Password Recovery Procedure for Cisco 2600 and 2800 Series Routers

If you buy used Cisco device for your Cisco home lab, your used router/switch configuration most likely already erased to default configuration by the reseller. But what if you got a router/switch with password in it, or you forgot the password you gave to the device.


Cisco devices have a password recovery procedure that you can use to overcome this problem, some devices might have different procedure for password recovery.

The steps that I'm showing here is for Cisco 2600 and 2800 series routers, but most routers have the common steps to follow.
Some Cisco switches series have a button on the chassis that you must press for password recovery.

WARNING!!!

The password recovery procedure will wipe out all configuration in the router/switch, it is always a good idea to backup your configuration regularly and use the backup to reconfigure the router/switch after password recovery procedure.

To recover the password first you need to enter the ROMmon mode, for 2600 and 2800 series routers you need to change the configuration register from 0x2102 to 0x2142, then reset the router.

rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect

rommon 2 > reset

Changing the configuration register from 0x2102 to 0x2142 tells the router to ignore the configuration in the NVRAM - where you place the password for the router.

This is why you must backup the configuration file to TFTP server regularly, so you can recover the configuration file if something like this happen in the future.

Your router will reload after the "reset" command in the ROMmon mode with no configuration, so it will ask again whether you want to enter the initial configuration prompt again, just answer no to this:

Would you like to enter the initial configuration dialog? [yes/no]: no

At this point you can enter the router without providing the password, if you check with show version command you will get that the configuration register has changed:

router# show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 20480K/4096K bytes of memory.
Processor board ID JAB0317052N (1135645455)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Next thing is to fill in your new password or erase the password requirement from the router configuration mode. Use enable password or enable secret, saver to use enable secret.

router# configure terminal
router (config)# enable secret Cisco

Don't forget to paste your backup configuration file to the terminal and save the running configuration:

router# write memory

or

router# copy running-config startup-config

Last thing to do and the most important part is to change back the configuration register to 0x2102, or else everytime your router reloads it will ignore the configuration file.

router (config)# config-register 0x2142

You can check with show version command that your configuration register value will change to 0x2102 after reloading the router.

router# show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 20480K/4096K bytes of memory.
Processor board ID JAB0317052N (1135645455)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configured from console Configuration register is 0x2142 (will be 0x2102 at next reload)

Reload the router using reload command:

router# reload

I don't think they will test you to recover password in CCNA exam, but they will ask you about the configuration register value you must change for password recovery procedure, just remember the values.

Read more!

Fastest Way to Recover or Upgrade Cisco IOS using tftpdnld

There are many articles about how to recover or upgrade your Cisco IOS, but personally I find that using tftpdnld is the fastest and easiest way to do this.

tftpdnld is a command that you can use in the ROMmon mode of Cisco devices.

Using tftpdnld you can download files directly to the Cisco routers or switches from ROMmon mode using the console cable (serial connection).

In order to use the tftpdnld command you need a TFTP server running in your computer, any TFTP server will do.
In this example I recover my Cisco IOS image for my 2611 router, but this tutorial also good for 2800 and 3800 series routers.

I need to tell you that you can use tftpdnld to download image file from TFTP server to the router but not from the router to TFTP server.

Also this command requires you to use the first LAN port in the router - in 2611 is ethernet 0/0 port like shown below.


But in 2621 router you can also use the Token Ring or Fast Ethernet port.

WARNING!!!
Use this tutorial only if you understand the effect of the commands provided and you aware the effect of the procedures shown to a production or running network!

First thing you need to do to recover or upgrade Cisco IOS is prepare your IOS image file in the TFTP server folder.

Next is to get in to the ROMmon mode of the router.

In the ROMmon prompt, you need to set up some configuration for router to TFTP server connection. In this example I use the following configuration:


Issue the "set" command in the prompt, it shows the current configuration you've made, next is to type in the following commands:

rommon 1 > set

rommon 2 > IP_ADDRESS=171.68.171.0
rommon 3 > IP_SUBNET_MASK=255.255.254.0
rommon 4 > DEFAULT_GATEWAY=171.68.170.3
rommon 5 > TFTP_SERVER=171.69.1.129
rommon 6 > TFTP_FILE=c2600-is-mz.121-2.T.bin

Make sure you got everything right and your TFTP server is connected to the first LAN Port of the router.

Before issuing the tftpdnld, Cisco docummentation tells that in 2600 and 1720 series router, the tftpdnld in ROMmon mode might report a bad checksum comparison when it loads Cisco IOS software images of Cisco IOS Software Release 12.0(2.2)T or later - it's a bug thing.

