Cisco ASR 1000 Series Aggregation Services Routers ROMmon Upgrade Guide

This document contains procedures for upgrading ROMmon on Route Processors (RPs), Embedded Services Processors (ESPs), Modular Interface Processors (MIPs), and Shared Port Adapter Interface Processors (SIPs) on Cisco ASR 1000 Series Aggregation Services Routers.

ROMmon Overview

The ROMmon must be upgraded on an Cisco ASR 1000 Series Aggregation Services Router that requires a ROMmon upgrade. An upgrade to this image is necessary only if a system message on the router indicates that the ROMmon on the router requires an upgrade, or a Cisco technical support representative suggests a ROMmon upgrade.

The ROMmon can be upgraded on any of the following hardware components on a Cisco ASR 1000 Series Aggregation Services Router.


Note

The ROMmon for RPs, ESPs, MIPs, and SIPs can be upgraded collectively or individually.
  • Integrated RP1, field-replaceable ESP, and integrated SIP10 on the Cisco ASR 1002 Router (Cisco ASR1002)
  • Integrated RP1, ESP, and SIP10 on Cisco ASR 1002-Fixed Router (Cisco ASR 1002-F)
  • Cisco ASR 1000 Series Route Processor 1 (Cisco ASR1000-RP1)
  • Cisco ASR 1000 Series Route Processor 2 (Cisco ASR1000-RP2)
  • Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3)
  • Cisco ASR 1000 Embedded Services Processor 10G Non Crypto Capable (Cisco ASR1000-ESP10-N)
  • 5-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP5)
  • 10-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP10)
  • 20-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP20)
  • 40-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP40)
  • 100-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP100)
  • 200-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP200)
  • Cisco ASR 1001 Router
  • Cisco ASR 1002-X Router (from Release 15.2(4r)S onward)
  • Cisco ASR 1001-HX Router (from Release 16.2(2r) onward)
  • Cisco ASR 1002-HX Router (from Release 16.2(1r) onward)
  • Cisco ASR 1000 Fixed Ethernet Line Cards (ASR1000-2T+20X1GE, ASR1000-6TGE)
  • Cisco ASR 1000 Series SPA Interface Processor (SIP)10 (Cisco ASR1000-SIP10)
  • Cisco ASR 1000 Series SPA Interface Processor (SIP) 40 (Cisco ASR1000-SIP40)
  • Cisco ASR 1000 Modular Interface Processor (ASR1000-MIP100)
  • Cisco ASR 1000 ESP-100-X
  • Cisco ASR 1000 ESP-200-X

Compatibility Requirements

The following are the compatibility requirements for upgrading the ROMmon image:

  • You must have access to the privileged EXEC mode prompt or the diagnostic mode prompt on the router.
  • All the system components must be running Cisco IOS XE Release 2.4.0 or a later release before you perform the upgrade.
  • After you upgrade a system component to the current ROMmon release, you cannot run any Cisco IOS XE release earlier than Cisco IOS XE Release 2.4.0.

Note

During the downgrade process, if it is found that the existing ROMVAR table is too large to fit into the smaller table used in the target ROMmon release (that is, the earlier ROMmon release), the downgrade stops and an error message is displayed. This error message instructs you to drop the system to the ROMmon prompt and clear some of the variable settings. Follow these instructions, and then retry the downgrade.

ROMmon Release Requirements Matrix

The following table provides information about field-replaceable units (FRUs) of Cisco ASR 1000 Series Aggregation Services Routers supported in each ROMmon release.

Table 1. Supported ROMmon Releases for ASR 1000 Series Aggregation Services Routers FRUs
FRU 16.2(1r) 16.2(2r) 16.3(2r) 16.7(1r) 16.9(4r) 16.9(5r) 16.11(2r) 16.12(8r) 17.3(1r)

ASR 1000 RP2

Yes

Yes

Yes

Yes

Yes

ASR 1000 RP3

Yes

Yes

Yes

Yes

ASR 1001-X

Yes

Yes

Yes

Yes

Yes

ASR 1002-X

Yes

Yes

Yes

Yes

ASR 1001-HX

Yes

Yes

Yes

Yes

ASR 1002-HX

Yes

Yes

Yes

Yes

ASR 1000- ESP20

Yes

Yes

ASR 1000- ESP40

Yes

Yes

Yes

ASR 1000- ESP100

Yes

Yes

Yes

ASR 1000- ESP200

Yes

Yes

Yes

ASR 1000- ESP100-X

Yes

Yes

ASR 1000- ESP200-X

Yes

Yes

ASR 1000- SIP40

Yes

Yes

ASR 1000- 2T+ 20x 1GE

Yes

Yes

ASR 1000- 6TGE

Yes

Yes

ASR 1000- MIP100

Yes

Yes


Note

After upgrading the ROMmon to version 17.3(1r), you cannot revert it to a version earlier than 17.3(1r) for the following platforms:
  • ASR 1001-X

  • ASR 1001-HX

  • ASR 1002-HX

  • ASR 1000-RP3

This restriction is only applicable for these platforms. If you have upgraded to ROMmon version 17.3(1r) on any other platform, reverting to an earlier version of ROMmon is permitted and does not cause any technical issues.

