How To: Cisco 2500/1600 Router Password Recovery
This small tutorial will attempt to explain, in the easiest way possible, how to recover a password that has been lost, forgotten, or maliciously changed on a Cisco 2500 Series or 1600 Series Router.
Physical access to router
Connection from workstation to Router console interface (roll-over)
Terminal Emulation Software (Hyperterminal, the standard Microsoft release, does not work for this procedure. You must upgrade to Hyperterminal PE (free for personal use), which can be done via www.hilgraeve.com).
The first thing you will want to do, without reguard to the specific Series you are working with, will be to shut the router down, and then restart it.
This will cause the router, in effect, to 'reboot'. During the Boot Sequence, backup configuration information stored in the Routers NVRAM, is transferred to the Router's normal RAM for use. The transfer of this file from NVRAM to RAM may be interrupted by sending a break character sequence to the router while the file is loading. This may be done by pressing CTRL-BRK.
Next, you want to tell the Router to restart, and to disregaurd the NVRAM configuration for the next restart.
To do this on a 2500 Series Router, @ the > prompt, type [o/r 0x42] (don't type brackets). This changes the Routers configuration register. Now type [I] and press ENTER to reload the router. Type [N] @ the next prompt, and press ENTER to get the router> prompt. Now type the ENA (enable) command, and you should be in (priviledged mode).
To do this on a 1600 Series Router, @ the rommon 1> prompt type confreg and choose (Y) to change the configuration. Reply N to all questions now, except for the 'ignore system config info'(answer yes to that one). When asked again to change the configuration, reply [N] and then type [reset] to reload your Router. When prompted (after reload) to enter the original configuration, type [N] and press ENTER. Type the ENA (enable) command. You should now be in priviledged mode.
Now, you may run the [sh run] (show running-config) command, and view any passwords (that are not encrypted via the enable secret routine).
To change the passwords, use the [config t] command to enter the terminal configuration sub-mode(Global Config Mode). Now use the [enable secret *] command (replace * with your new password), press [CTRL-Z], and then check that your password has been replaced (via the [sh run] command).
If you happen to have a previous record of the configuration record, (not likely, however, if you don't even have the passwords), you may now change the configuration register back to it's setting then, using the [config t, config-register *] (replace * with register) command.
This information shows how easy it is to get into a Cisco router if physical access is aquired for any amount of time. It is very important, thus, that router's be very secure, both physical AND virtually.
Please feel free to respond to this with any other concerns, corrections, modifications, or additions that may be appropriate to the subject matter.