In this Cisco CCNA tutorial, you’ll learn how to factory reset your router or switch and how to do a password recovery if you’ve lost the enable password. Scroll down for the video and also the text tutorial.
Cisco Factory Reset and Password Recovery
Moe Manns
I have studied several CCNA courses and I have to say that this one is on the top of these.
Factory Reset
To do a factory reset, we use the ‘write erase’ command at the enable prompt. That will erase the startup-config. Then, reload the device, and it will boot up with a blank configuration. There is no startup-config, therefore, the Setup Wizard will run.
For example, we have router R1. If I do a ‘show running-config’, you can see the hostname is R1. If I do a ‘show startup config’, the hostname is also R1 in the startup-config, so that has been saved. So what I’ll do here is I go to global configuration, and I’ll say ‘hostname R2’, and I’m not doing a ‘copy run start’ yet.
If I break back down to the enable prompt and do a ‘show run’, the hostname is R2. If I do a ‘show startup-config’, you’ll see I haven’t saved it yet. I didn’t do the ‘copy run start’ yet, so that’s still ‘hostname R1’ there. If I rebooted now, it would come back up with a startup-config. I would lose my unsaved changes, and it would still have the hostname R1.
What this is useful for is if you lose connectivity to a device that you’re working on remotely, you can’t get to it anymore. You need to recover it. You can ask some in the office to pull the power out and put the power back in. It’s not good because it does cause an outage. It’s pretty embarrassing, but it’s a way that you can get back on to that router or that switch again.
Now, if I wanted to factory reset this device, the command is ‘write erase’. It will then tell you that this is going to erase the NVRAM file system, which you know is where the startup-config is saved. If I now do a ‘show start’, it will tell me that my startup-config is not present. It was erased.
If I ‘reload’ now and confirm that, it will take a minute to do the reload, and when it comes back up, I can see it’s running the Setup Wizard because it’s got no configuration. That is how you do a factory reset on your router or your switch.
The Config Register
For password recovery, first, you need to know about the configuration register. It is used to change the way that the router boots from the default. You can use the ‘config-register’ command in global configuration mode, or if you’re at the ROMMON prompt to where the router or a switch hasn’t completed booting yet, you can use the ‘confreg’ command.
For example, we could use ‘config-register 0x2142’ for that setting at global config or ‘confreg 0x2142’ if we were at the ROMMON prompt.
There are several different configuration registers that you can use, probably the three most useful. The first is 0x2102, and it is the default. The device will boot normally when that is the setting. The next one is 0x2120, which will boot into ROMMON mode. Lastly, 0x2142 will ignore the contents of NVRAM while booting, so it will ignore the startup-config.
Now, there are other settings you can use, which will primarily change the baud rate, the rate at which you connect to the device. I can’t really think of any reason you would want to do that. So, these are the three that you would commonly use.
Router Password Recovery Procedure
If we’ve lost the enable prompt password, we need to do a password recovery. Maybe it’s a small company where we just had one administrator there before, and unfortunately, they got hit by a bus, or more happily, they’ve left the company, and they didn’t let anybody know what the enable password was before they left.
Or if you’re in a large company, you take a router or a switch out of a shelf, out of a cupboard somewhere, and you don’t know what the enabled secret is. So it is quite common that you will have to do this, not day-to-day, but every once in a while.
In a real-world environment, you will have to do a password recovery. The way you do it is, first off, Google for the instructions for this, because again, you’re not going to be doing it every day, and unlikely you’re going to remember how you do this off the top of your head. I’ve done it probably hundreds of times, and I still Google for the instructions whenever I need to do it.
Now, you don’t have the enable password, so you can’t get into the device. You need to reboot it. Then while it is rebooting, press the break sequence on the keyboard. That is commonly Ctrl + Break, but it depends on which software you’re using to connect to the console. Again, you can Google if it’s not Ctrl + Break.
Do that during the first minute that the device is powering on, and that will break you into the ROMMON prompt. You then enter the command’ confreg 0x2142’ at the ROMMON prompt, which says to ignore the startup-config on boot. You were not deleting the startup-config like when we did a factory reset.
The startup-config is still there, and the full configuration, everything that was configured on that device is there as well, like IP addresses, etc. Also, the enable secret is still there, which you don’t know, but the router will not use that startup-config when it boots up, so you don’t need to know what the enable secret is.
You then enter ‘reset’ at the ROMMON prompt to boot the device. The router will boot up with no configuration. Therefore, it will enter the Setup Wizard. You then type ‘no’ to bypass that and enter enable mode with the ‘enable’ command. You’re not going to be prompted for the enable secret because it’s not in the current running configuration, which is blank.
The next thing you need to do is copy the startup-config to the running-config. Do not forget that step. If you forget that step and you do everything else correctly, as it says here, you’re going to end up factory resetting that device, and you will lose the previous config.