Table 2. Minimum and Recommended ROMmon Release for RP and ESP FRUs
IOS XE RP2 RP3-Min ESP 20 ESP 40 ESP100 ESP200
Minimum Recommended Minimum Recommended Minimum Recommended Minimum Recommended Minimum Recommended Minimum Recommended

16.02

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.03

15.2(1r)S

16.3(2r)

16.3(2r)

16.3(2r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.04

15.2(1r)S

16.3(2r)

16.3(2r)

16.3(2r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.05

15.2(1r)S

16.3(2r)

16.3(2r)

16.3(2r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.06

15.2(1r)S

16.3(2r)

16.3(2r)

16.3(2r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.07

16.3(2r)

16.9(5r)

16.3(2r)

16.3(2r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.08

16.3(2r)

16.9(5r)

16.3(2r)

16.3(2r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.09

16.9(5r)

16.9(5r)

16.9(5r)

16.9(5r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.10

16.9(5r)

16.9(5r)

16.9(5r)

16.9(5r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.11

16.9(5r)

16.9(5r)

16.9(5r)

16.9(5r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

16.12

16.9(5r)

16.9(5r)

16.9(5r)

16.9(5r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

17.1

16.9(5r)

16.9(5r)

16.9(5r)

16.9(5r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

17.2

16.9(5r)

17.3(1r)

16.9(5r)

17.3(1r)

XNC

16.3(2r)

15.0(1R)S

16.3(2r)

15.3(1r)

16.3(2r)

15.3(1r)

16.3(2r)

17.3

16.9(5r)

17.3(1r)

16.9(5r)

17.3(1r)

XNC

16.3(2r)

15.0(1R)S

17.3(1r)

15.3(1r)

17.3(1r)

15.3(1r)

17.3(1r)

Table 3. Minimum and Recommended ROMmon Release for ASR 1000 ESP-100-X and ASR 1000 ESP-200-X

Cisco IOS XE Release

ASR 1000 ESP-100-X

ASR 1000 ESP-200-X

Minimum Recommended Minimum Recommended

16.12.3 *

16.11(2r)

16.11(2r)

16.11(2r)

16.11(2r)

17.1

16.11(2r)

16.11(2r)

16.11(2r)

16.11(2r)

17.2.x

16.12(8r)

16.12(8r)

16.12(8r)

16.12(8r)

Table 4. Minimum and Recommended Release for ASR 1000 Series Routers
Cisco IOS XE Release ASR 1001-X ASR 1002-X ASR 1001-HX ASR 1002-HX
Minimum Recommended Minimum Recommended Minimum Recommended Minimum Recommended

16.2.x

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.2(2r)

16.2(2r)

16.3(2r)

16.3.x

15.5(3r)S

16.3(2r)

15.5(3r)s

16.3(2r)

16.2(2r)

16.3(2r)

16.2(2r)

16.3(2r)

16.4.x

15.5(3r)S

16.3(2r)

15.5(3r)s

16.7(1r)

16.2(2r)

16.3(2r)

16.2(2r)

16.3(2r)

16.5.x

15.5(3r)S

16.3(2r)

15.5(3r)s

16.7(1r)

16.2(2r)

16.3(2r)

16.2(2r)

16.3(2r)

16.6.x

15.5(3r)S

16.3(2r)

16.7(1r)

16.7(1r)

16.2(2r)

16.3(2r)

16.2(2r)

16.3(2r)

16.7.x

15.5(3r)S

16.3(2r)

16.7(1r)

16.7(1r)

16.2(2r)

16.3(2r)

16.2(2r)

16.3(2r)

16.8.x

15.5(3r)S

16.3(2r)

16.7(1r)

16.7(1r)

16.2(2r)

16.3(2r)

16.2(2r)

16.3(2r)

16.9.x

16.9(4r)

16.9(4r)

16.7(1r)

16.7(1r)

16.9(4r)

16.9(4r)

16.9(4r)

16.9(4r)

16.10.x

16.9(4r)

16.9(4r)

16.7(1r)

16.7(1r)

16.9(4r)

