Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
6
Replies

Which Is Recomanded And Secure Method to reset router ?

CSCO11054429
Level 1
Level 1

‎07-31-2006 09:45 AM - edited ‎03-03-2019 04:18 AM

Hello,

I finished CCNA exam early in May. Now working with a company who deals in routers,switches etc.

I recently gone through variety of methods to conifgure, to trouble shoot Cisco router's.

I realised there are 2 ways to reset routers original configuration.

Method 1 > Type "erase startup config"

Method 2 > reset router, press "Ctrl + Break key

Enter to rom mon mode

Say "rommon 2> confreg 0x2142"

then say "rommon 2> reset"

After router boots in to normal mode , then say in privileged EXEC prompt

>>>> config-register 0x2102

Which methos is safe ? My senior engineers said, second method by changing config register is safest method. What method you people recomand?

Labels:
0 Helpful
6 Replies 6

scottmac
Level 10
Level 10

‎07-31-2006 09:51 AM

Your second method doesn't really "reset" the router. The "0x2142" only tells the router to ignore the startup-config on boot.

When the router boots (using the "reset" command) and you reset the confreg to 0x2102, the next time the router starts, it will start with the old startup config file.

This is (in part) the procedure for password recovery. The rest is:

copy start run (recalls the startup config while you are already in "enable mode")

change the passwords (enable secret, line con 0|password xxxxx etc)

then do a copy run start to save the file back with the new passwords.

Just changing the config register doesn't not eliminate the startup-config file. You'd still need to erase it or change it back to a null config.

FWIW

Scott

0 Helpful

scottmac
Level 10
Level 10
In response to CSCO11054429

‎07-31-2006 10:35 AM

The key point for the reset, as given in your link, is that you are at a point where you have a null config that you must save (in order to overwrite the existing configuration).

Just changing the confreg doesn't eliminate the existing config.

FWIW

Scott

(and, of course, I agree with Rick, method #1 is the way to go, IMHO)

0 Helpful

CSCO11054429
Level 1
Level 1
In response to scottmac

‎07-31-2006 10:47 AM

null config Vs Existing config ?

I am confused. If there is a "null config" why

we are going to overwrite and what we are going

to over write on a router which has "null config"?

I saw it before too. We sent 2610 router to another company for rent. I checked the router before taking it back to our company. IOS was ok and WIC2-T card

was also ok.

But the router was still having saved config including changed name of router i.e "host name".

People at my company followed confreg method and

i saw router came back to factory mode. Host name

was cahnged to "Router" which is default "host name"

and after saying "sh run" it showed no more passwords as well as no ip addresses whcih were present before performing confreg method. May be it

is possible to do in 2610 series router? Well i dont remember the exact name of that IOS.

0 Helpful

scottmac
Level 10
Level 10
In response to CSCO11054429

‎07-31-2006 12:40 PM

1. Router in original (needs to be reset) configuration (startup config is set)

2. ctrl-break, confreg 0x2142, reset (stratup config still set, but will be skipped)

2a. Say no to initial config script

3. "Router>", en, "Router#" (startup config still set, but it was skipped, so the router is at "null config")

4. confreg 0x2102 (changes the config register so that the startup config won't be skipped)

5. *HERE* you'd do a "copy run start" (copys the null config over the set config (startup-config now has a null config)

You saw the router at factory default because the 0x2142 confreg told the router to skip the existing running-config file. When you changed it back to 0x2102 without doing the "copy run start" (overwriting the existing config file with the null/blank/unconfigured "running config") the router rebooted with the existing (non-null) startup-config.

Next time you reset a router, do a reload or power cycle and confirm that the running-config has been cleared.

Good Luck

Scott

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎07-31-2006 09:57 AM

Both methods can end up with the same result. I am not sure that there is any clear cut difference as far as security is concerned. But I would make an argument that since method 1 (erase startup-config) is simple and has fewer steps it is more difficult to make a mistake which could compromise the router. Since method 2 is more complex, has more steps, and is in different modes there are more opportunities where a mistake can be made (a keystroke error in setting the config register, or forgetting to reset the config register, or something like that). And as Scott points out if you do not do a copy running-config startup-config with the empty config then you have not got rid of the old config at all. Therefore I would argue that method 1 is more safe.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents