassigned YES TFTP administratively down down
BRI0/0 193.251.121.157 YES unset administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES TFTP administratively down down
Serial0/1 unassigned YES TFTP administratively down down
Loopback0 193.251.121.157 YES TFTP up up
Enter the configuration mode and un shut the interfaces :
Step 11 :Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Step 12 : Router(config)#int Ethernet0/0
Router(config-if)#no shut
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed st
Step 13 : After all this done. Write the running config into flash memory :
Router#copy run start
Destination filename [startup-config]?Building configuration...[OK]
Step 14 : Router#sh ver
Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)Copyright (c) 1986-1999 by cisco Systems, Inc.Compiled Tue 07-Dec-99 02:21 by phanguyeImage text-base: 0x80008088, data-base: 0x80C524F8ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)Router uptime is 3 minutesSystem returned to ROM by abort at PC 0x802D0B60System image file is "flash:c2600-is-mz.120-7.T"cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.Processor board ID JAB031202NK (3878188963)M860 processor: part number 0, mask 49Bridging software.X.25 software, Version 3.0.0.Basic Rate ISDN software, Version 1.1.2 Ethernet/IEEE 802.3 interface(s)2 Serial(sync/async) network interface(s)1 ISDN Basic Rate interface(s)32K bytes of non-volatile configuration memory.--More-- 8192K bytes of processor board System flash partition 1 (Read/Write)8192K bytes of processor board System flash partition 2 (Read/Write)
Configuration register is 0x2142 (this needs to be changed back to normal 0x2102)
Change the configuration register value back to normal :
Step 15 :Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-reg 0x2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console
Thats it folks the register value would be changed at the next reboot.
Wanna reboot the Cisco Router and check go ahead but remember we are here to minimise the downtime :).
--Nitin.
posted by Nitin @ 8/17/2004 02:43:00 PM
0 Comments:
Post a Comment
<< Home