16.9(4r)

16.9(4r)

16.9(4r)

16.11.x

16.9(4r)

16.9(4r)

16.7(1r)

16.7(1r)

16.9(4r)

16.9(4r)

16.9(4r)

16.9(4r)

16.12.x

16.9(4r)

16.9(4r)

16.7(1r)

16.7(1r)

16.9(4r)

16.9(4r)

16.9(4r)

16.9(4r)

17.1.x

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.2.x

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3.x

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)

17.3(1r)


Note

If you are on ASR 1000-RP2 platform, after upgrading ROMmon to 16.9(5r), upgrade FPGA to asr1000rpx86-hw-programmables.16.08.01.SPA.pkg or greater [FPGA version >=17071402]

To upgrade asr1000rpx86-hw-programmables.16.08.01.SPA.pkg, it is mandatory that you are on IOS XE Polaris 16.x image. Upgrading FPGA from IOS XE 3.x is not supported.

If you are on ASR 1000-RP3 platform, upgrading ROMmon to version 16.9(5r) does not require an upgrade of CPLD or FPGA.


Table 5. Minimum and Supported ROMmon Release for Other FRUs
Cisco IOS XE Release ASR 1000-2T+20X1GE ASR 1000-6TGE ASR 1000-MIP100 ASR 1000-SIP 40 Min
Minimum Recommended Minimum Rec ommended Minimum Recommended Mimimum Recommended

16.2.x

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.2(1r)

16.3(2r)

16.3.x

15.5(3r)S1

16.3(2r)

15.4(2r)S

16.3(2r)

15.5(3r)S1

16.3(2r)

15.5(3r)S1

16.3(2r)

16.4.x

15.5(3r)S1

16.3(2r)

15.4(2r)S

16.3(2r)

15.5(3r)S1

16.3(2r)

15.5(3r)S1

16.3(2r)

16.5.x

15.5(3r)S1

16.3(2r)

15.4(2r)S

16.3(2r)

15.5(3r)S1

16.3(2r)

15.5(3r)S1

16.3(2r)

16.6.x

15.5(3r)S1

16.3(2r)

15.4(2r)S

16.3(2r)

15.5(3r)S1

16.3(2r)

15.5(3r)S1

16.3(2r)

16.7.x

16.3(2r)

15.4(2r)S

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

15.5(3r)S1

16.3(2r)

16.8.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

16.9.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

16.10.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

16.11.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

16.12.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

17.1.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

17.2.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

17.3.x

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

16.3(2r)

15.5(3r)S1

16.3(2r)

Table 6. Supported ROMmon Releases for Upgrading All Subslots Using upgrade rom-monitor filename command
ROMmon Version 16.2(1r) 16.2(2r) 16.3(2r) 16.7(1r) 16.9(4r) 16.9(5r) 16.11(2r) 16.12(8r) 17.3(1r)
upgrade rom-monitor filename all

Yes

Yes

Yes

Yes

Hardware Programmable Requirements

The following table lists the required CPLD and FPGA versions for various ASR 1000 platforms:

Table 7. CPLD and FPGA versions
Platform Recommended CPLD Version Recommended FPGA Version

ASR 1002-RP2

14111801

18102401

ASR 1000-RP3

19091111

ASR 1000-ESP100

19051700

ASR 1000-ESP200

19051700

ASR 1000-ESP100-X

20030413

1908010d if installed in ASR 1006-X or ASR 1009-X chassis. 19080510 if installed in ASR 1013 chassis.

ASR 1000-ESP200-X

20030413

1908010d

ASR1000-MIP100

19041800

ASR1000-2T+20X1GE

19041600

10024

ASR1000-6TGE

19041600

10024

ASR1000-SIP40

00200900

ASR1000-ESP40

1003190E

ASR1001-X

19060309

ASR1002-X

14012203

20034

ASR1001-HX

19030215

16051716

ASR1002-HX

19030211

15102108

Upgrading to a recommended CPLD and FPGA can be performed using upgrade hw-programmable command. For more details, see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/cpld/hw_fp_upgrade.html

Table 8. CPLD Versions for Platforms Affected by Cisco Secure Boot Hardware Tampering Vulnerability
Platform Recommended CPLD Version

ASR 1000-RP3

19091111

ASR 1000-ESP100

19051700

ASR 1000-ESP200

19051700

ASR 1000-ESP100-X

19041811

ASR 1000-ESP200-X

19041811

ASR1000-MIP100

19041800

ASR1000-2T+20X1GE

19041600

ASR1000-6TGE

19041600

ASR1001-X

19060309

ASR1001-HX

19030215

ASR1002-HX

19030211

To upgrade to a platform that is affected by Cisco Secure Boot Hardware Tampering Vulnerability , see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/fpga_upgrade/fpga-upgrade/fpga-upgrade-modular-chassis.html


Note

Upgrading the version of hardware programmable supported for ASR 1000-ESP100X and ASR 1000-ESP200X can only be performed using Cisco IOS XE 17.2 or later image. For example, to upgrade the FPGA to 18101111 (Cisco IOS XE 16.12), first load the Cisco IOS XE 17.2 or later image to upgrade the FPGA and then roll back to the required software version.