If you’re doing a password recovery because the administrator left and you still need to have that configuration there, that would be a big mistake because you don’t forget to copy the startup-config to the running-config at that point. That will copy the entire previous configuration into the running-config, including the unknown enable secret. But you’re already in enable mode, so again, you don’t need to know what that enable secret was.
You then enter a new enable secret in global configuration mode to overwrite the old one, which will go into the current running-config. Then enter ‘config-register 0x2102’, so the router will boot normally on the next restart.
Again, don’t forget to do this either because if you do, every time you boot up, it will boot up with a blank config, and you’re going to think there’s something seriously wrong with that router. If you ever get that symptom where it looks like it’s been factory reset every time you boot up, it will be because the config register is set to 0x2102.
Lastly, we ‘copy run start’ to save the configuration, and you now are back to where you started, except you’re logged in, and you’ve got a new enable secret.
Switch Password Recovery Procedure
If you’re on a switch, then it can be a little bit different depending on what model you’re on. Also, some routers can be slightly different as well. So whatever kind of device is that you need to recover, it will be very similar to those instructions I just showed you there, but it might be slightly different. So again, Google to get the instructions and follow the instructions to do the password recovery.
Cisco Factory Reset and Password Recovery Configuration Example
This configuration example is taken from my free ‘Cisco CCNA Lab Guide’ which includes over 350 pages of lab exercises and full instructions to set up the lab for free on your laptop.
Click here to download your free Cisco CCNA Lab Guide.
Factory Reset
- View the running configuration on R1. Note that the hostname and interface have been configured
R1#sh run
Building configuration...
Current configuration : 696 bytes
!
hostname R1
!
interface GigabitEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
2. Factory reset R1 and reboot
R1#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
R1#reload
Proceed with reload? [confirm]
3. Watch the boot up process as the router boots
System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Readonly ROMMON initialized
IOS Image Load Test
___________________
Digitally Signed Release Software
Self decompressing the image :
#################################################################### [OK]
4. The router should boot into the Setup Wizard. Exit out of the wizard and then confirm the startup and running configurations are empty.
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: no
Router>enable
Router#show run
Building configuration...
hostname Router
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
Router#show start
startup-config is not present
5. Paste the configuration for R1 from the ‘15 Cisco Device Management Configs.zip’ file back into the configuration and save
Router#configure terminal
Router(config)#hostname R1
R1(config)#!
R1(config)#interface GigabitEthernet0/0
R1(config-if)# ip address 10.10.10.1 255.255.255.0
R1(config-if)# duplex auto
R1(config-if)# speed auto
R1(config-if)# no shutdown
R1(config-if)#!
R1(config-if)#line con 0
R1(config-line)# exec-timeout 30 0
R1(config-line)#end
R1#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Password Recovery
6. Set the enable secret ‘Flackbox1’ on R1
R1(config)#enable secret Flackbox1
7. Configure the router to boot into the rommon prompt on next reload, and reboot the router. (In a real world scenario you would enter the Break sequence on the keyboard when first powering up the router to access the rommon prompt)
R1(config)#config-register 0x2120
R1(config)#end
R1#copy run start
R1#reload
Proceed with reload? [confirm]
8. Configure the router to ignore the startup-config when booting up, and reload the router
rommon 1 > confreg 0x2142
rommon 2 > reset
9. The router should boot into the Setup Wizard. Exit out of the wizard
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: no
10. What do you expect to see if you view the running and startup configurations? Confirm this.
The running configuration should be empty because the router bypassed loading the startup config on boot up. The startup config should remain unchanged and all previous configuration should still be there.
Router#sh run
Building configuration...
hostname Router
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
Router#sh start
!
hostname R1
!
enable secret 5 $1$mERr$J2XZHMOgpVVXdLjC9lYtE1
!
interface GigabitEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
11. Copy the startup config to the running config. Do not miss this step or you will factory reset the router!
Router#copy start run
Destination filename [running-config]?
12. Remove the enable secret
Router(config)#no enable secret
13. Ensure the router will reboot normally on the next reload and you will be able to access the router
Router(config)#config-register 0x2102
Router(config)#end
Router#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
14. Reboot the router to confirm
Router#reload
Proceed with reload? [confirm]
R1>en
R1#sh run
Building configuration...
hostname R1
!
interface GigabitEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
Additional Resources
Password Recovery: https://community.cisco.com/t5/networking-documents/password-recovery/ta-p/3123097
Cisco IOS Router Password Recovery: https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/cisco-ios-router-password-recovery
Resetting Catalyst Switches to Factory Defaults: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24328-156.html
Libby Teofilo
Text by Libby Teofilo, Technical Writer at www.flackbox.com
With a mission to spread network awareness through writing, Libby consistently immerses herself into the unrelenting process of knowledge acquisition and dissemination. If not engrossed in technology, you might see her with a book in one hand and a coffee in the other.