{"id":205,"date":"2011-01-11T08:44:38","date_gmt":"2011-01-11T07:44:38","guid":{"rendered":"https:\/\/thebc.ch\/blog\/?p=205"},"modified":"2013-02-01T13:18:26","modified_gmt":"2013-02-01T12:18:26","slug":"cisco-password-recovery-procedures","status":"publish","type":"post","link":"https:\/\/thebc.ch\/blog\/?p=205","title":{"rendered":"Cisco Password Recovery Procedures"},"content":{"rendered":"<div id=\"toctitle\">\n<span id=\"Contents\"><h2>Contents<\/h2><\/span>\n<\/div>\n<ul>\n<li>1 Cisco Router\n<ul>\n<li>1.1 Password Recovery Cisco Router\n<ul>\n<li>1.1.1 Cisco 160x Series<\/li>\n<li>1.1.2 Cisco 250x Series<\/li>\n<\/ul>\n<\/li>\n<li>1.2 The Recovery-Procedure<\/li>\n<\/ul>\n<\/li>\n<li>2 Cisco Switches\n<ul>\n<li>2.1 Password Recovery Cisco 3500XL\n<ul>\n<li>2.1.1 COM Terminal Settings<\/li>\n<li>2.1.2 Booting the switch<\/li>\n<li>2.1.3 Resetting Config<\/li>\n<li>2.1.4 Initial Configuration<\/li>\n<\/ul>\n<\/li>\n<li>2.2 Links<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a id=\"Cisco_Router\" name=\"Cisco_Router\"><\/a><\/p>\n<span id=\"Cisco_Router\"><h1>Cisco Router<\/h1><\/span>\n<p><a id=\"Password_Recovery_Cisco_Router\" name=\"Password_Recovery_Cisco_Router\"><\/a><\/p>\n<span id=\"Password_Recovery_Cisco_Router\"><h2>Password Recovery Cisco Router<\/h2><\/span>\n<p>Unknown Cisco password and no documentation?<\/p>\n<p>I&#8217;ve seen this numerous times. Customers tell you they have a spare Cisco router and ask you to configure it. &#8220;Sure, no problem&#8221;, you say and think but then their router comes without a console cable, nobody knows any passwords and\/or who may have configured it, so that leaves you with only one option: recover.<\/p>\n<p>Recover a Cisco Router<\/p>\n<p>To recover a Cisco router, connect a terminal or PC with terminal emulation serial port such as COM1: to Cisco console (RJ-45) port. Communication parameters are 9600-8-n-1-none.<\/p>\n<p>Right after you turn on your router power send Break (real DEC VT terminal emulations have F5 for that).<\/p>\n<p>Depending on the Cisco model a simple prompt shows up.<\/p>\n<p><a id=\"Cisco_160x_Series\" name=\"Cisco_160x_Series\"><\/a><\/p>\n<span id=\"Cisco_160x_Series\"><h3>Cisco 160x Series<\/h3><\/span>\n<pre>User break detected at location 0x2006718\r\nrommon 1 &gt; confreg 0x2142\r\nrommon 2 &gt; i<\/pre>\n<p><a id=\"Cisco_250x_Series\" name=\"Cisco_250x_Series\"><\/a><\/p>\n<span id=\"Cisco_250x_Series\"><h3>Cisco 250x Series<\/h3><\/span>\n<pre>Abort at 0x3171892 (PC)\r\n&gt;o\/r 0x2142\r\n&gt;i<\/pre>\n<p>This will tell your Cisco to ignore its startup-config file from now on and then reboots.<\/p>\n<p><a id=\"The_Recovery-Procedure\" name=\"The_Recovery-Procedure\"><\/a><\/p>\n<span id=\"The_Recovery-Procedure\"><h2>The Recovery-Procedure<\/h2><\/span>\n<p>After reboot, now without any configuration, type:<\/p>\n<pre>&gt; enable \t  \tenable mode\r\n# erase startup-config erase old configuration including passwords\r\n# configure terminal \tprepare changes for register value\r\n# config register 0x2102 recover original register value\r\n# exit \t  \treturn to command mode\r\n# reload \t  \tdo not save changes if any<\/pre>\n<p>Yes, it is that easy.