Cisco devices Password Recovery Part-II

Cisco CatOS 2900, 5000, 6000 Switches 
1.Establish console session and that is 9600b, 8d, 0p, 1s, no flow control.
2. Power cycle. Within first 30 seconds press Enter for user password, get into enable mode, and also press Enter for enable password.
3. Change the passwords as usual using set pass and set enable pass.
4. Since these devices write their config automatically you should only need to test your passwords.

Fig 1.1- Cisco Device Password Recovery

Cisco 2000, 2500, 3000, 4000, 7000
1.Establish console session and that is 9600b, 8d, 0p, 1s, no flow control.
2. Power cycle and press Break key* within first 60 seconds.
3. Observe and record config-register. Normally 0x2102.
4. Change config-register to ignore startup-config (NVRAM).>o/r 0x2142; Then initialize with >i
5. Press Ctrl+C to break out of setup mode.
6. From enable mode, type copy start run but do not exit. (Old command is config mem.)
7. Restore the config-register and bring up all interfaces.

• r1(config)#config-reg 0x2102
• r1(config)#int s0
• r1(config-if)#no shut

8. Record or change the passwords.

• RouteXP_R1#sh run (or sh config)
• RouteXP_R1#config t
• RouteXP_R1(config)#enable pass  donna
• RouteXP_R1(config)#enable secretharrington
• RouteXP_R1(config)#line vty 0 4
• RouteXP_R1(config-line)#pass  donna
• RouteXP_R1(config-line)#end

9. Save the configuration and reload.

• RouteXP_R1#copy run start (or wr mem)
• RouteXP_R1#reload
• RouteXP_R1#sh version

Cisco 1600, 1700, 2600, 3600, 4500, 4700, 5500, 6000, 7500

1.Establish console session and that is 9600b, 8d, 0p, 1s, no flow control.

2. Power cycle and press Break key* within first 60 seconds.

3. Observe and record config-register. Normally 0x2102. rommon1>confreg

4. Change config register to ignore startup-config (NVRAM).

>confreg 0x2142
>reset
5. Press Ctrl+C to break out of setup mode.
6. From enable mode, type copy start run but do not exit. (Old command is config mem.)
7. Restore the config-register and bring up all interfaces.

• r1(config)#config-reg 0x2102
• r1(config)#int s0
• r1(config-if)#no shut

8. Record or change the passwords.

• RouteXP_R1#sh run (or sh config)
• RouteXP_R1#config t
• RouteXP_R1(config)#enable pass  donna
• RouteXP_R1(config)#enable secretharrington
• RouteXP_R1(config)#line vty 0 4
• RouteXP_R1(config-line)#pass  donna
• RouteXP_R1(config-line)#end

9. Save the configuration and reload.

• RouteXP_R1#copy run start (or wr mem)
• RouteXP_R1#reload
• RouteXP_R1#sh version

Cisco 2900XL, 3500XL, 2950, 3550 Switches

1. Establish console session and that is 9600b, 8d, 0p, 1s, no flow control

(If you had previously enabled boot-enable break, the device would respond like a router and you could follow the procedures from there.)
2. Unplug the power cable from back of switch. Reconnect while you hold the front panel mode button. Release the mode button a couple seconds after the first port on the switch is no longer illuminated. You should see a message about the system being interrupted prior to the Flash memory file system initializing.
3. Type flash_init and then type load_helper. You can list the files in flash with dir flash:, and the default configuration is config.text.
4. Type more flash:config.text to view the passwords. If not encrypted, you are done. If encrypted, go to Step 5.

5. Rename the configuration file as follows: rename flash:config.text flash:config.old.

6. Boot the system with the boot command. Answer n for no to start setup. Go to enable mode by typing enable, but do not exit.

7. Rename the configuration file to its original name as follows: rename flash:config.old flash:config.text.

8. Copy the configuration file to memory with the config mem or copy flash:config.text system:running-config command. Accept config.text as the source and running-config as the destination filenames.

9. Change the passwords. enable password  routexp enable secret  networks baseline

10. Save your configurations as copy run start (or wr mem)