1
00:00:00,510 --> 00:00:06,580
A possible recovery requires two things you need to be able to power cycle the device.

2
00:00:06,840 --> 00:00:13,390
I'm going to be using an APC to do this so that I can power cycle the device remotely.

3
00:00:13,460 --> 00:00:19,160
I'm also connected to the console of this router via a terminal server side.

4
00:00:19,200 --> 00:00:28,980
Telnetting to a server and then accessing the console of the router through the terminal server in the

5
00:00:28,980 --> 00:00:35,520
real world you may have to physically walk to the router and plug your laptop into the console and then

6
00:00:35,520 --> 00:00:37,460
power cycle the device.

7
00:00:37,710 --> 00:00:43,260
Or if you've got access to an APC and a terminal server that's giving out-of-band console access to

8
00:00:43,260 --> 00:00:45,370
the device you can do what I'm doing here.

9
00:00:45,630 --> 00:00:47,270
The process is the same.

10
00:00:47,580 --> 00:00:56,100
The APC and terminal server only gave me the ability to access the console and power cycle the device

11
00:00:56,100 --> 00:01:03,600
remotely I'm connected to the console of the router and I'm told that I need to press Return to get

12
00:01:03,600 --> 00:01:06,180
started some in user mode.

13
00:01:06,540 --> 00:01:12,620
I can top show version and we can see that this is a Cisco 1841 router.

14
00:01:13,050 --> 00:01:22,160
We can see that the configuration register is set to 2 1 0 2 that is the default value which means that

15
00:01:22,160 --> 00:01:30,110
the router will boot normally and has a console speed of 9600 bits per second startup config will be

16
00:01:30,110 --> 00:01:30,890
used.

17
00:01:31,310 --> 00:01:36,140
And we can change the config register if necessary as follows.

18
00:01:36,140 --> 00:01:38,080
However we're not typing able.

19
00:01:38,300 --> 00:01:41,700
Let's assume that I don't know what the password is

20
00:01:45,160 --> 00:01:46,590
so I'm unable to access.

21
00:01:46,590 --> 00:01:48,720
Privilege mode on this router.

22
00:01:48,780 --> 00:01:54,620
It does seem that the secret password was set and we don't know what that password is anymore.

23
00:01:56,930 --> 00:02:00,280
So what we can do is power cycle the router.

24
00:02:00,470 --> 00:02:08,450
So I'm going to set the APC to do any immediate reboot on the router.

25
00:02:08,660 --> 00:02:11,610
And what we will notice on the router is it's rebooting.

26
00:02:11,690 --> 00:02:16,380
I'm going to send a special command which is the break to the Rodda.

27
00:02:16,390 --> 00:02:19,360
And notice I am now in Ramond mode.

28
00:02:19,760 --> 00:02:28,600
So through the APC are remotely re booted the router rather than physically doing it Rodda has rebooted.

29
00:02:28,870 --> 00:02:38,260
And I sent a break signal to the Rodda so you could use your keyboard or your terminal emulation program

30
00:02:38,260 --> 00:02:40,110
to send the break.

31
00:02:40,210 --> 00:02:46,420
In this case I'm using putty and I just sent the break c'mon to the Rodda which meant that it broke

32
00:02:47,230 --> 00:02:50,590
the boot process and went into Romont mode.

33
00:02:50,590 --> 00:02:53,230
Question mark shows me options and Rahmon.

34
00:02:53,260 --> 00:02:57,650
You'll notice that this is different to the traditional Cisco Aiwass.

35
00:02:58,000 --> 00:03:02,950
This is the command that we looking for configuration register utility.

36
00:03:02,990 --> 00:03:11,580
So we're going to set back to count 0 1 4 2 the possible procedure I'm using is a little bit different

37
00:03:11,580 --> 00:03:14,720
to the twenty nine hundred password procedure.

38
00:03:15,030 --> 00:03:23,280
But notice the same command is used the Cisco Web site will give you the details for individual routers.

39
00:03:23,330 --> 00:03:29,280
So as an example for an 18 41 router the full procedure is shown here.

40
00:03:29,400 --> 00:03:36,810
Just follow the procedure for the relevant device that you want to do by password recovery on that includes

41
00:03:36,900 --> 00:03:39,450
both routers and switches.

42
00:03:39,450 --> 00:03:45,130
So in a document like this we have highand routers LAN switches and other devices.

43
00:03:45,570 --> 00:03:52,380
So confrere just set we told that we need to reset our power cycle the device command to do that is

44
00:03:52,380 --> 00:03:53,400
going to be reset

45
00:03:56,560 --> 00:04:05,530
and what will happen now is the will boot normally but it will bypass the startup configuration because

46
00:04:05,980 --> 00:04:17,180
when setting this value to 4 6 is set which means ignore and be RAM contents so to save you some time

47
00:04:17,210 --> 00:04:20,300
I'm going to speed up the boot process.

48
00:04:20,340 --> 00:04:27,360
What will happen is when the router boots up it will bypass the startup configuration and ask us whether

49
00:04:27,360 --> 00:04:34,800
we want to add to the initial startup dialog and noticed now that the router is prompting us with the

50
00:04:34,800 --> 00:04:42,030
system configuration dialog we don't want to enter that's going to say no we're told to press Return

51
00:04:42,030 --> 00:04:43,040
to get started.

52
00:04:46,360 --> 00:04:55,370
And notice the name of the Rodda is router where as previously it was called C 1841 or 1.

53
00:04:55,390 --> 00:04:58,450
So here's the critical piece enable.

54
00:04:58,660 --> 00:05:03,410
I can move to enable mode without a password.

