2500 or 4000 series router password recovery.

Recovering A Lost Enable Secret Password (2500/4000)

If the enable secret password is lost, a new password must be set. To recover a lost enable secret for 2500 and 4000 series routers, follow the steps outlined below.

Before you begin - Connect A Console

A terminal must be directly attached to the console port of the router. To do this, use the supplied console cable and adapter. Console port settings are 9600 baud, 8N1, no flow control.

Take the following steps to connect a terminal (an ASCII terminal or a PC running terminal emulation software) to the console port on the router:

Step 1 Connect the terminal using the thin, flat, RJ-45-to-RJ-45 roll-over cable (looks like a telephone cable) and an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter (labeled "TERMINAL") included with the router.
Cable Pinouts

Step 2 Configure the terminal or PC terminal emulation software for 9600 baud, 8 data bits, no parity, and 2 stop bits.

Step 1	Connect the terminal using the thin, flat, RJ-45-to-RJ-45 roll-over cable (looks like a telephone cable) and an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter (labeled "TERMINAL") included with the router. Cable Pinouts
Step 2	Configure the terminal or PC terminal emulation software for 9600 baud, 8 data bits, no parity, and 2 stop bits.

Procedure

Step 1 Power cycle the router.

Step 2 Send a "break" command to the router within the first 60 seconds after power cycle. The break command will vary depending on the terminal emulation package used. For Windows Hyperterminal, the break command is sent by holding the <CTRL> key down and pressing the <BREAK> key. After sending a successful break character, the router will be in ROM monitor mode as indicated by the angle bracket (>) prompt.
Other possible break keys

Step 3 From the ROM monitor prompt, set the configuration register value to 0x142. This causes the router to bypass the configuration contents stored in NVRAM upon next bootup. To do this, type:

> o/r 0x142

Step 4 Once the configuration register has been changed, initialize and reboot the router by typing the following:

> i

The router will reboot itself.

Step 5 After the router boots up, you will be prompted if you want to enter the initial configuration dialog. Type "n" for no.

Note: If you accidentally enter the initial configuration dialog, abort by typing: <CTRL-C>.

Step 6 Enter privileged EXEC mode by typing the enable command. No password will be required. The prompt will change to Router(boot)#.

Router> enable
Router#

Step 7 Load the original configuration back into the router. There are two equivalent ways of doing this depending on the software version you are running.

Router# copy startup-config running-config
For IOS Releases 11.0 and above

OR

Router# config mem
For IOS Releases prior to 11.0

Note: If the router has originally been configured with a hostname, the prompt will now change to router_name#

Step 8 Set the new enable password.

Router# config term
Router(config)# enable secret <new_password>

Step 9 Restore the configuration register and exit configuration mode. The configuration register must be reset so the router will properly boot using the configuration now stored in NVRAM.

Router(config)# config-reg 0x2102
Router(config)# end

Step 10 Save changes

Router# copy running-config startup-config
For IOS Releases 11.0 and above

OR
Router# write memory
For IOS Releases prior to 11.0

Step 11 Reload the router

Router# reload

Step 1	Power cycle the router.
Step 2	Send a "break" command to the router within the first 60 seconds after power cycle. The break command will vary depending on the terminal emulation package used. For Windows Hyperterminal, the break command is sent by holding the <CTRL> key down and pressing the <BREAK> key. After sending a successful break character, the router will be in ROM monitor mode as indicated by the angle bracket (>) prompt. Other possible break keys
Step 3	From the ROM monitor prompt, set the configuration register value to 0x142. This causes the router to bypass the configuration contents stored in NVRAM upon next bootup. To do this, type: > o/r 0x142
Step 4	Once the configuration register has been changed, initialize and reboot the router by typing the following: > i The router will reboot itself.
Step 5	After the router boots up, you will be prompted if you want to enter the initial configuration dialog. Type "n" for no. Note: If you accidentally enter the initial configuration dialog, abort by typing: <CTRL-C>.
Step 6	Enter privileged EXEC mode by typing the enable command. No password will be required. The prompt will change to Router(boot)#. Router> enable Router#
Step 7	Load the original configuration back into the router. There are two equivalent ways of doing this depending on the software version you are running. Router# copy startup-config running-config For IOS Releases 11.0 and above OR Router# config mem For IOS Releases prior to 11.0 Note: If the router has originally been configured with a hostname, the prompt will now change to router_name#
Step 8	Set the new enable password. Router# config term Router(config)# enable secret <new_password>
Step 9	Restore the configuration register and exit configuration mode. The configuration register must be reset so the router will properly boot using the configuration now stored in NVRAM. Router(config)# config-reg 0x2102 Router(config)# end
Step 10	Save changes Router# copy running-config startup-config For IOS Releases 11.0 and above OR Router# write memory For IOS Releases prior to 11.0
Step 11	Reload the router Router# reload