Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 2610 'Password Recovery is Disabled' 1

Status
Not open for further replies.

KoronaAxe02

Vendor
Jul 10, 2008
6
I have 2 Cisco 2610 routers with the password recovery disabled. I've tried all the solutions Cisco's website has offered, or that I could find. Here is the link I found:


When I send the break command after I see "Image text-base", I answer the prompts but it doesn't reset the unit to the factory defaults....both routers go straight back to being password protected with no Rommon access. Am I screwed? or is there another way around this?

I'm most likely going to return these units anyway for reasons other than the recovery problem, but I'd still like to know if anyone can help...just in case they won't take the units back and for future reference. Thanks for reading, any help would be greatly appreciated!
 
VCutrone,
I'm sorry, I guess I didn't explain the problem enough. I can't access Rommon AT ALL, therefore the classic password recovery doesn't work. Sending a break command doesn't give me a rom prompt, it asks me this:

PASSWORD RECOVERY IS DISABLED
Do you want to reset the router to factory default
configuration and proceed [y/n] ?

Answering 'yes' gives me a short readout and then the router asks:

Are you sure you want to continue [y/n]?

Answering yes or no produces the same result, I don't get a Rommon or Router prompt, just a screen saying that I've entered a secured sovereign bank system (a previous owner) and then a password prompt. Of course, I don't have the passwords so I'm pretty much stuck :(
 
Factory defaults have a given username and password, like cisco and cisco...don't know them though...google it. I have seen this once, a similar deal, where the router was configured to authenticate to aaa...I'll see if I can look up my notes on it...that's a good one...

Burt
 
Burt,

Thanks for replying, I've tried looking up default usernames and passwords for 2600's without much luck. I tried cisco, Cisco, admin, Admin, Cisco admin, 123cisco123, and everything else I can think of and nothing has worked. If you find something in your notes, please let me know!

 
You are screwed. Ship them back to Cisco. Or get another NVRAM chip and install that. However, that will cost more than the routers are worth.
 
Tad---how does a router become like that? Can someone set a router to disable password recovery? Why is his like that?

Burt
 
daffymd,
Thanks for replying but that link takes you to the same page I cited in my first post.

Cluebird,
I had a few older NVRAM chips that I tried installing with no luck, granted they were from units I had listed as 'bad' that I wasn't sure what their problems were. I'm sending the units back today.

Thanks to everyone who replied and tried to help, this forum is great!

 
Burt,

As eurobadger states: no service password-recovery

It is one of the "hidden" IOS commands that is now talked about. Where this is used is in locations where you can't provide physical security to the router and you want to prevent someone from doing a password recovery on the box and compromising the network. (I've seen so many small networks or college campuses that use unlocked janitor closets as IDFs...Any Cisco Academy student or CCNA wannabe can practice password recoveries if they are ethically challenged!) Also, if they rip off the box and try to sell on e-bay, the box is useless.

As Cisco says, if you disable the password-recovery mechanism, your choices are limited if you can't remember your passwords so make sure you have some way to access the box (passwords or AAA servers available or such).

Some routers will clear the NVRAM when you remove the chip from the motherboard. However, the 2600 uses EEPROMs that won't reset.
 
What about ultraviolet light, like an EEPROM program burn machine? Also, are there no jumpers to reset NVRAM?
I remember having to deal with one from AT&T, but it was a bit different---it was set to authenticate to AAA, and I had to do some little trick to get it to do password recovery. Why, then, when KoronaAxe02 was asked by the router if he wanted to reset to factory defaults, did the router not accept cisco/cisco? Aren't they initially set up like
username cisco priv 15 password cisco
???

Burt
 
Where is the NVRAM on a 2620, physical location on the board? I see the boot ROM, and I know where the flash and DRAM are, of course, and I see the reset jumperpins (just reloads the router), and the DUART pins to set console speed...but where is the NVRAM chip?

Burt
 
I don't have a diagram available and am too lazy to rip open my 2600s and take a picture, but the NVRAM chip is next to the ROM chip on the motherboard. If you look from the back end of the router with the case off (the end with the interfaces and power supply), there are two removable chips by the flash. The left one is the ROM and the right one is the NVRAM.

Most of Cisco's diagrams don't specifically show exact locations of the various chips. And TAC won't send detailed schematics for some strange reason?

Or you can just de-solder everything from the motherboard...(evil laughter...)
 
I have a 2500 series router, how do I clear the previously configured memory to start again, as I cannot remeber the access password???

M Steele
Network+
CCENT
 
First off, you're piggybacking on this thread. Second, you can easily google "password recovery cisco 2500". Third, to start, send a break and in rom monitor, ...

rommon1>o/r 0x2142
rommon2>reset

Then copy start run, and change the passwords.

Burt
 
Figured out a good fix (risky) for this...

Took out NVRAM chip, powered router on, let it load all the way, then did

router>en
router#wr
It said that the config had been previously written with a different IOS, blablabla, do you want to continue? (confirm)

Here's the risky part...

With power on, I reseated the NVRAM chip, the hit enter to confirm---it saved the default config to NVRAM, but changed the config register on reload to 2122 (19200 BAUD). But it worked. Yay.

After reloading, it warned me that "this will disable the password recovery mechanism, blablabla...Are you sure?"

This is the output you get when you initially do the command "no service password-recovery". I said "n", and it was as if everything was reset to factory defaults. The config register may have been set to 2122 because I loaded the router without NVRAM...

Burt
 
I would have thought changing the config register in rommon to not use the start-up config would have gotten around the problem.

[the other] Bill
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top