To overcome this problem you need to issue another command:

rommon 7 > TFTP_CHECKSUM=0

Next you're ready to isssue tftpdnld command, type in the command as shown below then it will show you some output, answer y to the question prompted to you.
The question shows you that the content of the flash memory will be erased and replaced by the downloaded image file.

rommon 8 > tftpdnld

IP_ADDRESS: 10.1.1.1
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.1.1.1
TFTP_SERVER: 10.1.1.2
TFTP_FILE: c2600-is-mz.121-2.T.bin

Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y

Receiving c2600-is-mz.121-2.T.bin from 10.1.1.2 !!!!!.!!!!!!!!!!!!!!!!!!!.!!
File reception completed.
Copying file c2600-is-mz.121-2.T.bin to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000

rommon 9 >

At this point your new image will be in the flash memory if there is no problem with the connection from TFTP server to the router.

You can verify that your image exist in the flash using the following command:

rommon 9 > dir flash:
File size Checksum File name
4603828 bytes (0x463fb4) 0x9719 c2600-i-mz.121-2.T.bin
rommon 10 >

Last thing to do is to set the boot command to tell the router that you want it to boot using the image file you just downloaded:

rommon 10 > boot flash:c2600-i-mz.121-2.T.bin
program load complete, entry point: 0x80008000, size: 0x51c0dc
Self decompressing the image : #################################################
##################################
...

That's it you just successfully recover your Cisco IOS image, check the new image using the show version from the router prompt:

Router2611>sh version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(2)T, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Tue 16-May-00 15:15 by ccai
Image text-base: 0x80008088, data-base: 0x80865F64

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router2611 uptime is 1 minute
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-2.T.bin"

cisco 2611 (MPC860) processor (revision 0x202) with 22528K/2048K bytes of memory.
Processor board ID JAB0317052N (1135645455)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Read more!

Router Stuck in ROMMON Mode

One time in a project, I worked on Cisco Catalyst 6500 series, it's one of the biggest switches you can find in the market, not to mention very expensive too.

The thing is it was using CatOS instead of IOS, the client only want to use IOS. CatOS is another flavor of Cisco Operating System which uses a set based commands. Meaning when you want to configure something the command usually use "set" as the first command.

So I upgraded the image to IOS, I had to change several switches since they were using quite a lot of those switches.

Then the problem came, one of the switches stuck in the ROMMON mode. It's not showing the normal switch > prompt but only the rommon 1 > prompt.

This is not a serious problem, I only forgot to change back the configuration register value.

You might have experienced this before, or in case you find this problem in the future, lucky you got in this post.

When a router/switch stuck in ROMMON mode, the first thing you need to check is the configuration register value.

The normal operation configuration register value is 0x2102, you can verify the value using the confreg command in the ROMMON prompt, or using show version in the normal prompt.

Here is the output you get if you have no problem with the configuration register:

rommon 1 > confreg


Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600

do you wish to change the configuration? y/n [n]:

And this is the output if you have the wrong configuration register:

rommon 2 > confreg

Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: the ROM Monitor

do you wish to change the configuration? y/n [n]:

With the confreg command, you'll also prompted if you want to change the configuration register value. Type y if you want to change it or type n or press enter if you want to leave it.

If you type y, you'd be taken to a series of questions, just answer no to all but the change the boot characteristics, set the value on the next prompt to 2.

rommon 2 > confreg

Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: the ROM Monitor

do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
disable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]: y
enter to boot:
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
[0]: 2

Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600

do you wish to change the configuration? y/n [n]: n
You must reset or power cycle for new config to take effect

Reset the device using the following command:

rommon 3 > reset

With the above steps, your Cisco device should be running normal again but if it's not, that means the device might unable to find the valid IOS image. This can happen because of mistype or even corrupted image file.

Verify first that you have a valid IOS image using:

rommon 3 > dir flash:
File size Checksum File name
3114612 bytes (0x2f8674) 0x7612 c2600-i-mz.113-9.T

There you can see I have an IOS image c2600-i-mz.113-9.T, then set the device to boot from the image using boot flash: command followed by the name of the IOS image.

rommon 2 > boot flash:c2600-i-mz.122-10b.bin
program load complete, entry point: 0x80008000, size: 0x51c0dc
Self decompressing the image : #################################################
##################################

It will decompress the image and start loading the device normally.

Related to the CCNA exam, the most common question for configuration register is the default value of the confreg which is 0x2102 and the value needed to disregard the content of the NVRAM (for password recovery) which is 0x2142

Read more!

First Steps in Home Network Troubleshooting

When you realized there's something wrong with your home network, you need to do first steps of troubleshooting using this tool I show on the left picture.

Isn't that windows command prompt? you bet it is, you don't need some kick ass software just to find out your home network problems.
I usually jump right to command prompt to find out what happen on my network.

Step One:
You need to type in this command at the command prompt:

ping 127.0.0.1

What this does is pinging your own network card, if you get reply then there's nothing wrong with it, if no reply this means there's a problem with your TCP/IP stack.
There is a question related to TCP/IP stack in the CCNA exam.
You can use the following commands to reset your TCP/IP stack:

netsh int ip reset resetlog.txt


netsh winsock reset catalog

Step Two:
No problem with your TCP/IP stack but still no connection, try pinging other devices in the network.
Say you know your router has IP address of 192.168.1.1 then type the following:

ping 192.168.1.1

If there's replies then you know there's no problem within your internal network, if not type the following to find out whether you got IP from the router if you use DHCP:

ipconfig /all

If you don't get IP from the router do the following to renew your IP

ipconfig /release




ipconfig /renew

Step Three:
Hmmm... you can connect to other devices in your network but can't get to the internet. Try to ping google using:

ping google.com

If you find no replies, try to ping using IP address of external site, for example I know that google.com has 72.14.207.99 IP address then I ping it:

ping 72.14.207.99

If it works out then there's a problem with your ISP's DNS servers, try to contact your ISP about this.
If you still can't get to the internet, try turn off all the devices in your network for about 10 minutes and turn them on again using the following order:

Modem - Router - Switch - Your computer

You need also check your firewall settings, the easy way but not recommended is to shut down your firewall just for a moment and try connecting to the internet while the firewall down. This is to find out if your firewall is blocking your access to the internet.

Now the above steps are only the first steps you need to take if you have problem with your network, there are way too much problems that can happen in a network but you can use these steps for your guidelines in troubleshooting network.

Read more!

OSI Layers in CCNA Exam

Is it really necessary to learn about the OSI layers? yes I'm afraid it is. I know it's a boring theory type, but they really useful for troubleshooting network and there can be a lot of questions in the CCNA exam related to OSI Layers.

OSI layers is a conceptual thing that urge all vendors for network devices to follow their concept so all devices from different vendors can communicate. Long time ago before this concept exist, the devices from one vendor can't communicate with other vendors'.

Basically they say that some functions should exist only on a certain layer and a change in one layer would not affect other layers' functions.
This is how you use OSI layers as troubleshooting tool. You first find out which function of the layer having error, then you can concentrate on that layer's devices to do troubleshooting.
I know it sounds simple, but it does cut your time a lot in troubleshooting.

The OSI Layers are counted from bottom up, starting from layer 1 which is the Physical Layer to layer 7 which is the Application Layer.
The whole seven layers are then divided into two different groups.
Layer 7 to 5 which are the top layers focus on the users of the networks, while the bottom layers 4 to 1 are for the network it self.

In my opinion, the bottom 4 layers are the ones that you as a network engineer or as CCNA candidates should focus more. In case of CCNA, there are many questions related to these bottom 4 layers and some quite easy questions for the upper layers.

Here are the brief descriptions of the functions that each layers do:


Application Layer
It provides the User Interface for the users, in this layer you can find stuffs like database, HTTP, Telnet, FTP, TFTP, etc.
Some questions regarding this layer should be some kind like matching question, to match which items go to which layer, or HTTP belongs to which layer, etc.

Presentation Layer
This layer deals with the presentation of data, encryption, etc.
For CCNA exam, I have never found question related to this layer and also the session layer, but just to be safe, you need to at least understand the function of each layer.

Session Layer
Session Layer handles the data so data on one application won't go to other applications.

Transport Layer
Now from here to bottom layer, are the layers you need to focus on, you need to remember which bottom layers handle which type of transmission unit.
For Transport Layer, it divides data from the upper layers into segments.
Transport layer performs acknowledgement of transmissions to ensure reliable end-to-end transmission (used for WAN connection), sequencing, flow control functions, and error correction before transmission.
The protocols deal with this layer are protocols like TCP and UDP.
In CCNA exam you'd likely get questions like which layer handles WAN, the functions that Transport Layer do, the data structure of TCP or UDP, etc.

Network Layer
This layer handles packet to do logical path selection/logical addressing for your network, this is where you can find IP address as in logical address.
If you know there's a problem related to IP address, you know you should focus on this layer's devices.
The protocols exist in this layer are IP, IPX, etc.
Remember the devices related to this layer such as routers and layer 3 switches.
Related to CCNA, you can find questions like which layer deals with packets or logical address, if you can't ping your network at which layer this problem associated with, etc.

Data Link Layer
Data Link Layer deals with frames as the transmission unit. This layer also handles the physical addressing of your network i.e. MAC Address.
It performs error detection but not error correction, remember this, you can sometime switch this with the function of Transport Layer.
The devices related to this layer are switches and bridges.
You might just find questions for frame, the functions of this layer, MAC address in CCNA exam.

Physical Layer
This layer handles the transmission of bits in network, meaning this is the closest you can get to the physical wiring in your network.
The devices related to this layer? Your NIC, cables, repeaters and hubs. Yes, hubs basically only retransmit bits so they belong in physical layer.

Another thing to note about CCNA question for OSI Layer is that you have to remember how the layers handle data.
From the top to bottom it would be like this.
Data - Segment - Packet - Frame - Bit

There you have it, OSI Layers, some people would just pass on this topic (because it's so boring) and find out later the exam has many questions related to it.
But if you know a little bit about OSI layers, you surely can troubleshoot your network faster.
Just remember not to underestimate any topic for the exam.

Read more!

Scan for Network Vulnerabilities

Tenable Nessus from http://www.nessus.org is the tool of my choice if I want to scan my network for vulnerabilities.

Say like this, I want to know if my network is safe from dangerous people that want to mess up my network, I need to know are there any "holes" that can be an advantage to those people. So I run my tenable nessus from my PC, scan all computers in my network, and the nessus will provide me details of all vulnerabilities.
They'll also give you the details of each vulnerabilities, which ports are currently open, what's the meaning of it, is it dangerous, the links to the description, etc.

To start trying nessus is very easy, first you can download it for free from http://www.nessus.org/download/, get your activation code free for home usage, and start installing it.

 

This is the look of your nessus once installed, you can start by clicking on the "Start Scan Task" button to start scanning vulnerabilities.

  

Enter the hostname or the IP address of the computer you want to scan.

 

The above information will be given to show you the status of the scan.

And last you will be given the result of the scan in html format, below is the example of the report:

 

I highly recommend that you use nessus to scan for vulnerabilities in your network, it also gives you some info about the network, for newbies, you can learn about ports, which port is used for what.

Happy scanning. 

Read more!

169.254.X.X IP Problem

Some of you might have had this problem in the past, you know that your network working perfectly yet suddenly its not working and only showing ip address 169.254.X.X where X can be 0 to 255.

This can happen if you use DHCP in your network. What happen is that the computer set as DHCP client will search for DHCP server and when it can't find the server it will automatically assign ip address of 169.254.X.X. This is actually called APIPA (Automatic Private IP Addressing).

In case of Vista, it will search for DHCP server for about 6 seconds and then assign the APIPA, it will continuously search the server afterward - or so they say.
There are several ways to solve this problem:

First thing to try is renew the ip of the client, use the following commands in the command prompt.
Note: You can find the command prompt at the Start menu > Run and then type cmd and press enter.

ipconfig /release

ipconfig /renew

Now this is rarely solve the problem because chances are that you have a networking equipment problem. If the above step not working, try shutdown all the networking devices, leave it be for about 30 seconds and start them in the following order:

Cable/DSL Modem - Router - Switch - Computer clients.

Perhaps the problem even at the cables, try using other cable for your connectivity.

The last resort is to reset the TCP/IP stack in your client. Sometimes the TCP/IP stack gets corrupted/damaged and you need to reset using the following commands at the command prompt:

netsh int ip reset resetlog.txt

netsh winsock reset catalog

after issuing the commands, reboot your computer.

I hope this can solve your 169.254.X.X problem.

Read more!

Wireless Connection Disappeared

A very strange thing happened to me today, my wireless connection suddenly disappeared. I do mean that my laptop didn't recognized wireless hardware and not a problem with the SSID or anything else. It didn't even show up at the Device Manager.
I've been using wireless connection for networking from the first day I bought my HP laptop, its using broadcom adapter.

I browsed the internet to find the solutions, some people suggest the HP laptops have malfunction on the hardware, try to update the driver, and some suggest to update the BIOS and set the wireless option in the BIOS to be enabled.
The problem is the BIOS don't have any wireless option - I even updated the BIOS to the newest version - and I did update the driver, still no luck...

Under the frustration, I uninstalled the wireless driver and the HP wireless assistant, then turned off the laptop, I unplugged the battery, left it for about a minute, plug it again. Next I pushed the power button for about 30 seconds - they say this will reset the BIOS - the laptop turned on and off again because I held the power button.

The Vista came up and what do you know, the wireless back alive again yippeeee...
I have no clue what happened, still looking what caused the problem, but I do know that most problem like this happen to the HP or Compaq laptops.

I really don't know which step I took solved the problem, but I hope this is helpful for you. Any clearance about this problem will be very much appreciated.

Read more!