Solved

Router Configuration -"No Password Set" on privelege exec mode

Posted on 2003-11-21
20
12,466 Views
Last Modified: 2011-08-18
I accidentally remove the enable password for the level 15 privelege on a cisco 2620 router. When i try to type the enable command on the HO> prompt, i get the message saying "No Password Set." Now i cant get into the HO#> privilege exec mode. How can i acces it again, what should i do? What are the step by step procedure on getting back into the exec mode.

HO>enable
%No Password Set
HO>


Thank you very much and God Bless.

Aldwin Shamar
0
Comment
Question by:shamari
20 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9795569
Hi shamari,
This document describes the procedure for recovering an enable password or enable secret passwords. These passwords are used to protect access to privileged EXEC and configuration modes. The enable password password can be recovered but the enable secret password is encrypted and can only be replaced with a new password using the procedure below.

To recover your password, follow the steps below:

Attach a terminal or PC with terminal emulation to the console port of the router.

Use the following terminal settings:

9600 baud rate

No parity

8 data bits

1 stop bit

No flow control

If you still have access to the router, type show version and record the setting of the configuration register; it is usually 0x2102 or 0x102.

Click here to see the output of a show version command.

If you don't have access to the router (because of a lost login or TACACS password), you can safely consider that your configuration register is set to 0x2102.

Using the power switch, turn off the router and then turn it back on.

Important: To simulate step 4 on a Cisco 6400, pull out and then replace the Node Route Processor (NRP) or Node Switch Processor (NSP) card.

Important: To simulate step 4 on a Cisco 6x00 using NI-2, pull out and then replace the NI-2 card.

Press Break on the terminal keyboard within 60 seconds of the power-up to put the router into ROMMON.

If the break sequence doesn't work, see Possible Key Combinations for Break Sequence During Password Recovery for other key combinations.

Type confreg 0x2142 at the rommon 1> prompt to boot from Flash without loading the configuration.

Type reset at the rommon 2> prompt.

The router reboots but ignores its saved configuration.

Type no after each setup question or press Ctrl-C to skip the initial setup procedure.

Type enable at the Router> prompt.

You'll be in enable mode and see the Router# prompt.

Important: Type configure memory or copy startup-config running-config to copy the nonvolatile RAM (NVRAM) into memory.

Do not type configure terminal.

Type write terminal or show running-config.

The show running-config and write terminal commands show the configuration of the router. In this configuration you see under all the interfaces the shutdown command, which means all interfaces are currently shutdown. Also, you can see the passwords (enable password, enable secret, vty, console passwords, and so on) either in encrypted or unencrypted format. The unencrypted passwords can be re-used, the encrypted ones will have to be changed with a new one.

Type configure terminal and make the changes.

The prompt is now hostname(config)#.

Type enable secret <password> to change the enable secret password, for example.

Issue the no shutdown command on every interface that is used.

If you issue a show ip interface brief command, every interface that you want to use should be "up up".

Type config-register 0x2102, or the value you recorded in step 2.

Press Ctrl-z or end to leave the configuration mode.

The prompt is now hostname#.

Type write memory or copy running-config startup-config to commit the changes.



Cheers!
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 9795573
0
 
LVL 7

Expert Comment

by:NicBrey
ID: 9795893
Hi Aldwin
Pete is showing you the correct way to do password recovery on the router.
I suggest that you use the enable secret password in place of the enable leverl 15 password because it is encrypted with a MD5 hash.

router(config)#enable secret <your password>

This works just like the enable password - just more secure.
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9853394
OK, if he has console access to the router then why would he need to go thru password recovery at this point?

Just connect to the router serially as described above and once you get to the HO> prompt type "enable" and hit return.

There you go... you are in the router.

Going around the world to get next door...geesh.
0
 

Expert Comment

by:asgarali
ID: 9918715
hi

t1n0m3n  guess u got to read the question again before making such comments coz what you are telling is totally corrrect but  only when thers no enable password set  here our friend shamari  is having a differrent issue
   i agree with pete i guess dats the only option left  just go via a console cable and  reset the router n then copy back the runing to startup   by usinng   #copy runn  start  n hit enter



stack
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9926011
asgarali:

I take it "thers no enable password set" and "I accidentally remove the enable password" are two different issues?

If there is no enable password....when you type enable it does not ask for a password....it just enables.
That is only on console.
The "no password set" error only happens when you try to telnet to the router.

Most cisco routers come from the factory with no enable password set.

So please enlighten me as to how I read this wrong.
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9926025
asgarali :

Or did you just read my answer wrong?


LOL
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9926054
Sorry correction:

The "no password set" error only happens when you try to telnet to the router.


should read

The "no password set" error only happens when you try to enable when you are connected to a vty terminal.
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9926158
asgarali:
I guess that it's probably moot however, because judging from his profile, chances are shamari will never reply and never award the question, and it will get cleaned up and 0 points awarded a year from now.

shamari:
Prove me wrong buddy!  I am counting on ya.  :)

BTW I did read the orginal question several times and I still fail to see what this "other issue" is.
Even the password recovery piece indicates that there is nothing weird about his config.  The password recovery is only replacing the enable password, which is not needed anyway when you are consoled into the router.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9926252
oh I think I see what you are talking about....  you are assuming that this guy has different enable secrets (or passwords) for several different privileges?

well, if that is the case, this guy didnt really specify that, and I assumed that "remove the enable password for the level 15 privelege" meant the normal "enable password <text>" since it, technically, defaults to being the level 15 privelege.

This guy's question is ambiguous at best.

Either way, it will probably never have the chance to be clarified.

Sorry for the many posts
Cheers
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9929947
>>This guy's question is ambiguous at best.

Possible and I agree its about time to close out the question, if he needs to recover the password there only one official way to do it, if he/she dosnt have console access then Im willing to bet the question is a little more suspect

Pete
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9930243
---if he needs to recover the password there only one official way to do it,

True, but in this case there is no password to recover.  If he only HAD one enable password (or secret) all he has to do is connect via console and type "enable" and hit return.
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9930266
---all he has to do is connect via console and type "enable" and hit return.

Sorry that wasn't entirely clear, I meant to say

---all he has to do is connect via console, gain non privileged mode (in this case HO>) and type "enable" and hit return.

since it is possible that the console is password protected.

0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9930384
Sorry one more thing :

---if he needs to recover the password there only one official way to do it

Officially password recovery is used when you have lost or forgotten the password that is currently on the device.
But from what I see on this the password was not "lost" is was "removed" and is no longer on the device, so the "official" reason for password recovery does not apply in this case.

Normally, I would not be typing this much, but asgarali's reply does have me curious.  What is this "different issue" that he stated shamari is having?  I have reread this entire post MANY times and I still cannot see that password recovery provides the most efficient way to recover access to this device in this case.  Hence the "Going around the world to get next door" comment.
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 9930475
And to be absolutely clear :
Petelong's answer using password recovery - It will work and it will take about 10 to 20 minutes to do
My answer - It will work and it will take about 5 seconds to do
0
 

Expert Comment

by:weiye
ID: 10502717
Actually, I just simulated the same problem. I think it has got something to do with plugging the console cable to the wrong port on the router. I accidentally plugged into AUX rather than CON, and issuing "enable" gave me the same error message "no password set".
0
 
LVL 3

Expert Comment

by:t1n0m3n
ID: 10532264
hehehe, I've done that before...  freaked me out until I moved the console cable back to to console port.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11145166
Hello this question has been open a while please take the time to come back and clean it up.

Closing Questions
http://www.experts-exchange.com/help.jsp#hs5


Best Wishes

Pete
www.petenetlive.com
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now