SDN/SDDC Retreat in Miami, Florida (November 4th-6th)
Separate SDN hype from real life!

Recovering from expired one-time username

A reader sent me an interesting question:

Do you have any advice for resetting/logging into a router (2821) where the one time user of cisco:cisco has already been used?

I couldn't offer any better advice than performing the regular password recovery procedure. Is there another solution?

This article is part of You've asked for it series.


  1. What about real OTP?

    A challenge-response OTP would help immensely when dealing with outsiders who want temp access.

  2. As long as you have not done a write mem, a reboot will allow you to use the one time password again

  3. The issue in this case would be that router will not allow you to go to rommon by using simple ctrl+break. Follow the steps

    1) Turn off the router
    2) remove the flash
    3) turn on the router
    4) router will now go to rommon !!
    5) change register value to 0x2142.
    6) reset
    7) turn off the router
    8) place the flash back
    9) THE END

    Hope this helps

  4. Pappyar, unless you know what you are talking about please do not offer advise!
    Cisco configs are held in NVRAM not Flash, removing the flash will prevent the router from booting nothing else.
    As Adam says a simple power reset will allow the use of the OTP as long as the config has not been saved. If you do need to do a full password recovery then issuing a break sequence during bootup and then confreg 0x2142 will make the router ignore the startup-configuration. >:o


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.