Solved

How to recover lost passwords in cisco router 1601 ?

Posted on 2004-03-26
10
3,662 Views
Last Modified: 2013-11-29
I have a cisco 1601 router that have a read only password and enable password that i dont know them because they were used by earlier employees before.
How can i change these passwords whethar i use a hyper terminal through the console or when i using the cisco fast step CD.
Thank's
0
Comment
Question by:aabuodeh
  • 5
  • 3
  • 2
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10686252
Full password recovery procedures for the Cisco 1600 series

http://www.cisco.com/warp/public/474/pswdrec_1600.pdf
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10686271
Attach a terminal or PC with terminal emulation to the console port of the router.

Use the following terminal settings:

9600 baud rate

No parity

8 data bits

1 stop bit

No flow control

If you still have access to the router, type show version and record the setting of the configuration register; it is usually 0x2102 or 0x102.

If you don't have access to the router (because of a lost login or TACACS password), you can safely consider that your configuration register is set to 0x2102.

Using the power switch, turn off the router and then turn it back on.

Press Break on the terminal keyboard within 60 seconds of the power-up to put the router into ROMMON.

Type confreg 0x2142 at the rommon 1> prompt to boot from Flash without loading the configuration.

Type reset at the rommon 2> prompt.

The router reboots but ignores its saved configuration.

Type no after each setup question or press Ctrl-C to skip the initial setup procedure.

Type enable at the Router> prompt.

You'll be in enable mode and see the Router# prompt.

Important: Type configure memory or copy startup-config running-config to copy the nonvolatile RAM (NVRAM) into memory.

Do not type configure terminal.

Type write terminal or show running-config.

The show running-config and write terminal commands show the configuration of the router. In this configuration you see under all the interfaces the shutdown command, which means all interfaces are currently shutdown. Also, you can see the passwords (enable password, enable secret, vty, console passwords, and so on) either in encrypted or unencrypted format. The unencrypted passwords can be re-used, the encrypted ones will have to be changed with a new one.

Type configure terminal and make the changes.

The prompt is now hostname(config)#.

Type enable secret <password> to change the enable secret password, for example.

Issue the no shutdown command on every interface that is used.

If you issue a show ip interface brief command, every interface that you want to use should be "up up".

Type config-register 0x2102, or the value you recorded in step 2.

Press Ctrl-z or end to leave the configuration mode.

The prompt is now hostname#.

Type write memory or copy running-config startup-config to commit the changes.

0
 

Author Comment

by:aabuodeh
ID: 10686581
No need to write down the instructions that appear in the pdf file, actually these informaion is not new and i saw them in the instrucion manual that came with the router.
But you know what is the problem? when i turn off the router then wait 5 sec's then make it on again then press BREAK sequence i have many modules loaded but at the end i dont have ROMMON prompt !!!!!! i just have R1> prompt and when i type  R1> confreg (anything) i have unrecognized error !!!
By the way: how can i overcome this problem:
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver
Here is a sample of what i have:


%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?                                                                  
R1>  
R1>  
R1>  
R1>show version              
Cisco Internetwork Operating System Software                                            
IOS (tm) 1600 Software (C1600-Y-M), Version 11.2(18)P,  RELEASE SOFTWARE (fc1)                                                                              
Copyright (c) 1986-1999 by cisco Systems, Inc.                                              
Compiled Mon 12-Apr-99 15:29 by ashah                                    
Image text-base: 0x02005000, data-base: 0x0232C82C                                                  

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)                                                              
ROM: 1600 Software (C1600-RBOOT-R), Version 12.0(3)T,  RELEASE SOFTWARE (fc1)                                                                            

R1 uptime is 1 minu                
System restarted by power-on                            
System image file is "c1600-y-mz.112-18.P", booted via flash                                                            

cisco 1601 (68360) processor (revision C) with 6144K/2048K bytes of memory.                                                                          
Processor board ID 15747798, with hardware revision 00000002                                                            
Bridging software.                  
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.                                                          
1 Ethernet/IEEE 802.3 interface(s)                                  
2  serial(sync/async) network interface(s)                                          
System/IO memory with parity disabled                                    
8192K bytes of DRAM onboard                          
System running from RAM                      
8K bytes of non-volatile configuration memor                                          
4096K bytes of processor board PCMCIA flash (Read/Write)                                                        

Configuration register is 0x2102                                

R1>  
R1>  
R1>  
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?                                                                  


System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)                                                          
Copyright (c) 1999 by cisco Systems, Inc.                                        
C1600 platform with 8192 Kbytes of main memory                                              

program load complete, entry point: 0x4020060, size: 0x165eac                                                            

%SYS-6-BOOT_MESSAGES: Messages above this line are from the boot loader.                                                                        
program load complete, entry point: 0x2005000, size: 0x18917c                                                            
Self decompressing the image : #################################################                                                                                
########## [OK]              

              Restricted Rights Legend                                      

Use, duplication, or disclosure by the Government is                                                    
subject to restrictions as set forth in subparagraph                                                    
(c) of the Commercial Computer Software - Restricted                                                    
Rights clause at FAR sec. 52.227-19 and subparagraph                                                    
(c) (1) (ii) of the Rights in Technical Data and Computer                                                        
Software clause at DFARS sec. 252.227-7013.                                          

           cisco Systems, Inc.                              
           170 West Tasman Drive                                
           San Jose, California 95134-1706                                          



