Cisco Factory Reset and Password Recovery

In this Cisco CCNA tutorial, you’ll learn how to factory reset your router or switch and how to do a password recovery if you’ve lost the enable password. Scroll down for the video and also the text tutorial.

 

Cisco Factory Reset and Password Recovery

YouTube Video

Will Clifton

Will Clifton

This course “filled in the blanks” left by textbooks and other videos. Neil communicates concepts and real-world scenarios extremely well. I have found it to be a good match for my pacing and a valuable tool either on its own or in tandem with other study materials.

Will Clifton

 

Factory Reset

 

To do a factory reset, we use the ‘write erase’ command at the enable prompt. That will erase the startup-config. Then, reload the device, and it will boot up with a blank configuration. There is no startup-config, therefore, the Setup Wizard will run.

 

Cisco Factory Reset

 

For example, we have router R1. If I do a ‘show running-config’, you can see the hostname is R1. If I do a ‘show startup config’, the hostname is also R1 in the startup-config, so that has been saved. So what I’ll do here is I go to global configuration, and I’ll say ‘hostname R2’, and I’m not doing a ‘copy run start’ yet.

 

If I break back down to the enable prompt and do a ‘show run’, the hostname is R2. If I do a ‘show startup-config’, you’ll see I haven’t saved it yet. I didn’t do the ‘copy run start’ yet, so that’s still ‘hostname R1’ there. If I rebooted now, it would come back up with a startup-config. I would lose my unsaved changes, and it would still have the hostname R1.

 

What this is useful for is if you lose connectivity to a device that you’re working on remotely, you can’t get to it anymore. You need to recover it. You can ask some in the office to pull the power out and put the power back in. It’s not good because it does cause an outage. It’s pretty embarrassing, but it’s a way that you can get back on to that router or that switch again.

 

Now, if I wanted to factory reset this device, the command is ‘write erase’. It will then tell you that this is going to erase the NVRAM file system, which you know is where the startup-config is saved. If I now do a ‘show start’, it will tell me that my startup-config is not present. It was erased.

 

If I ‘reload’ now and confirm that, it will take a minute to do the reload, and when it comes back up, I can see it’s running the Setup Wizard because it’s got no configuration. That is how you do a factory reset on your router or your switch.

 

The Config Register

 

For password recovery, first, you need to know about the configuration register. It is used to change the way that the router boots from the default. You can use the ‘config-register’ command in global configuration mode, or if you’re at the ROMMON prompt to where the router or a switch hasn’t completed booting yet, you can use the ‘confreg’ command.

 

For example, we could use ‘config-register 0x2142’ for that setting at global config or ‘confreg 0x2142’ if we were at the ROMMON prompt.

 

The Config Register

 

There are several different configuration registers that you can use, probably the three most useful. The first is 0x2102, and it is the default. The device will boot normally when that is the setting. The next one is 0x2120, which will boot into ROMMON mode. Lastly, 0x2142 will ignore the contents of NVRAM while booting, so it will ignore the startup-config.

 

Now, there are other settings you can use, which will primarily change the baud rate, the rate at which you connect to the device. I can’t really think of any reason you would want to do that. So, these are the three that you would commonly use.

 

Router Password Recovery Procedure

 

If we’ve lost the enable prompt password, we need to do a password recovery. Maybe it’s a small company where we just had one administrator there before, and unfortunately, they got hit by a bus, or more happily, they’ve left the company, and they didn’t let anybody know what the enable password was before they left.

 

Or if you’re in a large company, you take a router or a switch out of a shelf, out of a cupboard somewhere, and you don’t know what the enabled secret is. So it is quite common that you will have to do this, not day-to-day, but every once in a while.

 

In a real-world environment, you will have to do a password recovery. The way you do it is, first off, Google for the instructions for this, because again, you’re not going to be doing it every day, and unlikely you’re going to remember how you do this off the top of your head. I’ve done it probably hundreds of times, and I still Google for the instructions whenever I need to do it.

 

Now, you don’t have the enable password, so you can’t get into the device. You need to reboot it. Then while it is rebooting, press the break sequence on the keyboard. That is commonly Ctrl + Break, but it depends on which software you’re using to connect to the console. Again, you can Google if it’s not Ctrl + Break.

 

Router Password Recovery Procedure

 

Do that during the first minute that the device is powering on, and that will break you into the ROMMON prompt. You then enter the command’ confreg 0x2142’ at the ROMMON prompt, which says to ignore the startup-config on boot. You were not deleting the startup-config like when we did a factory reset.

 

The startup-config is still there, and the full configuration, everything that was configured on that device is there as well, like IP addresses, etc. Also, the enable secret is still there, which you don’t know, but the router will not use that startup-config when it boots up, so you don’t need to know what the enable secret is.

 

You then enter ‘reset’ at the ROMMON prompt to boot the device. The router will boot up with no configuration. Therefore, it will enter the Setup Wizard. You then type ‘no’ to bypass that and enter enable mode with the ‘enable’ command. You’re not going to be prompted for the enable secret because it’s not in the current running configuration, which is blank.

 

The next thing you need to do is copy the startup-config to the running-config. Do not forget that step. If you forget that step and you do everything else correctly, as it says here, you’re going to end up factory resetting that device, and you will lose the previous config.

 

Router Password Recovery Procedure 1

 

If you’re doing a password recovery because the administrator left and you still need to have that configuration there, that would be a big mistake because you don’t forget to copy the startup-config to the running-config at that point. That will copy the entire previous configuration into the running-config, including the unknown enable secret. But you’re already in enable mode, so again, you don’t need to know what that enable secret was.

