Removing a router password

Answered Question
Feb 6th, 2003

Once a password has been set, is it possible to remove it from the configuration? This router is passed around to students studying for the CCNA and they don't always document the password changes correctly. We would like them to remove the passwords they have set up before logging off. We have tried using standard passwords for the students to revert the routers back to but somehow one of them always manages to input it wrong! Does Cisco allow you to remove a routers passwords (not just change it) and how?

Netwiz35

I have this problem too.
0 votes
Correct Answer by wolfrikk about 12 years 4 months ago

Also, if there is an "enable Secret" command entered, it needs to be cleared with the "no enable secret", since the enable secret is used over the enable password if both are entered. The enable password is still there because some older configuration programs do not use the enable secret. The Doc link I posted earlier would be used if a student changes the password and leaves without clearing it and no one knows what it is. There is no way to keep anyone from entering a password once the get priviledged access.

Correct Answer by michael-faust about 12 years 4 months ago

from global configuration mode:

no enable password

line con 0

no login

no password

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
netwiz35 Thu, 02/06/2003 - 11:08

Thanks for the quick reply although we don't have an issue with recovering the passwords. We are hoping to comepletely remove the passwords rather than going through the hassle of recovering them. If the students remove them before logging off, the next student can start fresh with no problems from the previous passwords. I haven't been able to find any documentation on wether this is possible or not. Anyone ever hear of doing this?

Netwiz35

Correct Answer
michael-faust Thu, 02/06/2003 - 11:29

from global configuration mode:

no enable password

line con 0

no login

no password

end

a.manosca Thu, 02/06/2003 - 16:37

Just to add, the command "no enable password"

simply removes the configured password. But

if a new student, who probably knows how to

enter a password in a Cisco router, configured

a new password, you'll have the same problem.

I think this is just a matter of asking them

not to set any passwords at all for the sake

of those who are going to use the router next.

Correct Answer
wolfrikk Fri, 02/07/2003 - 04:44

Also, if there is an "enable Secret" command entered, it needs to be cleared with the "no enable secret", since the enable secret is used over the enable password if both are entered. The enable password is still there because some older configuration programs do not use the enable secret. The Doc link I posted earlier would be used if a student changes the password and leaves without clearing it and no one knows what it is. There is no way to keep anyone from entering a password once the get priviledged access.

netwiz35 Fri, 02/07/2003 - 11:00

I will need to add this since we walk the students through setting up a secret password. Thanks for all of your help!

Joanne

nicolaswatson Thu, 02/13/2003 - 17:21

It seems the overall issue you have is one of Academy policy. Shouldn't the class Lab set be left "clean" at the end of each students use? Given this, the teacher of the next class or group finding such problems should take it up with the previous instructor (through the appropriate channels), so that the student who failed to leave the config at default would lose lab time that was lost from students in the next class.

Politics aside, let the students learn to do password recovery when this happens as part of their training when learning to apply passwords!

Nic.

ttuncaral Mon, 02/17/2003 - 05:11

It would be good before leaving the class by entering

CONFIG-REG 0x2142

command which does not require RUNNING-CONFIG should be copied to STARTUP and your router will always reloads with factory config unless it has been changed to 0x2102.

Bear in mind that your latest copied config will still reside on STARTUP-CONFIG. This command helps you to access any router without knowing anything.

Actions

This Discussion