\u00c2\u00a0\ud83d\ude09<\/p>\n<p><a id=\"Cisco_Switches\" name=\"Cisco_Switches\"><\/a><\/p>\n<span id=\"Cisco_Switches\"><h1>Cisco Switches<\/h1><\/span>\n<p><a id=\"Password_Recovery_Cisco_3500XL\" name=\"Password_Recovery_Cisco_3500XL\"><\/a><\/p>\n<span id=\"Password_Recovery_Cisco_3500XL\"><h2>Password Recovery Cisco 3500XL<\/h2><\/span>\n<p><a id=\"COM_Terminal_Settings\" name=\"COM_Terminal_Settings\"><\/a><\/p>\n<span id=\"COM_Terminal_Settings\"><h3>COM Terminal Settings<\/h3><\/span>\n<p>Make sure your terminal program is running with the following characteristics.<\/p>\n<pre>9600 baud\r\nData bits set to 8\r\nNo parity\r\n1 stop bit\r\nNo parity\r\nFlow control off<\/pre>\n<p>Connect the console cable from the back of your computer to the console port on your switch.<\/p>\n<p><a id=\"Booting_the_switch\" name=\"Booting_the_switch\"><\/a><\/p>\n<span id=\"Booting_the_switch\"><h3>Booting the switch<\/h3><\/span>\n<ul>\n<li>Hold down the mode button located on the left side of the front panel, while reconnecting the power cable to the switch.<\/li>\n<li>Release the mode button after the LED above Port 1x goes out.<\/li>\n<\/ul>\n<p><a id=\"Resetting_Config\" name=\"Resetting_Config\"><\/a><\/p>\n<span id=\"Resetting_Config\"><h3>Resetting Config<\/h3><\/span>\n<ul>\n<li>Issue the flash_init command.<\/li>\n<\/ul>\n<pre>switch: flash_init\r\nInitializing Flash...\r\nflashfs[0]: 166 files, 2 directories\r\nflashfs[0]: 0 orphaned files, 0 orphaned directories\r\nflashfs[0]: Total bytes: 3612672\r\nflashfs[0]: Bytes used: 3136512\r\nflashfs[0]: Bytes available: 476160\r\nflashfs[0]: flashfs fsck took 5 seconds.\r\n...done Initializing Flash.\r\nBoot Sector Filesystem (bs:) installed, fsid: 3\r\nParameter Block Filesystem (pb:) installed, fsid: 4\r\nswitch:<\/pre>\n<ul>\n<li>Issue the load_helper command.<\/li>\n<\/ul>\n<pre>switch: load_helper\r\nswitch:<\/pre>\n<ul>\n<li>Issue the dir flash: command.<\/li>\n<\/ul>\n<pre>switch: dir flash:\r\nDirectory of flash:\/\r\n\r\n2    -rwx  1751538   &lt;date&gt;               c3500XL-c3h2s-mz.120-5.4.WC.1.bin\r\n3    -rwx  94375     &lt;date&gt;               c3500XL-diag-mz-120-5.3.WC.1\r\n4    drwx  10176     &lt;date&gt;               html\r\n5    -rwx  272       &lt;date&gt;               env_vars\r\n6    -rwx  111       &lt;date&gt;               info\r\n167  -rwx  840       &lt;date&gt;               vlan.dat\r\n166  -rwx  111       &lt;date&gt;               info.ver\r\n168  -rwx  2268      &lt;date&gt;               config.text\r\n\r\n476160 bytes available (3136512 bytes used)\r\nswitch:<\/pre>\n<ul>\n<li>Type rename flash:config.text flash:config.old to rename the configuration file.<\/li>\n<\/ul>\n<pre>switch: rename flash:config.text flash:config.old\r\nswitch:<\/pre>\n<ul>\n<li>Issue the boot command to boot the system.<\/li>\n<\/ul>\n<pre>switch: boot<\/pre>\n<ul>\n<li>Say Yes to the System Configuration Dialog<\/li>\n<\/ul>\n<pre>         --- System Configuration Dialog ---\r\n\r\nAt any point you may enter a question mark '?' for help.\r\nUse ctrl-c to abort configuration dialog at any prompt.