How To – Recover config from a Cisco router without passwords

So, you have a Cisco router that you need to extract the configuration from but have no idea what the access details might be? So long as you have physical access to the device, and a console cable you may be in luck.

The first thing to do is connect a serial cable and use something like PuTTY or Hyperterminal to connect to your device. I’m not going to describe that process herein, if you’re unsure of how to do that it’s probably best you not proceed further.

Once you’re connected to the device, you’re probably sat at a login screen. Turn off the router and remove its CF card (or press break in the boot sequence to enter ROMmon). Boot the router and without the CF card it should enter ROMmon.

You’re probably wondering what ROMmon is? ROMmon, or “ROM Monitor”, is a bootstrap program implemented in the firmware on your router that’s responsibility is to initialize hardware boot the IOS image for your device.

If you’ve successfully entered ROMmon, you’ll be presented with a screen that looks something like this:

Readonly ROMMON initialized
flash: CompactFlash not present.

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 2006 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c1841 platform with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled

Readonly ROMMON initialized
rommon 1 >

We now need to issue the “confreg” command to instruct ROMmon to bypass the startup configuration stored in the device’s non-volatile memory (NVRAM):

rommon 1 > confreg 0x2142

Once that’s done, issue the “reset” command and insert the CF card if you removed it earlier:

rommon 2 > reset

Your device will now restart after which you should be presented with a screen of text, ending with the initial configuration prompt:

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:

Press ‘n’ and hit return to get started. You now have have a factory clean device with no configuration. Lets get that configuration restored, enter enable mode:


At this point, it’s very important not to type the wrong thing or you could lose your configuration with no chance of restore. We need to copy the startup-config to the running-config:

Router#copy startup-config running-config

And you’re done. All you need to do now is reset the password so you can get back in at a later date:

GATEWAY#conf t
GATEWAY(config)#username cisco privilege 15 password cisco
GATEWAY(config)#enable secret cisco
GATEWAY#write memory
Building configuration...

You now have access to the device and full access to its configuration.