55
00:05:03,500 --> 00:05:12,760
Show startup config shows that there is an enable secret password configured in the startup config and

56
00:05:12,760 --> 00:05:15,840
we can see the hostname of the router as an example.

57
00:05:16,120 --> 00:05:20,320
We can see other information such as IP addresses on serial interfaces.

58
00:05:20,530 --> 00:05:29,230
We can see that OSPF was configured as part of the startup config in the running config However we don't

59
00:05:29,230 --> 00:05:31,840
have the hostname configured.

60
00:05:31,870 --> 00:05:34,800
We don't have a secret password.

61
00:05:34,990 --> 00:05:41,350
We don't have IP addresses on our serial interfaces and we don't have be configured so to get the config

62
00:05:41,350 --> 00:05:41,900
back.

63
00:05:41,950 --> 00:05:46,710
I'm going to top copy startup config running config.

64
00:05:46,790 --> 00:05:49,940
Notice the router name has now changed.

65
00:05:49,940 --> 00:05:51,250
Show run.

66
00:05:52,730 --> 00:05:59,390
Shows us the IP addresses and OSPF configuration in running config.

67
00:05:59,670 --> 00:06:08,270
Now OSPF was complaining that it couldn't allocate a unique Rodda ID and that's because all interfaces

68
00:06:08,270 --> 00:06:15,890
on the router are shut down so I'm going to go into serial zero slash seriously zero and no shut the

69
00:06:15,890 --> 00:06:18,100
interface and do that.

70
00:06:18,140 --> 00:06:26,880
On the other serial interface and notice now I always be able to allocate errata ID and then form a

71
00:06:26,880 --> 00:06:35,880
neighbor relationship with a neighboring router so as an example show IP P.F. neighbor shows us that

72
00:06:35,970 --> 00:06:42,130
the neighbor relationship has formed that's important to remember that we are now in privileged mode.

73
00:06:42,150 --> 00:06:46,060
We enable mode but we don't know the password.

74
00:06:46,080 --> 00:06:54,120
Show run shows us that the secret password is configured but we don't actually know what that password

75
00:06:54,120 --> 00:06:55,090
is.

76
00:06:55,110 --> 00:07:00,120
We moved from user mode to privilege mode without entering a password.

77
00:07:00,360 --> 00:07:03,810
And then we copied the startup config to running config.

78
00:07:04,230 --> 00:07:08,550
If we exit to privilege mode now we won't be able to get back in.

79
00:07:08,550 --> 00:07:17,050
So what we need to do is change the password so change the secret password to something that we know.

80
00:07:17,400 --> 00:07:24,330
So it's really important that when you do the password recovery that you go to privilege mode you enable

81
00:07:24,330 --> 00:07:32,910
mode first and then copy the config from startup config to running config and then change the password

82
00:07:33,360 --> 00:07:36,130
and then save your config.

83
00:07:36,210 --> 00:07:44,930
So it's really important that you set the password and that you then save the configuration before continuing.

84
00:07:44,970 --> 00:07:53,560
Now show version shows us that the configuration register is still to 140.

85
00:07:53,910 --> 00:08:00,120
The configuration register configuration is separate to the running and startup config of Varada.

86
00:08:00,700 --> 00:08:03,720
So what I'm going to do is save the config right now.

87
00:08:03,850 --> 00:08:06,550
So copy running config startup config.

88
00:08:06,550 --> 00:08:07,380
All right mem

89
00:08:10,320 --> 00:08:14,730
at the moment the config register is 0 x 2 1 4 2.

90
00:08:15,030 --> 00:08:22,680
If I rebooted the broader now it would end up booting without using the startup config again.

91
00:08:22,700 --> 00:08:23,850
Now we don't want to do that.

92
00:08:23,850 --> 00:08:30,290
We want to use the config register command and set it for normal boot.

93
00:08:30,720 --> 00:08:37,240
So set it to 1 0 2 show version.

94
00:08:37,420 --> 00:08:46,510
Notice it will be thus at next reload I can reload the Rotto without saving the configuration and it

95
00:08:46,510 --> 00:08:51,290
will reboot using the previously saved config.

96
00:08:52,070 --> 00:08:58,170
If you remember before I made the change I saved the config.

97
00:08:58,370 --> 00:09:01,860
So thats the configuration thats going to be used.

98
00:09:01,910 --> 00:09:08,090
I don't need to save the configuration again for the configuration register change to be saved it saved

99
00:09:08,450 --> 00:09:12,480
independently of the running configuration on the router.

100
00:09:12,900 --> 00:09:15,140
Speed up the boot process again.

101
00:09:17,070 --> 00:09:25,620
So notice that we are told to press and to get started and interfaces come up and the in OSPF neighbor

102
00:09:25,620 --> 00:09:35,200
relationship is formed and that's because the startup config was applied when the Rodda booted up.

103
00:09:35,350 --> 00:09:41,240
Now in the top enable We can log in with the password that we configured.

104
00:09:41,260 --> 00:09:48,800
In other words the reset secret password we can't see that in the upper Chiheb because it's hashed.

105
00:09:49,140 --> 00:09:55,150
But this is the password of Cisco that we configure the router to use.

106
00:09:55,290 --> 00:09:58,420
So that's an example of how to do Ponsford recovery.

107
00:09:58,980 --> 00:10:06,900
Don't forget that on Cisco's Web site there are possible recovery procedures for various routers that

108
00:10:06,900 --> 00:10:12,370
you may be using in your lab or that you may be using in the real world.

109
00:10:12,690 --> 00:10:18,870
Simply follow the step by step procedures to bypass an encrypted password.

110
00:10:18,870 --> 00:10:22,740
This does require physical access.

111
00:10:22,740 --> 00:10:29,220
In other words you need access to the console to be able to do a password recovery.