One of the most frustrating moments as a network administrator is when you desperately want to log on to a Cisco Kartook-R1-LAB and you try all possible passwords you have with no success. Fortunately there is a Cisco password recovery procedure for IOS Kartook-R1-LABs which you can follow and bypass password control in order to get access to the device. The bad thing is that this procedure will cause network downtime since you have to reboot the Kartook-R1-LAB a couple of times. Follow the steps below to recover (or change) the forgotten Kartook-R1-LAB password:
The following procedure is applicable for virtually any Cisco Kartook-R1-LAB, such as 800, 2600, 3600, 1800,2800,3800 etc.
Step1:
Connect to the Kartook-R1-LAB with a serial console cable and open your terminal emulation software (I personally use secureCRT). Use the normal terminal settings (9600 baud, no parity, 8 data bits, 1 stop bit, no flow control). After that, you should get the command prompt.
Step2:
Now you have to power OFF the Kartook-R1-LAB from the power switch. Get ready on your keyboard and turn the power switch to ON. Immediately press the CTRL+BREAK keys on your keyboard several times until the Kartook-R1-LAB goes into ROMMON mode. You will see the rommon 1> prompt on your terminal window.
Step3:
Now you need to change the configuration register of your Kartook-R1-LAB. This register is responsible to control several boot-up and hardware parameters on the device. The normal value of this register is 0×2102. We will need to change it to 0×2142. This new value tells the Kartook-R1-LAB to bypass the startup-configuration (where the password is stored) and boot with the factory default configuration (i.e no password request).
At the rommon prompt type the following:
rommon 1> confreg 0×2142
rommon 2> reset
The “reset” command will reboot the device.
Step4:
After the Kartook-R1-LAB reboots, it will ignore the startup configuration and will behave like the very first time that you switched on the device. It will therefore run the initial setup script. Type “no” at the setup request or press “Ctrl-C” to terminate the initial setup procedure.
Step5:
Now you will get the Kartook-R1-LAB> prompt. Type “enable” to get into privilege mode.
Kartook-R1-LAB> enable
Kartook-R1-LAB#
Step6:
Now we need to load the “Startup-Config” into the “Running-Config”.
Kartook-R1-LAB# copy startup-config running-config
IMPORTANT: DO NOT copy the running config into the startup config because now the running config is basically empty (factory default) so it will erase all of your startup config.
Step7:
Now we are ready to change our passwords. Change the enable password as below.
Kartook-R1-LAB#config t
Kartook-R1-LAB(config)# enable secret newpassword
Step8:
Another important step now is to change the configuration register back to its normal value which is 0×2102
Kartook-R1-LAB(config)#config-register 0×2102
Step9:
Now save the configuration and reboot.
Kartook-R1-LAB(config)#exit
Kartook-R1-LAB# write
Kartook-R1-LAB# reload
Step10:
After the Kartook-R1-LAB boots up, log on with your new password and enable all interfaces (using “no shutdown”) because during the recovery procedure the interfaces get shut down.
What we have done in the above 10 steps is that we bypassed the original configuration that has the forgotten password, and then we got to the privileged mode without the need to know the password. Then we loaded the original configuration into RAM (so we don’t loose it) and imposed a new password and saved things back to the NVRAM. And then we got back to the original boot sequence.