Hi there!

I totally agree with your solutions. 

Hi,

Does anyone has the solution for this ?

I also have 2900 series router. Password recovery option is disabled. Also I Ctrl+Brk wont give me ROMMON prompt as well. Removing the flash from the router also doesnt give me prompt.

Thanks for the response.

Cleetus

Hi Cleetus and wellcome,

You should to follow instruction from Richard Burts, in his solution I didnt set clock rate 300 and I stayed on 9600. But this is very important to do

"The exception to this is that at the completion of the boot process there is a very short interval (I believe it is about 5 seconds) in which the break sequence will be accepted. It does not go directly into rommon but does ask if you want to recover the router. If you respond that you do want to recover the router it deletes the startup config and boots again. In doing this you are not able to recover the existing passwords but are able to recover the router."

Cleetus

It does not matter whether you get output or not when you set the speed to 300. And in thinking about it I would not expect to have output at 300. What does matter is that you set the speed to 300, connect to the console, power cycle the router, and wait at least a minute (longer might be better) longer than it takes the router to boot, before you change the speed back to 9600.

Cleetus

It has been my experience that if you set the speed to 300 that it is not necessary to Ctrl + Brk. I have had success if I do these steps:

- with a normal console connection power cycle your router.

- determine how long it takes to complete the booting process.

- change the console speed to 300.

- power cycle the router. No input on console.

- wait 2 minutes longer than it took for the booting process to complete.

- change the console speed back to 9600.

As I think about it, if the speed 300 was interpreted by the router as a break sequence, then there should have been a prompt stating that password recovery is blocked and asking if you want to recover the router. So I suggest that immediately after changing the console speed back to 9600 that you type yes and hit enter.

If that does not work then I have a question. After you change the speed to 300, power cycle, wait, change the speed back to 9600 what do you get on the console? Has the router booted? What prompt do you get?

Cleetus

Thanks for the update. Sorry that it has not worked for you so far. Did you try my suggestion to immediately after changing the console speed back to 9600 that you type yes and hit enter?

Alex

Perhaps someone in the community knows more than I do about this, and if so I hope they will jump in.

As far as I know there is not any way to preserve the existing config if you need to do password recovery but that function has been disabled. 

By default an IOS router will let you break into the router using a password recovery process and access the current configuration. That does create a vulnerability in which someone outside of your organization who has physical access to the router could break in and compromise the configuration. So Cisco provides an optional feature to protect against this. The design of the feature provides that you would be able to protect your router from someone breaking into it and compromising your configuration. So using this optional feature protects you against outside people, but you give up the ability of someone inside being able to break in and preserve the config.

We do not know what your environment is, is this router an isolated device? If so I do not know any way you can preserve the config. Is this router part of an existing network? If so, and if it is configured to participate in network management then there might be some possibility of retrieving the config via SNMP?

Hello,

The router i am trying to recover the password is an old 1800 series. For my miss fortune there was never made a backup of the configuration and the router is still active and in place for a critical service. I am trying to replace it with an ISR CP 1111 but for that i need the configuration. I have made something of a sort of a configuration that i got from the provider from their end and from the data center where the router is located but since the service is critical i wanted if there was a concrete result to get the old configuration and not start making experiments. 

Thank you.

Thanks for the additional information. You are indeed in a difficult situation. If this router is active in the production network then I would ask about the possibility that some network management software might be able to access the router and to retrieve information from it?

Is there any access to the router? Even user level access would allow you to gather helpful information. No one in the organization has any idea what the password is?

If there is no access to the router, and if password recovery is disabled then you are indeed in a difficult situation. I do not know of any way to break into a router when password recovery is disabled and still retain the original config.