This appendix provides instructions for gaining access to a router's enable mode without
the enable password. This is a necessary procedure when you inherit a router and do not
know the enable or EXEC mode passwords or when you simply can't remember the
You must have physical access to the router to do this procedure. To prevent unauthorized
users from using password recovery to break into a router, you must secure physical access
to the router—keep it in a locked room or closet, for example. A malicious person with
physical access to your router can do more harm than simply changing a password.
NOTE The password recovery procedure does not help you learn the enable password. (It is
infeasible to learn the enable password if it is protected with the enable secret command,
which uses a one-way cryptographic hash algorithm). Rather, the password recovery
procedure gets you into enable mode without the password so you can override the old
password with a new one.
You can use either of two methods to recover a password on a Cisco router. Most router
models follow the steps outlined in "Recovering a Lost Password on Most Router Models"
in this appendix. Some older, legacy models follow the steps outlined in "Recovering a Lost
Password on Other Router Models." To determine the method you need to use, do the
following on your router:
1 Connect to the router's console port via a direct serial connection. Use 9600 baud,
8 data bits, no parity, and 2 stop bits. See Appendix E for more information.
2 Attempt a login to user EXEC mode. If you succeed, issue the show version
command and record the setting of the so-called conﬁguration register (conﬁg register
for short). The conﬁg register setting is listed last and highlighted in boldface in the
following sample output (if you cannot get to user EXEC mode, go on to the next
326 Appendix D: Password Recovery
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-IS-M), Version 12.0(3)T, RELEASE SOFTWARE
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 23-Feb-99 18:58 by ccai
Image text-base: 0x600088F0, data-base: 0x60AD6000
ROM: System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE
3640-1 uptime is 4 hours, 14 minutes
System restarted by reload
System image file is "flash:c3640-is-mz_120-3.T.bin"
cisco 3640 (R4700) processor (revision 0x00) with 28672K/4096K bytes of
Processor board ID 10382988
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
5 Serial network interface(s)
2 Voice FXO interface(s)
2 Voice FXS interface(s)
2 Voice E & M interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
— Consult your router's documentation or search the Cisco Web site with
keywords conﬁguration register for detailed information on the conﬁg register.
3 Power off the router and then power it back on. If your terminal is properly connected, you
should see a startup banner similar to the following (the numerical data in the banner
varies from router to router):
System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1998 by cisco Systems, Inc.
C3600 processor with 65536 Kbytes of main memory