What if we forget the login credentials of our Cisco routers or switches and we are not able to log in to make changes in configuration? To reset the Cisco router or switch is one of the quickest ways to resolve the issue. It will make a new and blank startup configuration file, and it will show you the setup wizard for a quick configuration of the router.
But what if we want to retain the existing configuration on the router? Another solution is to perform a password recovery on the router. We will discuss how to restore our Cisco routers and switches to the factory defaults and also how to implement password recovery on them.
Factory Reset on Cisco Router or Switch IOS
The following procedure is the steps when we are going to factory reset a Cisco router.
1. In the global configuration mode, create a hostname first on the router as we will use it for verification if the router is already reset into the factory settings.
Router(config)#hostname Router 1
2. Verify the configuration by using one of the following commands.
Router 1#sh running-config Building configuration... Current configuration: 526 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router 1 ! !
3. Save the configuration using the ‘copy running-config startup-config’ command.
Router 1#copy running-config startup-config Router 1#write
4. Resetting the Cisco router to factory default involves erasing the NVRAM.
Router 1#write erase Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]y[OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
5. Reload the Cisco router to complete resetting to the factory defaults, and the startup wizard or initial system configuration dialog will appear.
6. Verify if the Cisco router is reset to factory default by checking if “hostname Router 1” is disappeared and changed to default.
Router#sh running-config Building configuration... Current configuration: 584 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! !
Password Recovery on Cisco IOS
Before we proceed with password recovery, we will take a look first at the configuration register. We can use the ‘show version’ command to check the configuration register setting on our device. Configuration Register is a special 16 bits value that can be configured in Cisco routers. It is mainly used to determine how the router boots, to determine boot options, and to set console speed. The following are the most commonly used configuration register settings:
- config-register 0x2102 – boot normally (default configuration register setting)
- config-register 0x2120 – boot into ROM Monitor (ROMMON)
- config-register 0x2142 – ignore contents of NVRAM (startup-configuration)
The following procedure is the steps when we are going to recover the forgotten enable password or enable secret command configured in our Cisco router or switch.
1. Power ON the router.
2. Press the break sequence (ctrl-Break) while the router is initializing to break into ROMMON prompt.
3. Follow this command, confreg 0x2142, to ignore the startup-configuration and reset or reload the router.
rommon 1 > confreg 0x2142 rommon 2 > reset
4. After reboot, it will not ask you the secret password and will proceed to the setup wizard or initial system configuration dialog, as it booted up with a blank configuration.
5. The startup-configuration is still there with the full configuration, including the unknown enable secret, but the router does not use it when it boots. Enter a new enable secret in global configuration mode to overwrite the old one. This will go into the running-config.
Router(config)#enable secret cisco12345
6. In the global configuration mode, configure the configuration register back to default by entering the ‘config-register 0x2102’ router command, so the router will boot normally on the next restart.
7. Save the configuration. This will merge the new enable password into the existing startup-configuration.
Router#copy running-config startup-config
8. Reboot the router using the ‘reload’ command and see that the secret password is changed to the one we configured earlier.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: