cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
46233
Views
15
Helpful
14
Replies

ISR 4331 reset password

Damoab
Level 1
Level 1

Hello, Our sysadmin has left our place and before htat decided to delete all data from his laptop and backupstorage.

We have a cisco ISR 4331 and we don't have the admin password. We can acces pishically to it and plug a wire into the console port. Since the data deleted we realiced that we don't have any pack or license file for the router, what we want:

1- Change the admin password for the device.

2- Create a backup of any license file/data, apps.... etc in the device.

3- Reset the device to default.

4- Reinstall licenses, apps and revelant data.

 

I ask for help and guidance since we don't want to brick the device or loose any license inside.

Thank you so much.

2 Accepted Solutions

Accepted Solutions

Leo Laohoo
Hall of Fame
Hall of Fame

Getting the license re-issued is very easy:  Send an email to the License Team with the serial number of the router and they'll generate a PAK very quickly.  No need to "back up the license".

In regards to password recovery, pray the old sysadmin did not disable password recovery:  Chapter: Replacing or Recovering a Lost Password

View solution in original post

Damoab
Level 1
Level 1

I solved it, seems that there are some diferent keyboard combinations dependiong on wich OS and terminal are you using:

Standard Break Key Sequence Combinations During Password Recovery

https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html 

 

 

Software Platform Operating System Try This

HyperterminalIBM CompatibleWindows XPCtrl-Break
HyperterminalIBM CompatibleWindows 2000Ctrl-Break
HyperterminalIBM CompatibleWindows 98Ctrl-Break
Hyperterminal (version 595160)IBM CompatibleWindows 95Ctrl-F6-Break
KermitSun WorkstationUNIXCtrl-\l
Ctrl-\b
MicroPhone ProIBM CompatibleWindowsCtrl-Break
MinicomIBM CompatibleLinuxCtrl-a f
ProComm PlusIBM CompatibleDOS or WindowsAlt-b
SecureCRTIBM CompatibleWindowsCtrl-Break
TelixIBM CompatibleDOSCtrl-End
TelnetN/AN/ACtrl-], then type send brk
Telnet to CiscoIBM CompatibleN/ACtrl-]
TeratermIBM CompatibleWindowsAlt-b
TerminalIBM CompatibleWindowsBreak
Ctrl-Break
TipSun WorkstationUNIXCtrl-], then Break or Ctrl-c
~#
VT 100 EmulationData GeneralN/AF16
Windows NTIBM CompatibleWindowsBreak-F5
Shift-F5
Shift-6 Shift-4 Shift-b (^$B)
Z-TERMINALMacAppleCommand-b
N/ABreak-Out BoxN/AConnect pin 2 (X-mit) to +V for half a second
Cisco to aux portN/AControl-Shft-6, then b
IBM CompatibleN/ACtrl-Break

 

Now I'm able to reset the router. Thank you.

View solution in original post

14 Replies 14

Leo Laohoo
Hall of Fame
Hall of Fame

Getting the license re-issued is very easy:  Send an email to the License Team with the serial number of the router and they'll generate a PAK very quickly.  No need to "back up the license".

In regards to password recovery, pray the old sysadmin did not disable password recovery:  Chapter: Replacing or Recovering a Lost Password

Hello and thank you for your answer.

We can expect the most destructive of the scenarios.

What will be the situation if the password has been disabled?

Thanks a lot for your help again.

Can you please help me to clarify a step:

 

Step 4

Set the confreg to not auto boot (0x0 if your baud rate is 9600), and then reload the box. The router enters the ROM monitor, indicated by the ROM monitor prompt (rommon1>).

 

thank you

Yeah, that step is irrelevant if you cannot get into enable mode of the router.  

Plan "B" is to make sure you have a console cable connected to the router.  Make sure you know how to hit the "break" sequence of the terminal you're using.  

Power down the router.  
Power up the router and the moment the first line shows up on your terminal screen, hit the "break" sequence as many as you can.  

WARNING:  If your administrator have disabled password-recovery, proceeding further will mean the config will get erased.  

Leo Laohoo
Hall of Fame
Hall of Fame

If password recovery has been disabled, any attempt to "factory reset" the appliance will mean the config will be erased. 

Do not worry about the license because it is very easy to re-generate a license key.  
Factory reset will NOT destroy the existing license key because this information is stored in a different location in the router.

saravanan93
Level 1
Level 1

Schedule for downtime & break the password 

 

* restore the config file 

* changes the Login credential

https://www.cisco.com/c/en/us/support/docs/routers/2800-series-integrated-services-routers/112033-c2900-password-recovery-00.html

 

follow the  web link to break the password, 

 

once router rebooted after change Cofreg value 

use show start-up config for back config 

 

It is an interesting consideration whether password recovery has been disabled or not. But I think it is not particularly relevant since the original poster has indicated that they intend to erase the existing config and start over from scratch.