Upgrading the ROMmon

This section covers the following topics:

Checking the Current ROMmon Version

If you are unsure whether a ROMmon upgrade is required or if you have installed a new RP, ESP, MIP, or SIP that requires an upgrade, follow the instructions provided in this section.

Run the show rom-monitor command or the show platform command to display the version of ROMmon running on any RP, ESP, MIP, or SIP in your router. If the output shows that the release to which you plan to upgrade is already installed, you need not upgrade the ROMmon. In the following example, the output of the show rom-monitor command indicates that an upgrade to Release 15.2(1r)S is not required:


Router# show rom-monitor r0
System Bootstrap, Version 15.2(1r)S, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2011 by cisco Systems, Inc.

If the output of the command indicates an earlier ROMmon version or a system message indicates that one of the ROMmon installations on the Cisco ASR 1000 Series Aggregation Services Routers needs an upgrade, a ROMmon upgrade may benefit the corresponding RP, ESP, MIP, or SIP. In the following example, the output of the show platform command shows that an earlier ROMmon version is currently installed. In this scenario, you can upgrade to Release 15.2(1r)S.


Router# show platform
Chassis type: ASR1004
Slot      Type                State                 Insert time (ago) 
--------- ------------------- --------------------- ----------------- 
0         MCP-CC              ok                    00:03:02      
 0/3      SPA-2X1GE-V2        ok                    00:00:37      
R0        ASR1000-RP1*        ok, active            00:03:02      
F0        ASR1000-ESP10*      ok, active            00:03:02      
P0        Unknown             ps, fail              never         
P1        Unknown             ps, fail              never         
Slot      CPLD Version        Firmware Version                        
--------- ------------------- --------------------------------------- 
0         07091401            15.0(1r)S                           
R0        09081701            15.0(1r)S                           
F0        07051650            15.0(1r)S 

Upgrading the ROMmon for All the RPs, ESPs, MIPs, and SIPs on a Router

If you want to upgrade the ROMMON and IOS at the same time, perform the following steps:

  • Copy the XE image to the router and configure the boot system to point to the new image.
  • Copy the ROMMON package to the router and perform the ROMMON upgrade.
  • Reload the router and verify that it boots to the IOS prompt on the new XE image.
  • Verify that the new ROMMON image was successfully installed using a show platform.

Use this procedure to upgrade the ROMmon for all the RPs, ESPs, MIPs, and SIPs on a router:


Note

Ensure that all the system components are running Cisco IOS XE Release 2.4.0 or a later release before you perform the procedure.

SUMMARY STEPS

  1. (Optional) Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to see the current release numbers of ROMmon on the hardware. See the Checking the Current ROMmon Version for information about interpreting the output of the command that you run.
  2. If the ROMmon image has not been copied onto the router, copy the PKG file that is made available as part of this ROMmon release onto the bootflash: or usb[0-1]: file system using the copy source-location destination-location command. For example, if you are upgrading to Release 15.2(1r)S, copy the asr1000-rommon.152-1r.S.pkg file.
  3. Run the dir file-system command to verify that the ROMmon file is copied into the specified directory.
  4. Run the upgrade rom-monitor filename location all command to begin the ROMmon image upgrade, where location is the path to the ROMmon file.
  5. Messages pertaining to the upgrade are displayed on the console. After the display of these messages stops and the router prompt is available, run the reload command to reload the router.
  6. If autoboot has not been enabled by using the config-register 0x2102 command, run the boot filesystem:/file-location command at the ROMmon prompt to boot the Cisco IOS XE image, where filesystem:/file-location is the path to the consolidated package file. The ROMmon upgrade is not permanent for any piece of hardware until the Cisco IOS XE image is booted.
  7. Run the enable command at the user prompt to enter the privileged EXEC mode after the boot is complete.
  8. Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to verify whether the ROMmon has been upgraded.

DETAILED STEPS


Step 1

(Optional) Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to see the current release numbers of ROMmon on the hardware. See the Checking the Current ROMmon Version for information about interpreting the output of the command that you run.

