Showing results for 
Search instead for 
Did you mean: 

PLEASE help! Please


So I got a old cisco 1921 router off ebay that was said to be ready to go and this is my 3rd exhausting day trying to bypass the old companies security on it I HAD so many hours today already im just exhausted I have tried hundreds of times.. here is the issue..


the router is setup, the router has ROMMON disabled, i need to factory reset the unit and I have even seen that reset option blow past me a few times so I know its there its either I had hit break so many times i paused the system and it flew past or i literally locked up the device. once it even froze on the **bleep** yes/no question and no ability to enter y at all.. and if i dont go mad on press press press press break it never even shows the reset prompt so all I get is blow past it or nothing.. I need a way to make this happen..   I really need this router... I really really need this router..   is there any other way to make this thing ask me to reset?   I honestly want everything gone at this point.. ill do anything to get it live!

22 Replies 22

A lot of private sellers purposely and maliciously disable password-recovery feature out of spite. 

I would recommending find a friend or someone that you know of who can follow the procedure that I have linked in my response.  

There are so many factors and variables that can make this process unachievable.  

Id think Id be able to handle it to be honest..   As I say there are many different ideas on where the right spot to hit the break is.. I'm convinced its deeper than just my ability.. 

Ok.. so here it is....  I have 2 more of these same routers.. WORKING...  is the IOS and configuration separate?  I'm talking of puling flash from one into this one just to break past it but if this lock is on the flash alone then that's out.  If so does anyone have a bad router they can pull its flash card from inside and sell me?   I have worked with cisco equipment since my first install of one in '97 and this is the first time one has beat me like this.   As far as the setup I just used this last night on 4 cisco AP's that were lightweight and I flashed them over to standalone with the exact same PC, cable and setup as I tried on this so I know it works.. I also recently setup 2 more of this same router with the same PC and 4 cisco switches again with this exact same setup. so I am clear the setup works and its not my inability here there is something more.   ALSO  if anyone wants to try to crack it I will PAY... I own it so I would give full permission to use whatever means you know to crack inside this thing and clear out the setup from hell...  I believe not only did they lock out the ROMMON as it tells me on every boot but I believe they may did something to make this reset impossible. IDK how but they did..  SO, whoever the admin was that set this up KUDOS as you're awesome and you need a raise..   


basically the question is:


#1 the password config held on the internal flash card?  I believe so as on boot without it I don't get far.. 


#2 if anyone has a blown 1921 they can open up 4 torx screws on side and pop the front off from bottom then squeeze the front and top pops off or flip upside down and tap the front with a rubber hammer and plastic pry tool.  the flash is screw down with a Philips and is socketed on the other end like a fan wire.  ill pay by PayPal for one sent to me.. 


#3 if there is a way  to reset this flash without killing it?


#4 if someone wants to try some handy skills remotely on it


Have you simply used another IOS workstation. (Perhaps Linux Ubuntu or other distro)

I had the same issue once, finally the ctrl+break on the right time did the trick. But it was a pain in the ...



From my reading here:


Cisco configuration guide.. link had to be removed.........

Recovering a Device from the No Service Password-Recovery Feature

To recover a device once the No Service Password-Recovery feature has been enabled, use the telnet client only (SSH is not supported). This telnet client is capable of breaking out of the current session by pressing “Ctrl+]” keys together to arrive at the “telnet>” prompt. At this prompt, you can send multiple strings of “send break” during the “#####” boot up window followed by the “Self decompressing the image :” message. You must send five to seven strings of “send break” during the break out session to arrive at the “Do you want to reset the router to factory default configuration and proceed [y/n] ?” prompt. Answer “yes” for the device to boot with the factory default configuration. If Putty client is used for the telnet session, use the break command from the drop down menu. For SecureCRT client with telnet session, press the “Ctrl +break” keys on the full keyboard. The router will not go into ROMmon mode during this recovering process.

If you do not confirm the Break key action, the router boots normally with the No Service Password-Recovery feature enabled


That is telling me that the old console cable and SSH will not work anyway...  never done this any other way other than SSH on putty... I didn't even know it could be done.. 


think its day number 6 or something.. and its to the point i wasted more time and energy and could have bought 6 dozen of these by now..   can anyone shed light on the above?

I read that article in an earlier post. I did not understand it then and I do not understand it now. Its discussion of using the telnet client does not make sense to me. I do not have extensive experience with password recovery disabled, but the experience that I do have is based on a console connection, which does not use telnet. 

In a previous response I suggested sending only a single break signal when the booting process completes. I think that one should be sufficient but it might be ok to try sending several break signals. In this situation timing is important. After the booting process ends with ok you have a very short interval to send the break signal.

If you have tried what I suggested and it is not working then I have a somewhat different approach to suggest:

- connect to the console port of the router.

- power cycle the router and time how long it takes the router to complete the booting process.

- set the speed of your terminal emulator to 300 (yes this is a very slow speed).

- power cycle the router.

- add at least 30 seconds to how long it took the router to boot and wait at least that long.

- change the speed of your terminal emulator back to the normal speed.

- while the router was booting with the console emulator at 300 it looks like a break signal, so the boot process completes and it thinks that it sees a break signal, and asks the question "do you want to reset ...". You did not see the question but just type yes and see what happens.





Guess who beat the 1921 router!  ME!   and nobody here was actually correct the way I got past this was by not using a console cable at all. I had tried 3 different console cable on it and none did it but you know what did the micro usb connector.. yep.. i hooked up one those I had from my OBD2 reader to update software from online and presto..  The port below in pic.... that works on 1921 100% and use putty and ctrl break after the OK on the loading.. i did 3x and it worked.. reset.. 



Congratulations on getting the router to reset. Thanks for sharing your successful solution with us. Interesting that the different connector got you around the issue. +5 for letting us know how you got it to work.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers