Recovering A Lost Enable Secret Password

If the enable secret password is lost, a new password must be set. To recover a lost enable secret for cisco routers, follow the steps outlined below.

Before you begin - Connect A Console

  1. A terminal must be directly attached to the console port of the router. To do this, use the supplied console cable and adapter. Console port settings are 9600 baud, 8N1, no flow control.
    Take the following steps to connect a terminal (an ASCII terminal or a PC running terminal emulation software) to the console port on the router:
    Connection From Hyper Terminal

Procedure

  1. Power cycle the router.

  2. Send a "break" command to the router within the first 60 seconds after power cycle. The break command will vary depending on the terminal emulation package used. For Windows Hyperterminal, the break command is sent by holding the CTRL key down and pressing the BREAK key. After sending a successful break character, the router will be in ROM monitor mode as indicated by the angle bracket (>) prompt.

  3. From the ROM monitor prompt, set the configuration register value to 0x142. This causes the router to bypass the configuration contents stored in NVRAM upon next bootup and reboot the router by typing the following: 2500/4000 
    > o/r 0x142 
> i
    or 1000/1600/3600/4500 
    > confreg 0x142 
> reset
    The router will reboot itself.

  4. Enter privileged EXEC mode by typing the enable command. No password will be required. The prompt will change to Router(boot)#. 
    Router> enable
Router#

  5. Load the original configuration back into the router. There are two equivalent ways of doing this depending on the software version you are running. 
    Router# copy startup-config running-config
    For IOS Releases 11.0 and above
    OR 
    Router# config mem
    For IOS Releases prior to 11.0
  6. Set the new enable password.
    7. Router# config term
Router(config)# enable secret new_password
  7. Restore the configuration register and exit configuration mode. The configuration register must be reset so the router will properly boot using the configuration now stored in NVRAM.
    8. Router(config)# config-reg 0x2102
Router(config)# end
  8. Save changes
    9. Router# copy running-config startup-config
    For IOS Releases 11.0 and above OR 
    Router# write memory
    For IOS Releases prior to 11.0
Back - Support