Password Recovery on a Cisco CSR1000V Router

Learn how to perform a password recovery on a Cisco CSR 1000V virtual router, when there is no physical console port.


You’ve deployed your first CSR1000V virtual router and through series of unfortunate events are no longer able to login to your device.  Since it’s virtual, your console cable has no power here, so what do you do?
You’ll need access to the VMware host via the vSphere Client or vCenter to open the CSR1000V console.  We’re going to use the vSphere client.

Find the virtual machine by expanding that tree view or clicking Virtual Machines and typing in the name in the search filter.  Right-click the virtual machine and click Open Console.  This is just like being on the console of a regular router.  Click inside the console window and hit enter.  This will bring up the normal console login window.  Since we don’t remember our username and password we’ll have to
restart the guest VM by clicking Restart Guest and clicking Yes at the prompt.

Next we wait for the GRUB bootloader.  As soon as it appears, press C for command-line.  This is equivalent to ROMMON in IOS.
Type in ‘confreg’ to bring up the configuration register menu.  Answer “Y” to all of the prompts displayed.

The configuration register has been set to 2142, the standard for bypassing NVRAM.  Press ESC and Enter to boot from the highlighted entry.
After the router fully boots press Enter to get to the configuration prompt.  You can see we bypassed the configuration and are able to get to
enable mode.

Our running-config is blank.  Our startup-config is where we have our original configuration.

Here’s a Pro Tip:  Before continuing, backup the startup-config to bootflash: which is a different virtual file system than NVRAM.
ensuring we don’t accidentally overwrite our production configuration.
Now we need to copy the startup-config to the running-config to simulate the router booting normally.
Next go into configuration mode and set the configuration register back to the normal 0x2102.
Now we can set a new username and password and reset our enable secret.
Save the configuration, verify the configuration register, and perform a test reload to ensure the router comes up normally and we have access.

We’ve logged in with our new account, and we’re good to go!

Be the first to comment on "Password Recovery on a Cisco CSR1000V Router"

Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.