Cisco Catalyst IR1101 Rugged Series Router Software Configuration Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: April 21, 2026

Chapter: FirstNet Trusted

FirstNet Trusted
Key considerations
Supported devices
Limitations
Verify ROMMON variable for FirstNet Security
AAA considerations in FirstNet Trusted mode

FirstNet Trusted

FirstNet Security is a wireless feature that enhances the security and reliability of Cisco devices.

Starting from Cisco IOS-XE Release 26.1.1, you can enable FirstNet Trusted mode on Cisco Catalyst IR1101, IR1833 and IR1835 routers. FirstNet Trusted uses a non-volatile environment variable as a flag in ROMMON called as FirstNet Security flag during runtime deployments.

When the FirstNet flag is turned on, it:

enhances system security when you assign a unique password to each device at the start of deployment, ensuring compliance,
automatically applies security settings after removing any vulnerable firmware,
disables any unused interfaces,
allows FirstNet Trusted deployments,
supports compliant communications with data protection,
ensures only authorized users can access management interfaces such as SSH.

Key considerations

Consider these points before using FirstNet Security:

Ensure the FirstNet Security flag is enabled at system boot for Day-0 configuration to apply FirstNet settings.
Use Cisco Catalyst IR1101, IR1833 and IR1835 routers which are compatible with FirstNet Trusted support for FirstNet ready cellular Pluggable Interface Modules (PIMs)
Ensure to disable WebUI interface as per FirstNet Trusted requirements.
Enable SSH and configure it securely for FirstNet based devices.
You must check if the FirstNet Security flag: MFG_FNET_MODE is set to a value of 1 or not and then enable the FirstNet Trusted mode for the devices.

Supported devices

The table lists FirstNet Trusted 5G supported devices on Cisco Catalyst IR1101 and IR1800 Rugged Series Routers.

Table 1. FirstNet Trusted supported devices on Cisco Catalyst IR1101 and IR1800 Rugged Series Routers
Router	PIM	Router Series Name
IR1101-A-K9	P-5GS6-GL	Cisco Catalyst IR1101 Rugged Series Router
IR1101-K9	P-5GS6-GL	Cisco Catalyst IR1101 Rugged Series Router
R1101-K9	P-5GS6-R16SA-GL	Cisco Catalyst IR1101 Rugged Series Router
IR1833-K9	P-5GS6-GL	Cisco Catalyst IR1800 Rugged Series Router
IR1833-K9	P-5GS6-R16SA-GL	Cisco Catalyst IR1800 Rugged Series Router
IR1835-K9	P-5GS6-R16SA-GL	Cisco Catalyst IR1800 Rugged Series Router

Limitations

Limitations while using FirstNet Security are as listed:

The router does not support online insertion and removal (OIR) of modules while in FirstNet mode. Install all modules before system boot to avoid the router from rebooting or crashing.
Root login is disabled by default and can only be temporarily enabled for support purposes.
You cannot enable or disable the FirstNet Trusted settings dynamically once the deployment starts.

Verify ROMMON variable for FirstNet Security

Use this task to verify if the ROMMON variable is enabled for FirstNet Security to work on the router.

Procedure

Step 1

Use the enable command to enter the router EXEC mode.

Example:

Router> enable

Step 2

Enter password if prompted for a password before you access the privileged EXEC mode.

Example:

Password:passwd123

Step 3

Use show romvar command to display the ROMMON variables.

Example:

Router# show romvar

Note

Either MFG_FNET_MODE=1 or MFG_FNET_MODE=0 appears in the ROMMON variables list.

If MFG_FNET_MODE=1, then FirstNet Trusted mode is enabled. If MFG_FNET_MODE=0 then it is not in FirstNet Trusted mode.

AAA considerations in FirstNet Trusted mode

For FirstNet Trusted Authentication, Authorization, and Accounting (AAA) requirements, you must consider these points:

During the initial Day-0 configuration wizard, when FirstNet mode is detected on supported platforms, the option [0] to bypass strong password enforcement is disabled.
After a preset number of failed login attempts on the console port, the device enters Quiet Mode .

Note

In the Quiet Mode:

SSH connections to the device are blocked for a defined period of time.
Access Control List (ACL) is configured and applied to the Virtual Teletype (VTY) lines.
If no ACL is configured, then a default ACL is applied.
Only authorized users defined by ACL, can attempt login during Quiet Mode.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)