BenchAddix

Ever been in a situation where you are on-site at a client’s location and need to get access to their Cisco router only to discover they don’t know the password? I know I have and today we are going to look at the steps to bypass and reset a Cisco router password.

First you will need a serial console connection to the router (To my knowledge there is no way to do this via telnet or ssh)

Step 1:

You will need to power off the router and power it back on. Immediately after powering the router on you will need to hit the CTRL + BREAK keys on the keyboard until you get into the ROMMON mode. You should now see the “rommon 1>” prompt.

Step 2:

In this step we are going to change the configuration register value. The default value is 0×2102, but we are going to change it to 0×2142. The 0×2142 register tells the router to ignore the startup-configuration. We do this with the following command:

rommon 1> confreg 0×2142

Now we need to reboot the router:

rommon 2> reset

After rebooting the router will boot with the initial configuration prompt type “no” to go on into the router command line.

Step 3:

Type “enable” at the command prompt to get into privileged mode. You should then see the “Router#” prompt.

Step 4:

We now need to load the startup-configuration into the running-configuration with the following command:

Router# copy startup-config running-config

Step 5:

Here we are going to go into the configuration mode and do the actual password change.

Router# configure terminal

Router(config)# enable secret yournewpassword

NOTE: At this point you can also change other passwords for telnet/ssh access, etc.

Step 6:

Lastly we need to put our configuration register back to the default value of 0×2102, save the configuration, and reboot the router.

Router(config)# config-register 0×2102

Router(config)# exit

Router# write mem

Router# reload

There you go! You now have full access to the router with a new password and the original working configuration.

If you are on a tight budget and can’t afford to build your own Cisco lab then head over to PacketLife.net. They have a community Cisco lab that is free. All you have to do is register for a free account, schedule an open time slot, and get to playing. Whether your are studying for your CCNA or just want to do some pre-project simulation this site is very useful.

Here is a list of their currently available lab hardware:

Block A
• 1x Cisco 2811 (with 2x WIC-2T)
• 2x Cisco 1841 (with 1x WIC-2T)
• 1x Cisco Catalyst 3560-24
• 1x Cisco Catalyst 3550-24 (with Inline Power)
• 1x Cisco ASA 5505

Block B
• 1x Cisco 2811 (with 2x WIC-2T)
• 2x Cisco 1841 (with 1x WIC-2T)
• 1x Cisco Catalyst 3560G-24 (with IEEE 802.3af PoE)
• 1x Cisco Catalyst 3550-24
• 1x Cisco ASA 5505
• 1x Cisco Aironet 1232AG

Block C
• 1x Force10 S25N

There are times when you don’t want to use the routers built in DHCP server and want to use say a Windows Server to hand out your networks DHCP scopes. This guide is for basic DHCP relay configuration in Cisco IOS.

In this example we are going to be configuring the “ip helper” command on interface FastEthernet0/1. Our IP for the interface will be 10.10.20.1/24 and the IP of our DHCP server will be 10.10.10.5/24.

After you have accessed the command line of the router the first thing you will need to do is get into configuration mode by issuing the following command:

conf t

 

The DHCP server and relay agent should be enabled by default, however if for some reason they are not already enabled they can be enabled by issuing the following command:

service dhcp

 

Next we will want to enable the DHCP relay agent information option:

ip dhcp relay information option

 

Now we need to configure the actual interface via the following commands:

interface fastethernet0/1
ip address 10.10.20.1 255.255.255.0
ip helper-address 10.10.10.5
no shut

 

We now have a working DHCP relay pointing to our Windows DHCP Server for clients that connect to interface FastEthernet0/1. There are tons more ways to utilize and configure this functionality. For example you could assign “ip helper” to sub-interfaces for vlans. We will dive into the more advanced functionality in later articles, but for now this gives you the basic principal of the commands for configuring DHCP relay.

According to an article at networkworld researchers have found a potential security risk in Cisco’s Aironet 1200 Series Access Points if the devices are configured incorrectly. This is not an actual bug as it has more to do with user error.

Read more…