Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9937
Views
0
Helpful
15
Replies

Password recovery

Go to solution
Luisinus
Level 1
Level 1

‎03-15-2007 06:16 PM - edited ‎03-03-2019 04:11 PM

I bought a 1841 Router on e-bay.

Apparently, it has been configured with "no service password-recovery". The console shows: PASSWORD RECOVERY FUNCTIONALITY IS DISABLED, and it does not respond to Ctrl-Break during boot. AFAIK, this router does not have a removable NVRAM chip - so this method of reset is excluded. Is my only option to RMA it?

TIA, /Luis

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chris
Level 1
Level 1
In response to Luisinus

‎11-27-2009 12:26 PM

I have the same issue, there are several jumper settings on the motherboard however I cannot find any documentation anywhere if these are of any use.  I find it hard to believe that this router is now a doorstop.  There must be a method.

View solution in original post

0 Helpful
15 Replies 15

Go to solution
kyawzawhtut
Level 1
Level 1

‎03-15-2007 06:32 PM

I believe you still can go back to factory default without needing RMA.

Press the break-key winthin 5sec after decompress the image. System will prompt you to confirm and after that it will delete the start-up config and back to factory default.

Check this url for different combination of break-key that you can try.

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml

HTH

Plz rate if helpful.

Cheers

Kyaw

0 Helpful

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to kyawzawhtut

‎03-15-2007 08:22 PM

Luis,

I believe your understanding is correct. I don't think you can break in when password recovery is disabled in the router.

Actually, if I remember correct the IOS even produces a warning when configuring the no service password recovery command that if the password is lost then RMA will be your only option.

HTH

Sundar

0 Helpful

Go to solution
Luisinus
Level 1
Level 1
In response to kyawzawhtut

‎03-15-2007 08:26 PM

Well, here the steps taken so far:

- About 20 reboots with console cable connected. I have hit Ctrl-Break at every thinkable point, after 5 secs. after boot, when "Image text-base:" appears, etcetc.

- I cross-checked with another 831 I have around to see if the Ctrl-break works there: It does.

- I have taken the Button-Cell battery out of the 1841 for at least 20 minutes, hoping that this would erase the config. I'm not sure what this battery is for, because this had no effect whatsoever.

My assumption was: That it would be possible to use the Ctrl-Break procedure and to expect a "Do you want to reset the router to factory default configuration and proceed [y/n] ?" prompt, but I don't get to that prompt. There is a bit of conflicting documentation out there.

Cheers, /Luis

0 Helpful

Go to solution
sundar.palaniappan
Level 10
Level 10
In response to Luisinus

‎03-15-2007 09:04 PM

Luis,

Actually, it appears you should be able to reset the router to the factory default settings when password recovery is disabled. You should be able to break in within 5 seconds after the image decompresses during the boot.

Follow the steps in this document to see if it helps.

http://cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00802a1e76.html

HTH

Sundar

0 Helpful

Go to solution
kyawzawhtut
Level 1
Level 1
In response to sundar.palaniappan

‎03-15-2007 09:09 PM

Luis

I suggest you try the different combination of break key which I gave u in previous post.

May be it is different break-key under no password recovery situation. Who know?

HTH

Cheers

Kyaw

0 Helpful

Go to solution
kyawzawhtut
Level 1
Level 1
In response to kyawzawhtut

‎03-19-2007 12:55 AM

Hi Luis

Do you manage to recover the password? Please update so that we can learn new thing from your experience.

Cheers!

Kyaw

0 Helpful

Go to solution
mohammedmahmoud
Level 11
Level 11
In response to kyawzawhtut

‎03-19-2007 03:10 AM

Hi Luis,

As clarified by Sundar, and according to Cisco's website:

No Service Password-Recovery:

Disable password recovery feature provides the ability to disable the password recovery process. With this feature enabled, a hacker with physical access to the router cannot enter the ROMMON and ignore the startup config. For genuine users who have forgotten the password and want to recover the router on which this feature is already enabled, an enhancement to this feature has been made which makes the router to accept the break signal within 5 seconds after rebooting. The user now has the option to boot the router with factory default config.

I'll try to test it for you in lab ASAP.

