First you will need a serial console connection to the router (To my knowledge there is no way to do this via telnet or ssh)

Step 1:

You will need to power off the router and power it back on. Immediately after powering the router on you will need to hit the CTRL + BREAK keys on the keyboard until you get into the ROMMON mode. You should now see the “rommon 1>” prompt.

Step 2:

In this step we are going to change the configuration register value. The default value is 0×2102, but we are going to change it to 0×2142. The 0×2142 register tells the router to ignore the startup-configuration. We do this with the following command:

rommon 1> confreg 0×2142

Now we need to reboot the router:

rommon 2> reset

After rebooting the router will boot with the initial configuration prompt type “no” to go on into the router command line.

Step 3:

Type “enable” at the command prompt to get into privileged mode. You should then see the “Router#” prompt.

Step 4:

We now need to load the startup-configuration into the running-configuration with the following command:

Router# copy startup-config running-config

Step 5:

Here we are going to go into the configuration mode and do the actual password change.

Router# configure terminal

Router(config)# enable secret yournewpassword

NOTE: At this point you can also change other passwords for telnet/ssh access, etc.

Step 6:

Lastly we need to put our configuration register back to the default value of 0×2102, save the configuration, and reboot the router.

Router(config)# config-register 0×2102

Router(config)# exit

Router# write mem

Router# reload

There you go! You now have full access to the router with a new password and the original working configuration.

Here is a list of their currently available lab hardware:

Block A
• 1x Cisco 2811 (with 2x WIC-2T)
• 2x Cisco 1841 (with 1x WIC-2T)
• 1x Cisco Catalyst 3560-24
• 1x Cisco Catalyst 3550-24 (with Inline Power)
• 1x Cisco ASA 5505

Block B
• 1x Cisco 2811 (with 2x WIC-2T)
• 2x Cisco 1841 (with 1x WIC-2T)
• 1x Cisco Catalyst 3560G-24 (with IEEE 802.3af PoE)
• 1x Cisco Catalyst 3550-24
• 1x Cisco ASA 5505
• 1x Cisco Aironet 1232AG

Block C
• 1x Force10 S25N

In this example we are going to be configuring the “ip helper” command on interface FastEthernet0/1. Our IP for the interface will be 10.10.20.1/24 and the IP of our DHCP server will be 10.10.10.5/24.

After you have accessed the command line of the router the first thing you will need to do is get into configuration mode by issuing the following command:

conf t

The DHCP server and relay agent should be enabled by default, however if for some reason they are not already enabled they can be enabled by issuing the following command:

service dhcp

Next we will want to enable the DHCP relay agent information option:

ip dhcp relay information option

Now we need to configure the actual interface via the following commands:

interface fastethernet0/1
ip address 10.10.20.1 255.255.255.0
ip helper-address 10.10.10.5
no shut

We now have a working DHCP relay pointing to our Windows DHCP Server for clients that connect to interface FastEthernet0/1. There are tons more ways to utilize and configure this functionality. For example you could assign “ip helper” to sub-interfaces for vlans. We will dive into the more advanced functionality in later articles, but for now this gives you the basic principal of the commands for configuring DHCP relay.

“The issue has to do with Cisco’s Aironet 1200 Series Access Point, which is used to power centrally managed wireless LANs. The Aironet 1200 can be set to a WPA (Wi-Fi Protected Access) migration mode, in which it provides wireless access for devices that use either the insecure WEP (Wired Equivalent Privacy) protocol or the more secure WPA standard.

This gives companies a way to gradually move from WEP to WPA without immediately buying all-new, WPA-capable equipment. But while auditing the network of a customer who used the product, Core researchers discovered that even networks that had stopped using WEP devices could still be vulnerable, so long as the Aironet’s migration mode was enabled.

Researchers were able to force the access point to issue WEP broadcast packets, which they then used to crack the encryption key and gain access to the network.”

Anyone that is using this series of access points from Cisco might want to check and make sure that migration mode is not enabled unless absolutely necessary.

[networkworld]