To access ROMMON mode, the break key sequence needs to be entered on the keyboard within 60 seconds of reboot. In ROMMON mode, the router software can be reloaded, at which time a new system configuration is prompted that includes new password.
The password recovery procedure enables anyone with console access the ability to access the router and its network. The no service password-recovery is a security enhancement feature that prevents the completion of the break key sequence and entering of ROMMON mode. It prevents users with console access from accessing the router configuration and clearing the password. It also prevents changes to the configuration register values and access to nonvolatile RAM (NVRAM).
The following message is seen during startup when the no service password-recovery command is configured:
Code View:
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright 1998 by cisco Systems, Inc.
C3600 processor with 65536 Kbytes of main memory
Main memory is configured to 64 bit mode with parity enabled
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program load complete, entry point: 0x80008000, size: 0x10ce394
Self decompressing the image : ####################################
###################################################################
###################################################################
################################################# [OK]
Smart Init is disabled. IOMEM set to: 10
Using iomem percentage: 10
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
of the Commercial Computer Software—Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-IS-M), Version 12.3(3), RELEASE SOFTWARE (fc2)
Copyright 1986-2003 by Cisco Systems, Inc.
Compiled Mon 18-Aug-03 19:03 by dchih
Image text-base: 0x60008950, data-base: 0x61B3E000
The following list outlines a few methods for recovering from a lost password when the no service password-recovery command is configured. These methods involve destroying the startup configuration; hence all configurations will be lost.
- Devices that have NVRAM chips can be removed and reseated. The NVRAM is implemented using battery-backed up static RAM (SRAM). Removing the SRAM erases the contents of NVRAM, which contain the no service password-recovery configuration.
- Other devices use an electrically erasable programmable read-only memory (EEPROM) to hold the configuration. The EEPROM is not erased when removed and is reseated; hence, recovery is not possible. (Contact the Cisco TAC support center for further assistance.)
- Another way to recover the lost password when the no service password-recovery command is configured becomes possible during the rebooting process of the router. (You must have console access to perform this task.) During the reboot process, press the break-key sequence combination within five to ten seconds of the image decompressing
(when you see the message Image text-base: .... on the console screen). At this point, the software will prompt you reset the router to the factory default configuration. See the sample output captured for this process that follows.
Code View:
System Bootstrap, Version 11.1(19)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright 1998 by Cisco Systems, Inc.
C3600 processor with 65536 Kbytes of main memory
Main memory is configured to 64 bit mode with parity enabled
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
program load complete, entry point: 0x80008000, size: 0x10ce394
Self decompressing the image :
#########################################################
##################################################################################
######
####################################################################### [OK]
Smart Init is disabled. IOMEM set to: 10
Using iomem percentage: 10
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
of the Commercial Computer Software—Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-IS-M), Version 12.3(3), RELEASE SOFTWARE (fc2)
Copyright 1986-2003 by Cisco Systems, Inc.
Compiled Mon 18-Aug-03 19:03 by dchih
Image text-base: 0x60008950, data-base: 0x61B3E000 hit CTRL-BREAK sequence here
PASSWORD RECOVERY IS DISABLED
Do you want to reset the router to factory default
configuration and proceed [y/n] ? y
Reset router configuration to factory default.
Cisco 3640 (R4700) processor (revision 0x00) with 59392K/6144K bytes of memory.
Processor board ID 09196037
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
2 Ethernet/IEEE 802.3 interface(s)
2 Voice FXO interface(s)
2 Voice FXS interface(s)
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
8192K bytes of processor board PCMCIA Slot0 flash (Read/Write)
20480K bytes of processor board PCMCIA Slot1 flash (Read/Write)
[OK][OK]
SETUP: new interface Ethernet0/0 placed in "shutdown" state
SETUP: new interface Ethernet1/0 placed in "shutdown" state
Press RETURN to get started!
Router>