HTH

Rick

Damoab
Level 1
Level 1

Hello, as sugested I reboot the router with a console wired to the console port. I setup a com1, 9600 bud, databit 8, stop bit 1, parity none, flow control none.

When the system boots and I saw the first line I press the pause/brk key like hell. until the end of the boot but nothing happens.

I'll post at the end the full boot up log.

I suposse there is no hardware reset button or similar so, any ideas please?

Initializing Hardware ...

Checking for PCIe device presence...done
System integrity status: 0x610
Rom image verified correctly


System Bootstrap, Version 16.9(1r), RELEASE SOFTWARE
Copyright (c) 1994-2018 by cisco Systems, Inc.


Current image running: Boot ROM1

Last reset cause: PowerOn
ISR4331/K9 platform with 8388608 Kbytes of main memory


........
Located isr4300-universalk9.16.06.04.SPA.bin
######################################################################################################(.....)

#####################################################################

Package header rev 1 structure detected
IsoSize = 550114467
Calculating SHA-1 hash...Validate package: SHA-1 hash:
calculated 444F4D02:44C58887:D9C8942B:C557D3CF:2A14247E
expected 444F4D02:44C58887:D9C8942B:C557D3CF:2A14247E
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
^Z
Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706


Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sun 08-Jul-18 04:33 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


image_application_init::Suite configuration initated succesfully on feature = FoundationSuiteK9

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco ISR4331/K9 (1RU) processor with 3843999K/6147K bytes of memory.
Processor board ID ############
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
8388608K bytes of physical memory.
7057407K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.

%INIT: waited 0 seconds for NVRAM to be available

NHRP MIB is not enabled: Trap generation suppressed
However, configuration changes effective
NHRP MIB is not enabled: Trap generation suppressed
However, configuration changes effective
NHRP MIB is not enabled: Trap generation suppressed
However, configuration changes effective
NHRP MIB is not enabled: Trap generation suppressed
However, configuration changes effective

Press RETURN to get started.

Damoab
Level 1
Level 1

I solved it, seems that there are some diferent keyboard combinations dependiong on wich OS and terminal are you using:

Standard Break Key Sequence Combinations During Password Recovery

https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html 

 

 

Software Platform Operating System Try This

HyperterminalIBM CompatibleWindows XPCtrl-Break
HyperterminalIBM CompatibleWindows 2000Ctrl-Break
HyperterminalIBM CompatibleWindows 98Ctrl-Break
Hyperterminal (version 595160)IBM CompatibleWindows 95Ctrl-F6-Break
KermitSun WorkstationUNIXCtrl-\l
Ctrl-\b
MicroPhone ProIBM CompatibleWindowsCtrl-Break
MinicomIBM CompatibleLinuxCtrl-a f
ProComm PlusIBM CompatibleDOS or WindowsAlt-b
SecureCRTIBM CompatibleWindowsCtrl-Break
TelixIBM CompatibleDOSCtrl-End
TelnetN/AN/ACtrl-], then type send brk
Telnet to CiscoIBM CompatibleN/ACtrl-]
TeratermIBM CompatibleWindowsAlt-b
TerminalIBM CompatibleWindowsBreak
Ctrl-Break
TipSun WorkstationUNIXCtrl-], then Break or Ctrl-c
~#
VT 100 EmulationData GeneralN/AF16
Windows NTIBM CompatibleWindowsBreak-F5
Shift-F5
Shift-6 Shift-4 Shift-b (^$B)
Z-TERMINALMacAppleCommand-b
N/ABreak-Out BoxN/AConnect pin 2 (X-mit) to +V for half a second
Cisco to aux portN/AControl-Shft-6, then b
IBM CompatibleN/ACtrl-Break

 

Now I'm able to reset the router. Thank you.

 What would putty be ctrl-break?

 Also at what point do you start with the control break?

control-c did it

OK, get into confreg. I wish I could just do 0x040. All those questions not sure which I should be answering. There's 3 sets of questions. And what would get me back to 0x2102?

If you are in ROMMON, then "confreg 0x2102".

Abrar Malik
Level 1
Level 1

HI..no need to take backup ................ For cisco 4331 or all 

 

do shutdown your router and turn on again  

press FN+CTRL+SHIFT+BREAK key from keyboard or FN+CTRL+SHIFT+B to change boot mode in router

now ..

 

   confreg 0x2142  

   reset

 

no its has been reseted

 

then first need to change your password and save 

next do :   copy startup-config run

do write memory

 

 

now its solved .

 

 

 

 

 

 

 

 

 

Malik


@Abrar Malik wrote:

now its solved .


No, it is not. 

The config-registry is still 0x2142.  

Review Cisco Networking for a $25 gift card