Step 2

If the ROMmon image has not been copied onto the router, copy the PKG file that is made available as part of this ROMmon release onto the bootflash: or usb[0-1]: file system using the copy source-location destination-location command. For example, if you are upgrading to Release 15.2(1r)S, copy the asr1000-rommon.152-1r.S.pkg file.

Step 3

Run the dir file-system command to verify that the ROMmon file is copied into the specified directory.

Step 4

Run the upgrade rom-monitor filename location all command to begin the ROMmon image upgrade, where location is the path to the ROMmon file.

Caution 

Do not remove hardware, turn off power, or interrupt the router in any way during the ROMmon upgrade. Although the router should be able to recover from most interruptions during the ROMmon upgrade, certain scenarios may cause unpredictable problems.

Step 5

Messages pertaining to the upgrade are displayed on the console. After the display of these messages stops and the router prompt is available, run the reload command to reload the router.

Step 6

If autoboot has not been enabled by using the config-register 0x2102 command, run the boot filesystem:/file-location command at the ROMmon prompt to boot the Cisco IOS XE image, where filesystem:/file-location is the path to the consolidated package file. The ROMmon upgrade is not permanent for any piece of hardware until the Cisco IOS XE image is booted.

Step 7

Run the enable command at the user prompt to enter the privileged EXEC mode after the boot is complete.

Step 8

Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to verify whether the ROMmon has been upgraded.


Example of Upgrading the ROMmon for All the RPs, ESPs, MIPs, and SIPs on a Router

The following sequence of commands is an example of the procedure to upgrade the ROMmon for all the RPs, ESPs, MIPs, and SIPs on a router:


Note

The release numbers of ROMmon mentioned in this example are for illustrative purposes only.

Router# show platform
Chassis type: MCP4RU
Slot      Type                State                 Insert time (ago) 
--------- ------------------- --------------------- ----------------- 
0         MCP-CC              ok                    00:03:02      
 0/3      SPA-2X1GE-V2        ok                    00:00:37      
R0        ASR1000-RP1*        ok, active            00:03:02      
F0        ASR1000-ESP10*      ok, active            00:03:02      
P0        Unknown             ps, fail              never         
P1        Unknown             ps, fail              never         
Slot      CPLD Version        Firmware Version                        
--------- ------------------- --------------------------------------- 
0         07091401            15.0(1r)S                           
R0        09081701            15.0(1r)S                           
F0        07051650            15.0(1r)S 
Router# copy usb0:asr1000-rommon.152-1r.S.pkg bootflash:
Destination filename [asr1000-rommon.152-1r.S.pkg]? 
Copy in progress...CCCCCCCCCCCCCCCCCCCC
1253680 bytes copied in 1.977 secs (634133 bytes/sec)
Router# dir bootflash
:
Directory of bootflash:/
   11  drwx       16384  Aug 19 2009 23:27:51 +00:00  lost+found
14657  drwx        4096  Aug 19 2009 23:39:21 +00:00  .ssh
73281  drwx        4096  Oct 12 2011 01:20:10 +00:00  .prst_sync
58625  drwx        4096  Aug 19 2009 23:39:38 +00:00  .rollback_timer
29313  drwx        4096  Aug 19 2009 23:40:52 +00:00  .installer
   12  -rw-     1253680  Oct 12 2011 01:23:56 +00:00  asr1000-rommon.152-1r.S.pkg
   14  -rw-        4096  Jul 12 2010 22:50:55 +00:00  .debug..swp
   16  -rw-     1263920  Jul 20 2010 22:06:15 +00:00  rp1-rommon
   19  -rwx       68272  Jul 13 2010 01:18:05 +00:00  debugfs
   42  -rw-     1270064  Jul 21 2010 01:08:36 +00:00  asr1000-rommon.150-1r.S.pkg
   48  -rw-        3338  Feb 25 2011 21:38:34 +00:00  README_dotfiles
   50  -r--        2391  Jul 17 2011 03:22:23 +00:00  debug.conf
945377280 bytes total (893399040 bytes free)
Router# upgrade rom-monitor filename bootflash:asr1000-rommon.152-1r.S.pkg all
Upgrade rom-monitor on Route-Processor 0
Target copying rom-monitor image file
1966080+0 records in
1966080+0 records out
Checking upgrade image...
1966080+0 records in
3840+0 records out
Upgrade image MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
Burning upgrade partition...
1966080+0 records in
1966080+0 records out
Checking upgrade partition...
1966080+0 records in
1966080+0 records out
Upgrade flash partition MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
ROMMON upgrade complete.
To make the new ROMMON permanent, you must restart the RP.
Upgrade rom-monitor on Embedded-Service-Processor 0
Target copying rom-monitor image file
Checking upgrade image...
1966080+0 records in
3840+0 records out
Upgrade image MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
Burning upgrade partition...
1966080+0 records in
1966080+0 records out
Checking upgrade partition...
1966080+0 records in
1966080+0 records out
Upgrade flash partition MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
ROMMON upgrade complete.
To make the new ROMMON permanent, you must restart the linecard.
Upgrade rom-monitor on SPA-Inter-Processor 0
Target copying rom-monitor image file
Checking upgrade image...
1966080+0 records in
3840+0 records out
Upgrade image MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
Burning upgrade partition...
1966080+0 records in
1966080+0 records out
Checking upgrade partition...
1966080+0 records in
1966080+0 records out
Upgrade flash partition MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
ROMMON upgrade complete.
To make the new ROMMON permanent, you must restart the linecard.
Router# reload
Proceed with reload? [confirm]
<Reload bootup output removed for brevity. In this example, it is assumed that autoboot is enabled on the router.>
Press RETURN to get started!
Router> enable
Router# show platform
Chassis type: MCP4RU
Slot      Type                State                 Insert time (ago) 
--------- ------------------- --------------------- ----------------- 
0         MCP-CC              ok                    00:03:02      
 0/3      SPA-2X1GE-V2        ok                    00:00:37      
R0        ASR1000-RP1*        ok, active            00:03:02      
F0        ASR1000-ESP10*      ok, active            00:03:02      
P0        Unknown             ps, fail              never         
P1        Unknown             ps, fail              never         
Slot      CPLD Version        Firmware Version                        
--------- ------------------- --------------------------------------- 
0         07091401            15.2(1r)S                           
R0        07062111            15.2(1r)S                           
F0        07051680            15.2(1r)S    

