Last-resort password recovery
Pappyar has sent me an interesting password recovery technique, which can be used in those weird circumstances when you cannot force the router to go to ROMMON (for example, you’ve configured no service password-recovery and the break signal does not work as expected). Unfortunately, his trick works only if you can remove the flash memory from the router (it’s soldered in low-end models):
- Turn off the router.
- Take out the flash.
- Turn on the router.
- This time router will take you to ROMMON as it cannot find an IOS image.
- Set the configuration register with confreg 0x2142.
- Reset (this will change the stored value of the configuration register).
- Turn off the router.
- Reinsert the flash.
- Turn on the router and you are done.
Complete these steps to simulate a break key sequence:
1.
Connect to the router with these terminal settings:
1200 baud rate
No parity
8 data bits
1 stop bit
No flow control
You no longer see any output on your screen, and this is normal.
2.
Power cycle (switch off and then on) the router and press the SPACEBAR for 10-15 seconds in order to generate a signal similar to the break sequence.
3.
Disconnect your terminal, and reconnect with a 9600 baud rate. You enter the ROM Monitor mode.