This article describes the Cisco password reset procedure for routers and switches in simple steps. This process can be applied to both the local login and the enable mode passwords.
Houston, we have a (password) problem
I’m pretty sure we’ve all been there, we’ve taken our time perfecting our Cisco router or switch configuration before tossing the password post-it to one side for the office dog to chew on.
Time passes, we’ve moved on and the first issue hits. We need to log in locally. Heroically we don our superhero cape to rescue the situation, and…ah crap! What was that password again? The cape comes off and the dunce’s hat goes on.
Luckily, we still have password reset to save the day!
Let’s get physical
First, we need physical access to the Cisco router or switch to connect ourselves to the console port, and a suitable time that we won’t be impacting users – as we need to reboot the device.
- Establish a console connection (I use “Putty”) to the device.
- Reboot the device.
- Within the first 30 seconds use the break command (right-click the putty topbar) choose “Special Commands” then “Break”.
- This will leave you at the rommon prompt.
Some devices such as the Cisco 3750X, require the “mode” button on the device front panel to be held while powering up to get into rommon mode. Consult the device configuration guide if you are unsure.
The Rommon empire
It has other purposes too, but in this instance rommon mode allows us to amend the “configuration register” value – even though we cannot login to change this in the running-config.
More information on the configuration register and the multitude of options that it can be set to can be found on Cisco’s configuration register page.
- Enter the command confreg 0x2142 at the rommon prompt.
- Then type reset, and the router will reboot.
Aha, the old switcheroo!
The device has now ignored your previous configuration. Were almost there, take care and read the below warning, it’s not too scary as long as you follow the steps.
WARNING: At this stage more than ever it’s important that the steps are followed exactly, so you don’t accidentally save over your previous configuration and have to reconfigure the entire router or switch from scratch.
If you think you may have a backup of your device kicking about, now may be a good time to verify this!
- Copy the “startup-config” to the “running-config” with the copy start run command. Accept the default destination filename.
Step 7 has resurrected your old configuration, so you are now able to change the login details that were causing you an issue.
- Make the required change. Add a new username, change the old password, change enable password etc.
- The above processes may have left some of your interfaces in a shutdown state. Bring up all of the required interfaces using the no shut command on each interface.
- Change the configuration register back to normal. In the vast majority of cases this should be 0x2102. Enter the command config-register 0x2102
- Save the configuration using (my personal favourite) write mem or alternatively copy run start.
- Reboot the device and login with the new credentials that you have set.
You can now breath a sigh of relief safe in the knowledge that your password has been reset and you can now begin to troubleshoot that darn issue that you needed to login to fix in the first place!
I hope that this article has helped you out of what could have been a very sticky situation, and your Cisco password reset has been successful.
Perhaps you’ve also been persuaded that implementing a password management tool may help you and your team-mates out in future, or if nothing else, that the office dog needs a stern reprimand and a bit more training.