Recovering A Lost Enable Secret Password (1000/1600/3600/4500)
If the enable secret password is lost, a new password must be set. To recover a lost enable secret for 1000, 1600, 3600, and 4500 series routers, follow the steps outlined below.
A similar procedure is available for 2500 and 4000
Series Routers
Faxback Doc #580
Before you begin - Connect A Console
A terminal must be directly attached to the console port of the router. To do this, use the supplied console cable and adapter. Console port settings are 9600 baud, 8N1, no flow control.
Take the following steps to connect a terminal (an ASCII terminal or a PC running terminal emulation software) to the console port on the router:
Step 1 Connect the terminal using the thin, flat, RJ-45-to-RJ-45 roll-over cable (looks like a telephone cable) and an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter (labeled "TERMINAL") included with the router.
Cable PinoutsStep 2 Configure the terminal or PC terminal emulation software for 9600 baud, 8 data bits, no parity, and 2 stop bits.
Password Recovery Procedure
Step 1 Power cycle the router. Step 2 Send a "break" command to the router within the first 60 seconds after power cycle. The break command will vary depending on the terminal emulation package used. For Windows Hyperterminal, the break command is sent by holding the <CTRL> key down and pressing the <BREAK> key. After sending a successful break character, the router will be in ROM monitor mode as indicated by the angle bracket (>) prompt.
Other possible break keysStep 3 From the ROM monitor prompt, set the configuration register value to 0x142. This causes the router to bypass the configuration contents stored in NVRAM upon next bootup. To do this, type:
> confreg 0x142Step 4 Once the configuration register has been changed, initialize and reboot the router by typing the following:
> resetThe router will reboot itself.Step 5 After the router boots up, you will be prompted if you want to enter the initial configuration dialog. Type "n" for no.
Note: If you accidentally enter the initial configuration dialog, abort by typing: <CTRL-C>.
Step 6 Enter privileged EXEC mode by typing the enable command. No password will be required. The prompt will change to Router(boot)#.
Router> enable
Router#Step 7 Load the original configuration back into the router. There are two equivalent ways of doing this depending on the software version you are running.
Router# copy startup-config running-config
For IOS Releases 11.0 and aboveOR
Router# config mem
For IOS Releases prior to 11.0Note: If the router has originally been configured with a hostname, the prompt will now change to router_name#
Step 8 Set the new enable password.
Router# config term
Router(config)# enable secret <new_password>Step 9 Restore the configuration register and exit configuration mode. The configuration register must be reset so the router will properly boot using the configuration now stored in NVRAM.
Router(config)# config-reg 0x2102
Router(config)# endStep 10 Save changes
Router# copy running-config startup-config
For IOS Releases 11.0 and above
OR
Router# write memory
For IOS Releases prior to 11.0Step 11 Reload the router
Router# reload
All contents copyright © 1992--1999 Cisco Systems, Inc. Important Notices and Privacy Statement.