background image
Managing IOS Images 53
A few nuances need further explanation. First, the confreg rommon command prompts you
with questions that correspond to the functions of the bits in the configuration register. When
the prompt asks, "Ignore system config info[y/n]?", it is asking you about bit 6. Entering yes
sets the bit to 1. The rest of the questions can be defaulted. The last confreg question asks,
"Change boot characteristics[y/n]?", which asks whether you want to change the boot field of
the config register. You don't really need to change it, but the published password recovery
algorithm lists that step, which is the only reason that it is mentioned here. Just changing bit 6
to 1 is enough to get the router booted and you into privileged mode to find or change the
passwords.
The original configuration is lost through this process, but you can overcome that. When you
save the configuration in Step 10, you are overwriting the config in NVRAM. There was no
configuration in the running config except default and the few things you configured. So, before
Step 8, you might want to perform a copy startup-config running-config command and then
proceed with the process.
6
Enter privileged mode at
console.
Press Enter and use enable
command (no password
required).
Same as other routers.
7
View startup config to see
unencrypted passwords.
Use exec command show
startup-config.
Same as other routers.
8
Use appropriate config
commands to reset
encrypted commands.
For example, use enable
secret xyz123 command to
set enable secret password.
Same as other routers.
9
Change config register back
to original value.
Use config command
Config-reg 0x2102.
Same as other routers.
10
Reload the router after
saving the configuration.
Use the copy running-
config startup-config and
reload commands.
Same as other routers.
Table 2-7
Password Recovery (Continued)
Step
Function
How to Do This for 1600,
2600, 3600, 4500, 7200,
7500
How to Do This for 2000,
2500, 3000, 4000, 7000
ch02.fm Page 53 Monday, March 20, 2000 4:57 PM