Upgrading the ROMmon for a Single RP, ESP, MIP, or SIP on a Router

Use this procedure to upgrade the ROMmon for a single RP, ESP, MIP, or SIP on a Cisco ASR 1000 Series Aggregation Services Router:


Note

Ensure that all the system components are running Cisco IOS XE Release 2.4.0 or a later release before you perform the procedure.

SUMMARY STEPS

  1. (Optional) Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to see the current release numbers of ROMmon on the hardware. See the Checking the Current ROMmon Version for information about interpreting the output of the command that you run.
  2. If the ROMmon image has not been copied onto the router, copy the PKG file that is made available as part of this ROMmon release onto the bootflash: or usb[0-1]: file system using the copy source-location destination-location command. For example, if you are upgrading to Release 15.2(1r)S, copy the asr1000-rommon.152-1r.S.pkg file.
  3. Run the dir file-system command to verify whether the ROMmon file is copied into the specified directory.
  4. Run the upgrade rom-monitor filename location slot command to begin the ROMmon image upgrade, where location is the path to the ROMmon file and slot specifies the hardware that will receive the ROMmon upgrade.
  5. Messages pertaining to the upgrade are displayed on the console. After the display of these messages stops and the router prompt is available, run the hw-module slot slot reload command to reload the hardware that was upgraded.
  6. Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to confirm that the ROMmon has been upgraded.

DETAILED STEPS


Step 1

(Optional) Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to see the current release numbers of ROMmon on the hardware. See the Checking the Current ROMmon Version for information about interpreting the output of the command that you run.

Step 2

If the ROMmon image has not been copied onto the router, copy the PKG file that is made available as part of this ROMmon release onto the bootflash: or usb[0-1]: file system using the copy source-location destination-location command. For example, if you are upgrading to Release 15.2(1r)S, copy the asr1000-rommon.152-1r.S.pkg file.

Step 3

Run the dir file-system command to verify whether the ROMmon file is copied into the specified directory.

Step 4

Run the upgrade rom-monitor filename location slot command to begin the ROMmon image upgrade, where location is the path to the ROMmon file and slot specifies the hardware that will receive the ROMmon upgrade.

Caution 

Do not remove hardware, turn off power, or interrupt the router in any way during the ROMmon upgrade. Although the router should be able to recover from most interruptions during the ROMmon upgrade, certain scenarios may cause unpredictable problems.

Step 5

Messages pertaining to the upgrade are displayed on the console. After the display of these messages stops and the router prompt is available, run the hw-module slot slot reload command to reload the hardware that was upgraded.

