The register code of a Cisco switch is an 16-bit value used to control the switch behavior during booting process.

From congifuration mode:

SW1(config)#config-register 0x2100
SW1(config)#end
SW1#show version
SW1#write memory

From ROM monitor mode:
This is a way to baypass devices authentication. Normally it is for reset the forgotten passwords.

rommon1>confreg 0x2142
rommon1>set
rommon1>reset

Erase all custom seetings or reset forgotten passwords.

Approach: Delete configuration files and VLAN infomation.

1. Under Global Execution mode, issue write erase to delete both start-configuration and running-configuration.
2. Issuing delete flash:vlan.dat to delete/reset vlan configuration.
3. reload switches/routers without save when prompt for configuration modified.

switch#write erase                  //reset configurations (not clear the boot variables, such as config-register and boot system settings)
switch#dir flash:                   //check vlan.dat file before deletation
switch#delete falsh:vlan.dat        //reset vlan configuration
switch#reload                       //reboot devices without save

By accessing ROM mode, you may bypass existing start-config file being loaded at the next boot. Then you can get into switch/router without custom configurations and do whatever you need.

1. Connect to console port of the switch/router.
2. Power off the device, then power on and bring it into switch: or rommon> prompt by breaking normal boot-up process. There are two ways:
   • Physical buttons: Hold down the mode button located on the front panel, while reconnect the power cable.
     • Catalyst 3560, 3750: Release the mode button after approximately 15 seconds when the SYST LED turns solid green or off. When release the mode button, the SYST LED blinks green.
     • Catalyst 2900XL, 2500XL: Release the mode button when the LED above port1x goes out.

     Notes: The break methods may differ among different cisco models. Always referring to manuals.

   • Software break-key: The devices boot loader detects a break-key input to stop the automatic boot sequence for the password recovery purposes.
     • Hyperterminal: Press Ctrl + Break or send a break signal via menu.
     • Unix terminal: Press Ctrl + C for the break-key.
3. Under recovery mode, find and rename current existing start-config file. Then reboot.

switch: flash_init
switch: load_helper
switch: dir flash:
 Directory of flash:/
    5    -rwx    402    <date>    config.text
switch: rename flash:config.text flash:config.old
switch: boot

4. After the device boots up, enter galobal configuration mode and name the config file back and load it as running-config.

S1(config)# rename flash:config.old flash:config.text
S1(config)# copy flash:config.text system:running-config

5. Overwrite the any existing password as you need.

rommon>confreg 0x2142
rommon>reset

Don't forget to set config-register back to 0x2102 after erasing configuration.

The commands available in ROMMON mode are vary in different Cisco devices. Normally, switches has less than routers.

Connect a switch/router at console port through a terminal app, like Tera Term.
For old model switchs:

• Press and hold the "mode" button while powering on or reloading the switch.
• Keep holding the "mode" button untill seeing switch: prompt appeared on your terminal, or the SYST light on front panel is stable/off. It is roughly about 10-15 seconds. For routers:
• Power on or reload the router and keep pressing break button of keyboard till rommon: prompt appears.

The commands using xmodem in a switch is different from router. To use xmodem, you need levarage copy command in a switch, while a router is able to use xmodem as a command directly.

Notes: It is not always the case, above experience is based on old Cisco switches and routers manufacturing around 2010s.

Below steps are tested on a switch c2960 series:

1️⃣ Initiate/Mount flash drive under ROMMON mode so that you can access it.

switch: flash_init
switch: dir flash:

2️⃣ Increase the speed rates of serial connection. It needs to be done on both sides, switch and TeraTerm.

switch: set BAUD 115200

Edit the searial-rate of the current terminal connection to 115200 as well. Otherwise, you can not type commands on terminal screen properly.
3️⃣ Set the switch to be ready to recive the file transsion that costs time as the speed limitation.

switch: copy xmodem: flash:c2960-lanbasek9-150-2.ie10.bin
Begin the Xmodem or Xmodem-1K transfer now...
CCC

4️⃣ From the terminal (TeraTerm) main manu select File > Transfer > XMODEM > Send, then chose your .bin file to start transission.

5️⃣ Check results, reverse the searial-rate and re-boot switch.

File "xmodem:" successfully copied to "Flash:c2960-lanbasek9-150-2.ie10.bin"
switch: dir flash:
switch: set BAUD 9600
switch: boot flash:c2960-lanbasek9-150-2.ie10.bin
Loading "flash:c2960-lanbasek9-150-2.ie10.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@

6️⃣ Enter config mode and set the system boot image.

switch>enable
switch#configure terminal
switch(config)#boot system flash:c2960-lanbasek9-150-2.ie10.bin
switch(config)#show boot
........
switch(config)#exit
switch#write
........
switch#reload
........

This method is only available on routers.