System information
Troubleshooting Security Implementations 24-487
Password-Recovery Procedure: Platforms Running Recent Software Releases
Password-Recovery Procedure: Platforms Running Recent Software Releases
The Cisco CGS, MGS, AGS, and AGS+ platforms, and Cisco 7000 series routers running software
prior to Cisco IOS Release 10.0 from ROM, all have their configuration registers in hardware, so you
must physically change the position of the configuration register jumper during the
password-recovery process.
It might be necessary to remove the processor card from the router chassis in order to access the
hardware configuration register jumper. Consult your hardware documentation for detailed
instructions on removing and inserting the processor card from the router chassis if necessary.
Moving the hardware configuration register jumper to bit position 6 allows the router to ignore the
contents of NVRAM while booting. This permits you to bypass the configuration file (and therefore
the passwords) and gain complete access to the router. You can then recover the lost password or
configure a new one.
Note If your password is encrypted, you cannot recover it. You must configure a new password.
Figure 24-1 shows a flowchart describing the password-recovery procedure for the following
platforms:
• Cisco 2000, Cisco 2500, Cisco 3000, and Cisco 4000 series access servers and routers
• Cisco 7000 series routers running Software Release 9.17(4) and later from Flash
memory/netboot
or
Cisco 7000 series routers running Cisco IOS Release 10.0 or later from ROM
• Cisco IGS routers running Software Release 9.1 or later
• Cisco CGS, MGS, AGS, and AGS+ routers running Software Release 9.1(7) or later
• Cisco 7000 series routers running Software Release 9.17(4) through 9.21 from ROM
Some of these platforms are configurable in software and do not require a hardware change. Others
require that you physically change the position of the configuration register jumper on the processor
card. Figure 24-1 takes you through the steps required for the platform and software with which you
are working, and shows diverging paths when necessary to account for platform-specific
requirements.
Refer to Table 24-11 to determine whether the platform on which you are working is configurable
in the software, or whether it requires you to physically move the jumper.
The following procedure describes the password-recovery process for the following platforms only:
• Cisco CGS, MGS, AGS, and AGS+ routers running Software Release 9.1(7) and later
• Cisco 7000 series routers running Software Release 9.17(4) through 9.21 from ROM
For these platforms, follow the path labeled “Cisco CGS, MGS, AGS, AGS+ running Software
Release 9.1(7) or later; Cisco 7000 series running Software Release 9.17(4) through 9.21 from
ROM” in the flowchart (see Figure 24-1).
For the step-by-step password recovery sequence for other platforms, see one of the following
sections:
• Password-Recovery Procedure: Platforms Running Current Cisco IOS Releases
• Password-Recovery Procedure: Platforms Running Earlier Software Releases