Cisco Factory Reset and Password Recovery

In this Cisco CCNA tutorial, you’ll learn how to factory reset your router or switch and how to do a password recovery if you’ve lost the enable password. Scroll down for the video and also the text tutorial.

 

Factory Reset

 

To do a factory reset, we use the ‘write erase’ command at the enable prompt. That will erase the startup-config. Then, reload the device, and it will boot up with a blank configuration. There is no startup-config, therefore, the Setup Wizard will run.

 

Cisco Factory Reset and Password Recovery

 

For example, we have router R1. If I do a ‘show running-config’, you can see the hostname is R1. If I do a ‘show startup config’, the hostname is also R1 in the startup-config, so that has been saved. So what I’ll do here is I go to global configuration, and I’ll say ‘hostname R2’, and I’m not doing a ‘copy run start’ yet.

 

If I break back down to the enable prompt and do a ‘show run’, the hostname is R2. If I do a ‘show startup-config’, you’ll see I haven’t saved it yet. I didn’t do the ‘copy run start’ yet, so that’s still ‘hostname R1’ there. If I rebooted now, it would come back up with a startup-config. I would lose my unsaved changes, and it would still have the hostname R1.

 

What this is useful for is if you lose connectivity to a device that you’re working on remotely, you can’t get to it anymore. You need to recover it. You can ask some in the office to pull the power out and put the power back in. It’s not good because it does cause an outage. It’s pretty embarrassing, but it’s a way that you can get back on to that router or that switch again.

 

Now, if I wanted to factory reset this device, the command is ‘write erase’. It will then tell you that this is going to erase the NVRAM file system, which you know is where the startup-config is saved. If I now do a ‘show start’, it will tell me that my startup-config is not present. It was erased.

 

If I ‘reload’ now and confirm that, it will take a minute to do the reload, and when it comes back up, I can see it’s running the Setup Wizard because it’s got no configuration. That is how you do a factory reset on your router or your switch.

 

The Config Register

 

For password recovery, first, you need to know about the configuration register. It is used to change the way that the router boots from the default. You can use the ‘config-register’ command in global configuration mode, or if you’re at the ROMMON prompt to where the router or a switch hasn’t completed booting yet, you can use the ‘confreg’ command.

 

For example, we could use ‘config-register 0x2142’ for that setting at global config or ‘confreg 0x2142’ if we were at the ROMMON prompt.

 

 

There are several different configuration registers that you can use, probably the three most useful. The first is 0x2102, and it is the default. The device will boot normally when that is the setting. The next one is 0x2120, which will boot into ROMMON mode. Lastly, 0x2142 will ignore the contents of NVRAM while booting, so it will ignore the startup-config.

 

Now, there are other settings you can use, which will primarily change the baud rate, the rate at which you connect to the device. I can’t really think of any reason you would want to do that. So, these are the three that you would commonly use.

 

Router Password Recovery Procedure

 

If we’ve lost the enable prompt password, we need to do a password recovery. Maybe it’s a small company where we just had one administrator there before, and unfortunately, they got hit by a bus, or more happily, they’ve left the company, and they didn’t let anybody know what the enable password was before they left.

 

Or if you’re in a large company, you take a router or a switch out of a shelf, out of a cupboard somewhere, and you don’t know what the enabled secret is. So it is quite common that you will have to do this, not day-to-day, but every once in a while.

 

In a real-world environment, you will have to do a password recovery. The way you do it is, first off, Google for the instructions for this, because again, you’re not going to be doing it every day, and unlikely you’re going to remember how you do this off the top of your head. I’ve done it probably hundreds of times, and I still Google for the instructions whenever I need to do it.

 

Now, you don’t have the enable password, so you can’t get into the device. You need to reboot it. Then while it is rebooting, press the break sequence on the keyboard. That is commonly Ctrl + Break, but it depends on which software you’re using to connect to the console. Again, you can Google if it’s not Ctrl + Break.

 

 

Do that during the first minute that the device is powering on, and that will break you into the ROMMON prompt. You then enter the command’ confreg 0x2142’ at the ROMMON prompt, which says to ignore the startup-config on boot. You were not deleting the startup-config like when we did a factory reset.

 

The startup-config is still there, and the full configuration, everything that was configured on that device is there as well, like IP addresses, etc. Also, the enable secret is still there, which you don’t know, but the router will not use that startup-config when it boots up, so you don’t need to know what the enable secret is.

 

You then enter ‘reset’ at the ROMMON prompt to boot the device. The router will boot up with no configuration. Therefore, it will enter the Setup Wizard. You then type ‘no’ to bypass that and enter enable mode with the ‘enable’ command. You’re not going to be prompted for the enable secret because it’s not in the current running configuration, which is blank.

 

The next thing you need to do is copy the startup-config to the running-config. Do not forget that step. If you forget that step and you do everything else correctly, as it says here, you’re going to end up factory resetting that device, and you will lose the previous config.

 

 

If you’re doing a password recovery because the administrator left and you still need to have that configuration there, that would be a big mistake because you don’t forget to copy the startup-config to the running-config at that point. That will copy the entire previous configuration into the running-config, including the unknown enable secret. But you’re already in enable mode, so again, you don’t need to know what that enable secret was.

 

You then enter a new enable secret in global configuration mode to overwrite the old one, which will go into the current running-config. Then enter ‘config-register 0x2102’, so the router will boot normally on the next restart.

 

Again, don’t forget to do this either because if you do, every time you boot up, it will boot up with a blank config, and you’re going to think there’s something seriously wrong with that router. If you ever get that symptom where it looks like it’s been factory reset every time you boot up, it will be because the config register is set to 0x2102.

 

Lastly, we ‘copy run start’ to save the configuration, and you now are back to where you started, except you’re logged in, and you’ve got a new enable secret.

 

Switch Password Recovery Procedure

 

If you’re on a switch, then it can be a little bit different depending on what model you’re on. Also, some routers can be slightly different as well. So whatever kind of device is that you need to recover, it will be very similar to those instructions I just showed you there, but it might be slightly different. So again, Google to get the instructions and follow the instructions to do the password recovery.

 

 

Additional Resources

 

Password Recovery: https://community.cisco.com/t5/networking-documents/password-recovery/ta-p/3123097

Cisco IOS Router Password Recovery: https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/cisco-ios-router-password-recovery

Resetting Catalyst Switches to Factory Defaults: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series-switches/24328-156.html

 

Want to practice Cisco CCNA technologies on your laptop? Download my complete 350-page Cisco CCNA Lab Guide for free.

 

Click Here to get my Cisco CCNA Gold Bootcamp, the highest rated CCNA course online with a 4.8 star rating from over 20,000 public reviews.

Libby Teofilo

Text by Libby Teofilo, Technical Writer at www.flackbox.com

With a mission to spread network awareness through writing, Libby consistently immerses herself into the unrelenting process of knowledge acquisition and dissemination. If not engrossed in technology, you might see her with a book in one hand and a coffee in the other.