Rack of Ethernet switches.

How to Break In, Initialize, and Configure a Cisco Router

For the Cisco 2000/2500/2600/3000/4000/4500 Series Routers

We're going to see how to break in, initialize, and configure a Cisco router. The scenario is that you own a router that contains some unknown configuration. You can't get into it, so we will connect a console cable so we can bypass the usual startup process and enter the system configuration interface. We will re-initialize it, restoring it to the factory defaults. Then we will set new passwords and set up a new configuration.

The following sequence will work on the 2000, 2500, 2600, 3000, 4000 and 4500 series of Cisco routers. With some limitations, you could use it on other Cisco models. You will need to pay very close attention to the hex pattern used in the config-register command!

Cisco Catalyst switch programming

Also note that password recovery on a Cisco Catalyst switch is entirely different!

Yes, Cisco commands can be abbreviated. My personal taste is to type enough of them to be unique, then use the tab key to cause the IOS to complete the command. This gives me feedback that I'm really doing what I think that I'm doing, and it should make this explanation a bit more clear. Also remember that you can always press "?" while typing a command, and the IOS will show you the possible choices.

When I show router commands, the router prompt will be non-bold, and what you type will be bold. You can get away with pressing less keys by using the tab key.

I have no hope of creating a "just-enough" guide to the Cisco IOS commands here! You can find references at Cisco's web site.

The following assumes that you have a TFTP server holding a valid configuration file on a LAN to which the router can be connected. If necessary, use a cross-over cable between a router Ethernet port and a PC running Linux.

  1. Connect a serial terminal to the console port. This could be a dumb terminal, or a terminal emulator like Seyon (Linux, BSD) or ProComm or HyperTerm (Windows).
  2. Power on the router.
  3. Send a break character within the first 30 to 60 seconds. Your terminal emulator should be able to do this.
  4. Record the current value of the configuration register, usually 0x2102 or 0x102, possibly 0xFFFF2102. 
    > o
  5. Reset the router configuration to its defaults by overwriting a register and initializing (booting): 
    > o/r 0x2142
> initialize
  6. Do not enter the initial configuration dialog when asked.
  7. Connect one interface of the router to the LAN where the TFTP server is located.
  8. Do a minimal configuration of one interface "by hand". Change the interface name as appropriate, specify the appropriate netmask, and use some free IP address on that LAN. Note that the prompt changes to reflect whether you are in enabled (privileged) mode or not, and to show at what level you are configuring it. In the next to last command shown here, replace 0x2102 with whatever you recorded in the earlier step. 
    Router> enable
Router# configure terminal
Router(config)# interface ethernet 0
Router(config-if)# ip address 1.2.3.4 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# config-register 0x2102
Router(config)# exit
Router#
  9. Copy over a configuration file 
    Router# copy tftp startup-config
  10. Specify the IP address address of the TFTP server and the name of the file. Do not attempt to use the DNS name of the server (the router will have no idea what to do with that).
  11. Depending on the revision of your IOS, the above two steps might have been possible as the following single command, the server IP address and pathname adjusted as needed: 
    Router# copy tftp://1.2.3.24/configfilenamehere startup-config
  12. Reboot the router 
    Router# reload

There are other ways of configuring the router once you have it re-initialized:

Cisco 2514 router, Cisco 2912 Catalyst switch, and Cisco 4500 router

Cisco 2514 router, Cisco 2912XL Catalyst switch, Cisco 4500 router

Rack of Cisco routers, 3600 and 2600 series.

Other Pages