How to Recover Cisco IOS Passwords When Locked Out of a Cisco Router or Switch

Before stepping through the Cisco IOS password reset procedure, it is important to understand the meaning of two IOS configuration register settings:

• When the configuration register is set to 0x2101 that instructs the router to boot into rom mon or rxBoot mode. This mode is used when upgrading or changing the IOS. The command to set this value is ‘config-register 0x2101.
• When the configuration register is set to 0x2142 that instructs the router to ignore the current startup configuration. This is used when resetting to factory default settings and also when changing the password (if the password is forgotten). The command to set this value is ‘config-register 0x2142’.

The procedure to recover Cisco IOS passwords starts by connecting a PC to the console port on the Cisco device. Then open a terminal program that is configured for 9600 baud, 8 bit, no parity and 1 stop bit and press the Enter key to get a command prompt. Then type Show Version and note the configuration register setting then power down the device and then power up the device and press the Break key on the keyboard to enter Rom Mon mode (you must do this within 60 seconds of powering on the device). Then in Rom Mon mode type confreg 0x2142 and press Enter (this will cause the device to bypass the startup configuration on next boot up).The type reset and press enter and the device will then reboot into startup configuration mode. Answer ‘no’ to each startup configuration question then after startup configuration type ‘enable’ and press Enter then type ‘copy start run’ to copy the startup configuration into memory. Then type ‘conf t’ and in configuration mode type ‘enable secret’ followed by a space and the new password you wish to set then press Enter. The type ‘int’ and the name of the interface for each interface that is used by the device and type ‘no shut’ while in interface configuration mode. Then exit interface configuration mode and in configuration mode type ‘config-register 0x2102’ and press Enter to change the startup mode so that is will boot from the startup-configuration and then press CTL-Z to exit configuration mode and type ‘write mem’ to save the running configuration to NVRAM and restart the device.