Field Notice: FN - 63355 ISR G2 Routers Fail to Respond to Password Recovery Break Sequence Command: ROMMON Upgrade Needed
Published Date September 27, 2010
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Initial Public Release
|15.0(1r)M1 - CISCO1941/K9
|15.0(1r)M1 - CISCO1941/K9
|15.0(1r)M1 - CISCO2901/K9
|15.0(1r)M1 - CISCO2911/K9
|15.0(1r)M1 - CISCO2921/K9
|15.0(1r)M1 - CISCO2951/K9
|15.0(1r)M1 - CISCO3925/K9
|15.0(1r)M1 - CISCO3945/K9
Routers with ROMMON version 15.0(1r)M1 fail to respond to the break sequence command received from a device connected to the console port. This failure prevents normal password recovery of the device.
The Cisco IOS® password recovery process requires the user to send a break sequence keystroke during the initial ROMMON boot sequence to break out of the boot process. The user then sets the configuration register to ignore the Cisco IOS start-up configuration, providing the ability to reset the system password in the Cisco IOS.
Affected products with ROMMON version 15.0(1r)M1 ignore the break sequence during bootup. If the Cisco IOS configuration is set to ignore the control break sequence, the ability to reset the password remotely is lost.
On bootup when the Ctrl+Break sequence is sent via the console, the device does not drop to ROMMON but rather continues to boot the Cisco IOS image normally. This is a result of the signal being ignored.
- Remove the compact flash that contains the Cisco IOS image, and reset the system. Without the Cisco IOS image present, the system is forced to boot to the ROMMON prompt.
- At the ROMMON prompt, set the configuration register to ignore the system configuration using the ROMMON confreg CLI command as shown in this image:
- Reboot the device using the reset command. The system initializes to the default configuration with no password setting. The startup configuration remains on the NVRAM file system.
- Using the Cisco IOS enable EXEC command, enter privileged mode, and copy the startup configuration to the running configuration using the copy startup-config running-config privileged EXEC command.
- Once the configuration is loaded, configure the system for the new password using the appropriate commands.
Note: After completing this process, certain default commands remain in the active configuration. External interfaces for example are in a shutdown state and must be returned to active state using the no shutdown CLI config command under the specific interface in configuration mode. Review the running configuration for the presence of any additional default commands.
- Reset the configuration register to the proper level using the Cisco IOS config-register CLI command in configuration mode.
- When you are satisfied with the functionality of the system, copy the running configuration to the system startup configuration using the IOS copy running-config startup-config privileged EXEC CLI command.
Download and install the updated version according to the platform family shown in this table:
Note: The 15.0(1r)M8 ROMMON update for the C3900 series contains additional functionality specific to the C3900 series. While updating, it is recommended that the system be updated to the most current level.
Downloading the Image
Complete these steps in order to download the image:
- Go to the Cisco.com Download Software page, and choose Routers in the Select a Software Product Category area.
- On the Select a Product page, expand Branch Routers, expand your specific series of platforms, and then choose your platform.
- On the Select a Software Type page, choose the IOS ROMMON Software option.
- On the Select a Release page, choose the updated version of ROMMON (15.0(1r)M6 or 15.0(1r)M8) and follow the remaining download procedures.
Installing the Upgrade Version
The ROMMON image can be installed from any local storage device or remotely using standard transfer protocols. Using the upgrade rom-monitor file command, point to the target image. Once the system verifies the ROMMON image, you are prompted to initiate a power on reset of the system; select yes.
After erasing and programming the boot flash, the system reloads. Verify the proper ROMMON version is loaded using the show version command as shown in this image:
To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.