HTH,

Mohammed Mahmoud.

0 Helpful

Go to solution
Luisinus
Level 1
Level 1
In response to mohammedmahmoud

‎03-19-2007 09:23 AM

I have been through 25-30 reboots, following the different recommendations where some say to hit Ctrl-Break when when "Image text-base:" appears, other after 5 seconds into boot etcetc.

I have even tried another terminal program, but the fact that sending a Ctrl-Break to another router (for comparison) works on the first attempt, shows that the Terminal proggie indeed is sending a Break.

I would call this the end of the line, and unless some revolutionary new method turns up, this one will be sent for service.

Cheers, /Luis

0 Helpful

Go to solution
chris
Level 1
Level 1
In response to Luisinus

‎11-27-2009 12:26 PM

I have the same issue, there are several jumper settings on the motherboard however I cannot find any documentation anywhere if these are of any use.  I find it hard to believe that this router is now a doorstop.  There must be a method.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to chris

‎11-27-2009 01:52 PM

Hi Chris,
Please avoid making multiple post of the same topic.  I'm responding to your main post.

0 Helpful

Go to solution
Luisinus
Level 1
Level 1
In response to chris

‎11-27-2009 08:33 PM

Hi Christopher,

My original post is more than 2 years old, but the issue was never resolved.

I had sent the router to a company in the US that claimed they could do it, and it came back stone dead. (No LED indicators, no RS232 response anymore).

Either they repaired it to death, or just swapped the mainboard with a DUD.

I had not recorded the mainboard serial number before sending it off, (My bad) so I had no leverage.


Before sending it for "so-called repair" I have tried loading it with older versions of the IOS, and I tried several low-level hardware things like resetting the ROM chip during boot trying to cause an unspecfied error (Kernel panic) and to get the router to reveal something or to get into rommon mode. I don't have enough low-level hardware knowledge, but I can identify the reset-pin on a given chip and try all kind of blind and non-destructive things.

Bottom line: That $500 piece of equipment wound up on the shelf, waiting to be used as spare-part repository. The fan is good, the power supply is good. I have a hard time to write off equipment because of a lost password, but that was the end of the story.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Luisinus

‎11-27-2009 09:03 PM

Oh for goodness sake.

Here's the link:

http://www.heinzulm.com/password.php

I've successfully used this process and added a last item on my list:  Kill the idi0t who disabled the password recovery.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Luisinus

‎11-27-2009 02:06 PM

Hello,

A friend of mine has once told me that he had a similar problem. His 1841 was running IOS c1841-advipservicesk9-mz.123-8.T11.bin and he had configured the no service password-recovery. He was unpleasantly surprised to meet the same troubles as you - while hitting the Ctrl+Break key several times during the boot process, the router just ignored him.

Eventually, the solution he found was trivial. He took out the Compact Flash card and replaced the old IOS on it with a new one on a different router. Then he booted the 1841 with the new IOS and managed to get the Ctrl+Break key working as expected (the router will erase the configuration instead of ignoring it). The IOS he was successful with was the c1841-advipservicesk9-mz.124-20.T.bin and I assume that it will work also with more recent IOSes.

Give it a try.

Best regards,

Peter

0 Helpful

Go to solution
Luisinus
Level 1
Level 1
In response to mohammedmahmoud

‎11-27-2009 09:07 PM

By the way - while digging in old posts, some sentences made me wonder:

First:

>>>>

With this feature enabled, a hacker with physical access to the router cannot enter the ROMMON and ignore the startup config.

<<<<

A hacker with physical access is usually not a hacker but a thief or an intruder on the premises. Hackers work remotely - usually, generally.

Second:

>>>>

For genuine users who have forgotten the password and want to recover the router on which this feature is already enabled, an enhancement to this feature has been made which makes the router to accept the break signal within 5 seconds after rebooting. The user now has the option to boot the router with factory default config.

<<<<

In THAT case, what is the difference between a hacker with physical access and a genuine user with physical access who has just forgotten the password? (Both can carry a laptop with a RS232 port and a cable, not?)

Sure you may be quoting contents in your post, but still the lack of distinction between hacker and legitimate user in this scenario is striking.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card