\r\nDefault settings are in square brackets '[]'.\r\n\r\nContinue with configuration dialog? [yes\/no]: y<\/pre>\n<p><a id=\"Initial_Configuration\" name=\"Initial_Configuration\"><\/a><\/p>\n<span id=\"Initial_Configuration\"><h3>Initial Configuration<\/h3><\/span>\n<pre>!\r\nversion 12.0\r\nno service pad\r\nservice timestamps debug uptime\r\nservice timestamps log uptime\r\nno service password-encryption\r\n!\r\nhostname cisco3500XL\r\n!\r\nenable secret 5 $1$VkuM$uHaZZqZdfbhRXYEInBDmLd1\r\n!\r\n!\r\n!\r\n!\r\n!\r\n!\r\nip subnet-zero\r\n!\r\n!\r\n!\r\ninterface FastEthernet0\/1\r\n!\r\ninterface FastEthernet0\/2\r\n!\r\ninterface FastEthernet0\/3\r\n!\r\ninterface FastEthernet0\/4\r\n!\r\ninterface FastEthernet0\/5\r\n!\r\ninterface FastEthernet0\/6\r\n!\r\ninterface FastEthernet0\/7\r\n!\r\ninterface FastEthernet0\/8\r\n!\r\ninterface FastEthernet0\/9\r\n!\r\ninterface FastEthernet0\/10\r\n!\r\ninterface FastEthernet0\/11\r\n!\r\ninterface FastEthernet0\/12\r\n!\r\ninterface FastEthernet0\/13\r\n!\r\ninterface FastEthernet0\/14\r\n!\r\ninterface FastEthernet0\/15\r\n!\r\ninterface FastEthernet0\/16\r\n!\r\ninterface FastEthernet0\/17\r\n!\r\ninterface FastEthernet0\/18\r\n!\r\ninterface FastEthernet0\/19\r\n!\r\ninterface FastEthernet0\/20\r\n!\r\ninterface FastEthernet0\/21\r\n!\r\ninterface FastEthernet0\/22\r\n!\r\ninterface FastEthernet0\/23\r\n!\r\ninterface FastEthernet0\/24\r\n!\r\ninterface GigabitEthernet0\/1\r\n!\r\ninterface GigabitEthernet0\/2\r\n!\r\ninterface VLAN1\r\n ip address 10.150.0.152 255.255.255.0\r\n no ip directed-broadcast\r\n no ip route-cache\r\n!\r\nip default-gateway 10.150.0.253\r\nsnmp-server engineID local 0000000902000007500D2D00\r\nsnmp-server community private RW\r\nsnmp-server community public RO\r\n!\r\nline con 0\r\n transport input none\r\n stopbits 1\r\nline vty 0 4\r\n password XXXXXXXX\r\n login\r\nline vty 5 15\r\n password XXXXXXXX\r\n login\r\n!\r\nend<\/pre>\n<p><a id=\"Links\" name=\"Links\"><\/a><\/p>\n<span id=\"Links\"><h2>Links<\/h2><\/span>\n<p><a title=\"http:\/\/www.cisco.com\/en\/US\/products\/hw\/switches\/ps628\/products_password_recovery09186a0080094184.shtml\" href=\"http:\/\/www.cisco.com\/en\/US\/products\/hw\/switches\/ps628\/products_password_recovery09186a0080094184.shtml\" rel=\"nofollow\">Password Recovery Procedure for the Catalyst Layer 2 Fixed Configuration and 3550 Series Switches<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Contents 1 Cisco Router 1.1 Password Recovery Cisco Router 1.1.1 Cisco 160x Series 1.1.2 Cisco 250x Series 1.2 The Recovery-Procedure 2 Cisco Switches 2.1 Password Recovery Cisco 3500XL 2.1.1 COM Terminal Settings 2.1.2 Booting the switch 2.1.3 Resetting Config 2.1.4 &hellip; <a href=\"https:\/\/thebc.ch\/blog\/?p=205\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-205","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=205"}],"version-history":[{"count":5,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/205\/revisions"}],"predecessor-version":[{"id":2735,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/205\/revisions\/2735"}],"wp:attachment":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}