Cisco Internetwork Operating System Software                                            
IOS (tm) 1600 Software (C1600-Y-M), Version 11.2(18)P,  RELEASE SOFTWARE (fc1)                                                                              
Copyright (c) 1986-1999 by cisco Systems, Inc.                                              
Compiled Mon 12-Apr-99 15:29 by ashah                                    
Image text-base: 0x02005000, data-base: 0x0232C82C                                                  

cisco 1601 (68360) processor (revision C) with 6144K/2048K bytes of memory.                                                                          
Processor board ID 15747798, with hardware revision 00000002                                                            
Bridging software.                  
X.25 software, Version 2.0, NET2, BFE and GOSIP complian                                                      
1 Ethernet/IEEE 802.3 interface(s)                                  
2  serial(sync/async) network interface(s)                                          
System/IO memory with parity disabled                                    
8192K bytes of DRAM onboard                          
System running from RAM                      
8K bytes of non-volatile configuration memory.                                              
4096K bytes of processor board PCMCIA flash (Read/Write)                                                        



Press RETURN to get started!                            


%LINK-3-UPDOWN: Interface Ethernet0, changed state to up                                                        
%LINK-3-UPDOWN: Interface Serial0, changed state to down                                                        
%LINK-3-UPDOWN: Interface Serial1, changed state to down                                                        
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carri                                          
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down                                                                                

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up                                                                              
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down                                                                              
%LINEPROTO-5-UPDOWN: Lin                        
R1>e protocol on Interface Serial1, changed state to down                                                        
%SYS-5-CONFIG_I: Configured from memory by console                                                  
%SYS-5-RESTART: System restarted --                                  
Cisco Internetwork Operating System Software                                            
IOS (tm) 1600 Software (C1600-Y-M), Version 11.2(18)P,  RELEAS                                                            
Copyright (c) 1986-1999 by cisco Systems, Inc.                                              
Compiled Mon 12-Apr-99 15:29 by ashah                                    
%LINK-5-CHANGED: Interface Serial1, changed state to administratively down                                                                          
R1>  
R1>  
R1>confreg          
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?                                                                  
Translating "confreg"...domain server (255.255.255.255)                                                      
% Unknown command or computer name, or unable to find computer address                                                                      
R1>  
R1>confreg 0x2142                
Translating "confreg"...domain server (255.255.255.255)                                                      
% Unknown command or computer name, or unable to find computer add                                                                
R1>  
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?            
R1>reset
Translating "reset"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
R1>
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
R1>confreg?
% Unrecognized command
R1>confregconfreg ?
% Unrecognized command
R1>
R1>rommon
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
Translating "rommon"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
R1>
R1>
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
0
 
LVL 1

Accepted Solution

by:
QST earned 250 total points
ID: 10686631
you are not "breaking" fast enough. The router is still loading.

Depending on the terminal you use, the break sequence might be different, check this:

http://www.cisco.com/warp/public/701/61.html

take note that you configurtion register is  0x2102, knowing this, try again to power cycle the router, and enter the break sequence before it boots. Once you find the right sequence and you are able to break the boot process you should have a prompt like: rmon>

follow instructions....

Hope this help.

0
 
LVL 1

Expert Comment

by:QST
ID: 10686647
aah. About the lost carrier on the ethernet, check the cable and the card itself, make sure is inserted. I had this problem with a bad quality switch/hub. The router didn't like it, kept doing this. I had to force the port into half duplex 10 Mb.

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:aabuodeh
ID: 10686868
Its work and its not !!!!!!
The sequence should be (ctrl+break) as its stated in the web page you send it to me, and i have rommon prompt and when i type confreg 0x2120 it gives me

You must reset or power cycle for new config to take effect                    

then i type reset, so i have this (also OK led is Blinking till now this means that didnt boot completely till now):

System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
C1600 platform with 8192 Kbytes of main memory

rommon 2>

and that's it  !!!
what can i do??? turn it off and on again and try break sequence again??
0
 
LVL 1

Expert Comment

by:QST
ID: 10687176
no...


now, follow instructions:

once in RMON mode, type this:

confreg 0x2142
reset

The router boots but this time ask you if you want to enter the initial configuration (it's blank, or at least, it believe it is)
press <ESC> and you should have a prompt like: ROUTER> (or HOSTNAME>)
type enable kit enter and go into privileged mode, noe your promt is: ROUTER#  (or HOSTNAME#)

enable secret <password> and set your own password

Every interface would be shut down at this point, so go into each interface you are using and enable it (no shutdown)

Type "config-register 0x2102

Press Ctrl-z or end to leave the configuration mode.

The prompt is now ROUTER#  (or HOSTNAME#)

Type write memory or copy running-config startup-config to save the changes.

once saved, reload (reboot) the router.



0
 
LVL 1

Expert Comment

by:QST
ID: 10687209

a quick note

Once in RMON mode,

type

confreg 0x2142
reset

at this point the router reloads, if it doesn't, power off, wait a few seconds and power back on.
0
 

Author Comment

by:aabuodeh
ID: 10687866
Yes i know!!
I just now want to send you a comment to tell you that the correct instruction is confreg 0x2142
You know everything is working and i change the hostname, enable password and secret password.
Thank you...
Ali
0
 
LVL 1

Expert Comment

by:QST
ID: 10688240
Ali..

my pleasure..I'm glad to help.

Fabio
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now