 

You then enter a new enable secret in global configuration mode to overwrite the old one, which will go into the current running-config. Then enter ‘config-register 0x2102’, so the router will boot normally on the next restart.

 

Again, don’t forget to do this either because if you do, every time you boot up, it will boot up with a blank config, and you’re going to think there’s something seriously wrong with that router. If you ever get that symptom where it looks like it’s been factory reset every time you boot up, it will be because the config register is set to 0x2102.

 

Lastly, we ‘copy run start’ to save the configuration, and you now are back to where you started, except you’re logged in, and you’ve got a new enable secret.

 

Switch Password Recovery Procedure

 

If you’re on a switch, then it can be a little bit different depending on what model you’re on. Also, some routers can be slightly different as well. So whatever kind of device is that you need to recover, it will be very similar to those instructions I just showed you there, but it might be slightly different. So again, Google to get the instructions and follow the instructions to do the password recovery.

 

Switch Password Recovery Procedure

 

Cisco Factory Reset and Password Recovery Configuration Example

 

This configuration example is taken from my free ‘Cisco CCNA Lab Guide’ which includes over 350 pages of lab exercises and full instructions to set up the lab for free on your laptop.

Click here to download your free Cisco CCNA Lab Guide.

 

YouTube Video

 

Cisco Factory Reset and Password Recovery Configuration Example

 

Factory Reset

 

  1. View the running configuration on R1. Note that the hostname and interface have been configured

R1#sh run

Building configuration...

Current configuration : 696 bytes

!

hostname R1

!

interface GigabitEthernet0/0

ip address 10.10.10.1 255.255.255.0

duplex auto

speed auto

 

2. Factory reset R1 and reboot

R1#write erase

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]

[OK]

Erase of nvram: complete

%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

R1#reload

Proceed with reload? [confirm]

 

3. Watch the boot up process as the router boots

System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)

Readonly ROMMON initialized

IOS Image Load Test

___________________

Digitally Signed Release Software

Self decompressing the image :

#################################################################### [OK]

 

4. The router should boot into the Setup Wizard. Exit out of the wizard and then confirm the startup and running configurations are empty.

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: no

Router>enable

Router#show run

Building configuration...

hostname Router

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

shutdown

Router#show start

startup-config is not present

 

5. Paste the configuration for R1 from the ‘15 Cisco Device Management Configs.zip’ file back into the configuration and save

Router#configure terminal

Router(config)#hostname R1

R1(config)#!

R1(config)#interface GigabitEthernet0/0

R1(config-if)# ip address 10.10.10.1 255.255.255.0

R1(config-if)# duplex auto

R1(config-if)# speed auto

R1(config-if)# no shutdown

R1(config-if)#!

R1(config-if)#line con 0

R1(config-line)# exec-timeout 30 0

R1(config-line)#end

R1#copy run start

Destination filename [startup-config]?

Building configuration...

[OK]

 

Password Recovery

 

6. Set the enable secret ‘Flackbox1’ on R1

R1(config)#enable secret Flackbox1

 

7. Configure the router to boot into the rommon prompt on next reload, and reboot the router. (In a real world scenario you would enter the Break sequence on the keyboard when first powering up the router to access the rommon prompt)

R1(config)#config-register 0x2120

R1(config)#end

R1#copy run start

R1#reload

Proceed with reload? [confirm]

 

8. Configure the router to ignore the startup-config when booting up, and reload the router

rommon 1 > confreg 0x2142

rommon 2 > reset

 

9. The router should boot into the Setup Wizard. Exit out of the wizard

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: no

 

10. What do you expect to see if you view the running and startup configurations? Confirm this.

The running configuration should be empty because the router bypassed loading the startup config on boot up. The startup config should remain unchanged and all previous configuration should still be there.

Router#sh run

Building configuration...

hostname Router

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

Router#sh start

!

hostname R1

!

enable secret 5 $1$mERr$J2XZHMOgpVVXdLjC9lYtE1

!

interface GigabitEthernet0/0

ip address 10.10.10.1 255.255.255.0

duplex auto

speed auto

 

11. Copy the startup config to the running config. Do not miss this step or you will factory reset the router!

Router#copy start run

Destination filename [running-config]?

 

12. Remove the enable secret

Router(config)#no enable secret

 

13. Ensure the router will reboot normally on the next reload and you will be able to access the router

Router(config)#config-register 0x2102

Router(config)#end

Router#copy run start

Destination filename [startup-config]?

Building configuration...

[OK]

 

14. Reboot the router to confirm

Router#reload

Proceed with reload? [confirm]

R1>en

R1#sh run

Building configuration...

hostname R1

!

interface GigabitEthernet0/0

ip address 10.10.10.1 255.255.255.0

duplex auto

speed auto

 

Additional Resources

 

Password Recovery: https://community.cisco.com/t5/networking-documents/password-recovery/ta-p/3123097

Cisco IOS Router Password Recovery: https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/cisco-ios-router-password-recovery

Resetting Catalyst Switches to Factory Defaults: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24328-156.html

 

Want to practice Cisco CCNA technologies on your laptop? Download my complete 350-page Cisco CCNA Lab Guide for free.

 

Click Here to get my Cisco CCNA Gold Bootcamp, the highest rated CCNA course online with a 4.8 star rating from over 20,000 public reviews.

Libby Teofilo

Text by Libby Teofilo, Technical Writer at www.flackbox.com

Libby’s passion for technology drives her to constantly learn and share her insights with others. When she’s not immersed in the world of tech, you’ll find her lost in a good book with a cup of coffee or out exploring nature on her next adventure—always curious, always inspired.