The following procedure is applicable for virtually any Cisco router, such as 800, 2600, 3600, 1800,2800,3800 etc.
Step1:
Connect to the router with a serial console cable and open your terminal emulation software (I personally use secureCRT). Use the normal terminal settings (9600 baud, no parity, 8 data bits, 1 stop bit, no flow control). After that, you should get the command prompt.
Step2:
Now you have to power OFF the router from the power switch. Get ready on your keyboard and turn the power switch to ON. Immediately press the CTRL+BREAK keys on your keyboard several times until the router goes into ROMMON mode. You will see the rommon 1> prompt on your terminal window.
Step3:
Now you need to change the configuration register of your router. This register is responsible to control several boot-up and hardware parameters on the device. The normal value of this register is 0×2102. We will need to change it to 0×2142. This new value tells the router to bypass the startup-configuration (where the password is stored) and boot with the factory default configuration (i.e no password request).
At the rommon prompt type the following:
rommon 1> confreg 0×2142
rommon 2> reset
The “reset” command will reboot the device.
Step4:
After the router reboots, it will ignore the startup configuration and will behave like the very first time that you switched on the device. It will therefore run the initial setup script. Type “no” at the setup request or press “Ctrl-C” to terminate the initial setup procedure.
Step5:
Now you will get the Router> prompt. Type “enable” to get into privilege mode.
Router> enable
Router#
Step6:
Now we need to load the “Startup-Config” into the “Running-Config”.
Router# copy startup-config running-config
IMPORTANT: DO NOT copy the running config into the startup config because now the running config is basically empty (factory default) so it will erase all of your startup config.
Step7:
Now we are ready to change our passwords. Change the enable password as below.
Router#config t
Router(config)# enable secret newpassword
Step8:
Another important step now is to change the configuration register back to its normal value which is 0×2102
Router(config)#config-register 0×2102
Step9:
Now save the configuration and reboot.
Router(config)#exit
Router# write
Router# reload
Step10:
After the router boots up, log on with your new password and enable all interfaces (using “no shutdown”) because during the recovery procedure the interfaces get shut down.
What we have done in the above 10 steps is that we bypassed the original configuration that has the forgotten password, and then we got to the privileged mode without the need to know the password. Then we loaded the original configuration into RAM (so we don’t loose it) and imposed a new password and saved things back to the NVRAM. And then we got back to the original boot sequence.