Note 
The hw-module slot slot reload command cannot be used to reload an active RP. If you must reload an active RP to complete a ROMmon upgrade, reload the RP using one of the following methods:- Run the reload command to reload the entire router.- Force a switchover using the redundancy force-switchover command, and then run the hw-module slot slot reload command on the RP after it has become the standby RP.
Note 
The ROMmon upgrade is not permanent for any piece of hardware until a Cisco IOS XE Release 12.2(33r)XND1 or newer image is booted. If ROMmon is configured to manually boot on your system, run the boot command to boot the Cisco IOS XE image and make the upgrade permanent.
Step 6

Run the show platform command or the show rom-monitor slot command for each RP, ESP, MIP, and SIP in the router to confirm that the ROMmon has been upgraded.


Example of Upgrading the ROMmon for a Single RP, ESP, MIP, or SIP on a Router

The following sequence of commands is an example of the procedure to upgrade the ROMmon for a single RP, ESP, MIP, or SIP on a router:


Note

The release numbers of ROMmon mentioned in this example are for illustrative purposes only.

Router# show platform
 
Chassis type: MCP4RU
Slot      Type                State                 Insert time (ago) 
--------- ------------------- --------------------- ----------------- 
0         MCP-CC              ok                    00:03:02      
 0/3      SPA-2X1GE-V2        ok                    00:00:37      
R0        ASR1000-RP1*        ok, active            00:03:02      
F0        ASR1000-ESP10*      ok, active            00:03:02      
P0        Unknown             ps, fail              never         
P1        Unknown             ps, fail              never         
Slot      CPLD Version        Firmware Version                        
--------- ------------------- --------------------------------------- 
0         07091401            15.0(1r)S                           
R0        09081701            15.2(1r)S                           
F0        07051650            15.2(1r)S 
Router# copy usb0:asr1000-rommon.152-1r.S.pkg bootflash
:
Destination filename [asr1000-rommon.152-1r.S.pkg]? 
Copy in progress...CCCCCCCCCCCCCCCCCCCC
1253680 bytes copied in 1.977 secs (634133 bytes/sec)
Router# dir bootflash
:
Directory of bootflash:/
   11  drwx       16384  Aug 19 2009 23:27:51 +00:00  lost+found
14657  drwx        4096  Aug 19 2009 23:39:21 +00:00  .ssh
73281  drwx        4096  Oct 12 2011 01:20:10 +00:00  .prst_sync
58625  drwx        4096  Aug 19 2009 23:39:38 +00:00  .rollback_timer
29313  drwx        4096  Aug 19 2009 23:40:52 +00:00  .installer
   12  -rw-     1253680  Oct 12 2011 01:23:56 +00:00  asr1000-rommon.152-1r.S.pkg
   14  -rw-        4096  Jul 12 2010 22:50:55 +00:00  .debug..swp
   16  -rw-     1263920  Jul 20 2010 22:06:15 +00:00  rp1-rommon
   19  -rwx       68272  Jul 13 2010 01:18:05 +00:00  debugfs
   42  -rw-     1270064  Jul 21 2010 01:08:36 +00:00  asr1000-rommon.150-1r.S.pkg
   48  -rw-        3338  Feb 25 2011 21:38:34 +00:00  README_dotfiles
   50  -r--        2391  Jul 17 2011 03:22:23 +00:00  debug.conf
945377280 bytes total (893399040 bytes free)
Router# upgrade rom-monitor filename bootflash:asr1000-rommon.152-1r.S.pkg 
0
Upgrade rom-monitor on SPA-Inter-Processor 0
Target copying rom-monitor image file
Checking upgrade image...
1966080+0 records in
3840+0 records out
Upgrade image MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
Burning upgrade partition...
1966080+0 records in
1966080+0 records out
Checking upgrade partition...
1966080+0 records in
1966080+0 records out
Upgrade flash partition MD5 signature is 119275e3054c3cfdc0f32a2a334dd253
ROMMON upgrade complete.
To make the new ROMMON permanent, you must restart the linecard.
Router# hw-module slot 0 reload
<Reload bootup output removed for brevity. In this example, it is assumed that autoboot is enabled on the router.>
Router# show platform
 
Chassis type: MCP4RU
Slot      Type                State                 Insert time (ago) 
--------- ------------------- --------------------- ----------------- 
0         MCP-CC              ok                    00:03:02      
 0/3      SPA-2X1GE-V2        ok                    00:00:37      
R0        ASR1000-RP1*        ok, active            00:03:02      
F0        ASR1000-ESP10*      ok, active            00:03:02      
P0        Unknown             ps, fail              never         
P1        Unknown             ps, fail              never         
Slot      CPLD Version        Firmware Version                        
--------- ------------------- --------------------------------------- 
0         07091401            15.2(1r)S                           
R0        07062111            15.2(1r)S                           
F0        07051680            15.2(1r)S    
Router# show rom-monitor r0
System Bootstrap, Version 15.2(1r)S, RELEASE SOFTWARE 
Copyright (c) 1994-2011 by cisco Systems, Inc.

