Password Recovery principle of the Cisco router-the Cisco router stores several different configuration parameters and stores them in different memory modules. The introduction is as follows: ---- · internal memory type ---- Cisco2500 series routers have five types of memory: ROM, flash memory, immutable RAM, and shared memory. Function: www.2cto.com memory class function: the boot program flash memory of the ROM storage system stores the image NVRAM of Cisco IOS and stores the configuration file (startup-config) RAM stores the current system configuration package, shared memory, Inbound and Outbound Package Buffer ---- configuration files and related storage memory ---- operating environment (PA3), and the corresponding configuration registration code, the normal start of the router, the following procedures should be guided in sequence: ---- the key to password recovery is to modify the configuration registration code, so that the router can call different parameter tables from different memory to start. Valid passwords are stored in NVRAM. Therefore, you need to modify the registration code so that the router can skip the configuration table in NVRAM and directly enter the ROM mode, modify the valid password and terminal password, or reset the valid Password (because the valid password is garbled and cannot be restored, you can only rewrite it ), then, the registration code is restored. Www.2cto.com all CISCO routers in the vro startup process have a 16-bit register, which is stored in NVRAM. The router determines from which IOS is loaded Based on the set value in the register. This register is not saved in the startup configuration file startup-config, so you cannot see this value using the show startup command. Use show version to view the value. The default value is 0x2102, indicating loading IOS1 from FLASH, configuring POST program power-on self-check during vro startup l running the boot routine from ROM, and reading IOS based on the register value, by default, it is loaded from FLASH (loading priority: FLASH, TFTP, ROM) l read configuration files in NVRAM (loading priority: NVRAM, TFTP) l if no valid configuration file exists in NVRAM, the system prompts whether the SETUP mode is enabled. 2. The following table describes the specific meaning of each register during the custom router startup process. It is in hexadecimal notation and 0X cannot be omitted. BitHex meaning 0-30x0000-0x000f start zone 60x0040 ignore content in NVRAM 70x0080OEM position 80x0100 do not allow break Key interrupt start 11-120x0800-0x1800 console line rate (CISCO and Huawei are both 9600 Bit Rate, other settings are not certain) 130x2000 if network startup fails, start 150x8000 from ROM to allow diagnostic information, ignore the content in NVRAM in 0x2100 monitoring mode, prompt: rommon> 0x2101 load mode from ROM, prompt: router (boot)> 0x2142 ignore NVRAM 0x2102 boot from FLASH (default) to ensure network security, it is necessary to set a vro password, but if the vro password is forgotten, it is a huge loss for administrators. After research and practice, we have found a method to restore the password of a Cisco router. This method is applicable to Cisco routers of series 1500, 1600, 1700, 2500, 2600, And 3600, next, I will take the 2621 router as an example. There is a Configuration registration code in the Cisco router, that is, Configuration register value. After using the show version command, you can see its value in the last line. It consists of four hexadecimal numbers, for example, 0x2102 is represented in binary format as, and. the last four digits are called Boot field. The router determines from which IOS system is activated based on the Boot field value, the specific provisions are as follows: its tenth (underlined) is generally "0", if it is "1" (0x2142) this means that the vro enters the Startup mode by bypassing the configuration file during activation, and then directly enters the privileged configuration mode without a password prompt, therefore, you can restore the password by modifying the value of the sixth digit. First, prepare a computer with the Windows 9x/2000/xp operating system, connect the comport of the PC and the console port of the router using the console line of the router, and then enter the PC, go to "Start> program> attachment> communication> Super Terminal", create a new connection, use the COM serial port, and set the port: BPS per second, 8 bits, no parity check, Stop bits 1, no data flow control. Turn on the vro power, and enter the Enter key to display the vro activation information. Then, you need to modify the Configuration register value of the activation router ). Press CTRL + BREAK in the first 60 seconds after the router is activated. Then, the router activation is terminated and enters ROMMON mode, that is, ROMMON 1>. Enter the following command: rommon 1> confreg 0x2142 (for 1600 and 2600 series routers) Rommon 2> reset (reactivate the router) www.2cto.com Note: The confreg command can modify system configuration information. Such as connection bit value and stop bit. For vrouters of the 1500 and 2500 series, enter the "o/r 0x2142" command. The "4" in 0x2142 is 0100 in binary format, set the 10th-bit configuration of the registration code to "1", that is, 01. This allows the router to bypass the configuration file and enter the Startup mode when activating the router. After the vro is activated, it enters the Startup mode. The system configuration dialog is displayed, prompting whether to enter the initial configuration. Enter "N" without configuration. Then, in the User mode) enter the enable command to directly enter the Privileged mode. At this time, no password is prompted. Then, enter the vro's privileged configuration mode. You can use the # show running-config command to find that there is no configuration. You can use the # show startup-config command to view the original configuration parameters, use the following command to restore the original configuration parameters: router #> config mem or copy startup-config running-config load the original configuration file to the memory to go to router #> enable secret 123 changed to the new password router (config) #> config-register 0x2102 (configuration code can be restored here) router #> copy running-config startup-config Save the configuration to the original configuration file and enter the rommom1 mode, modify the start value to 0x2102.