This procedure requires knowing a bit about the config register. Its value tells the router what to do upon next reset (reboot).
- 0x2100: Boot into ROMMON before IOS
- 0x2101: Boot the IOS from Flash
- 0x2102: Boot the IOS as specified by the boot system commands in the startup-config
- 0x2142: Bypass the startup-config (and enter setup mode)
The break sequence usually is Ctrl-Break. But that doesn't work in all cases and Cisco has a nice list compiled. One way to simulate the break sequence is to connect at 1200 baud, 8N1, and then hold space for 15 seconds, after which you reconnect at 9600 baud, 8N1 again, and then you can do your thing.
Once in ROMMON change the register first with confreg 0x2142 and then issue reset to reload the device. It will boot into IOS and won't load the startup-config and thus will prompt you with the setup process. You can skip it with CTRL-C. Then you are free to look at the startup-config, or even copy it to the running-config. If you do this, simply change the passwords, issue no shutdown on all your interfaces, and reload. Make sure you record the passwords in a secure document or app as going through this process isn't very convenient and cannot be done remotely!
I wish this whole process of entering ROMMON wasn't so kludgy and so backwards. I wish we could just press the letter "q" during the boot process and enter ROMMON, instead of relying on some special and secretive break sequence. But that is not how the engineering minds designed these systems and so we must learn their ways if we don't have the password.
No comments:
Post a Comment