Resolved Caveats

The following sections list the issues resolved in each ROMmon release:

Resolved Caveats in ROMmon Release 17.3(1r)

The following issues have been resolved in Release 16.9(5r):

  • CSCvr71872

ASR1K RP2 ROMMON: Remove the DALLOW_UNSIGNED_IMAGES flag from rommon.inf

  • CSCvb22604

Explore options to add image validation checks in ASR 1000 ROMmon.

  • CSCvm02958

Evaluation of ASR 1000 for August CPU Side-Channel Information Disclosure Vulnerabilities

  • CSCvo16671

Hardening: prevent /proc/cmdline injections.

  • CSCvp71663

Evaluation of ASR 1000 for Intel 2019.1 QSR – MDS.

  • CSCvs82628

Bios Protection support for ASR1001-X, ASR1001-HX, ASR 1002-HX

  • CSCvs98262

ASR 1000 ROMmon: Integrity Check informational messages need to be clearer.

  • CSCvu97556

Disable CPU C-State configuration


Note

After upgrading the ROMmon to version 17.3(1r), you cannot revert it to a version earlier than 17.3(1r) for the following platforms:
  • ASR 1001-X

  • ASR 1001-HX

  • ASR 1002-HX

  • ASR 1000-RP3

This restriction is only applicable for these platforms. If you have upgraded to ROMmon version 17.3(1r) on any other platform, reverting to an earlier version of ROMmon is permitted and does not cause any technical issues.

Resolved Caveats in ROMmon Release 16.12(8r)

The following issues have been resolved in Release 16.12(8r):

  • CSCvs56782

Add support for CPLD upgrade via ROMmon

Resolved Caveats in ROMmon Release 16.11(2r)

The following support was introduced :

Support is introduced for ASR1000-ESP100-X and ASR 1000-ESP200-X.

Resolved Caveats in ROMmon Release 16.9(5r)

The following issues have been resolved in Release 16.9(5r):

  • CSCvm01013

Fixed an issue when ROMmon fails diag signature verification fails when diag image size is more than 512MB.

  • CSCvj69550

Fixed an issue when TFTP buffer size is more than 1G

  • CSCvm90995

Fixed an issue when TFTP boot fails on RP2 with 16.9(4r).

Resolved Caveats in ROMmon Release 16.9(4r)

The following issues have been resolved in Release 16.9(4r):

  • CSCvh15933

Fixed an issue with microcode update.

  • CSCvb48400

Fixed an issue with buffer overflow vulnerability.

Resolved Caveats in ROMmon Release 16.3(2r)

Release 16.3(2r) supports the following new hardware:

  • Cisco ASR 1000 Series Route Processor 3 (Cisco ASR1000-RP3)

The following issues have been resolved in Release 16.3(2r):

  • CSCux93176

Fixed an issue where the ASR1000-RP2 occasionally experienced failures while booting from STEC eUSB bootflash: devices.

  • CSCva55070

Fixed an issue in the ROMmon’s validation of codesigned images.

  • CSCva78476

The Intel CPU microcode was updated for the following products: ASR1000-X, ASR1001-HX, ASR1002-X, ASR1002-HX, ASR1000-ESP100, ASR1000-ESP200

  • CSCuz98080

Fixed an issue with the ASR1000-MIP100 that could lead to interface link flaps.

Resolved Caveats in ROMmon Release 16.2(2r)

Release 16.2(2r) supports the following new hardware:

  • Cisco ASR 1001-HX Router
  • Cisco ASR 1002-HX Router

Resolved Caveats in ROMmon Release 16.2(1r)

The following issues have been resolved in Release 16.2(1r):

  • CSCux17622

Fixed an issue where the ASR1001-X equipped with Numonyx Serial Peripheral Interface (SPI) Flash devices experiences multiple resets cycles and an inability to enable its virtualization framework.

  • CSCux56486

Fixed an issue where the ASR1001-X fails to properly load package.conf style packages.

Resolved Caveats in ROMmon Release 15.5(3r)S1

Release 15.5(3r)S1 supports the following new hardware:

  • Cisco ASR 1000 Modular Interface Processor (ASR1000-MIP100)
  • 1-Port 100 Gigabit Ethernet Port Adapter (EPA-1X100GE)
  • 10-Port 10 Gigabit Ethernet Port Adapter (EPA-10X10GE)

The following issues have been resolved in Release 15.5(3r)S1:

  • CSCuj45924

Fixed an issue with ASR1002-X intermittently experiencing slow network boot times.

  • CSCum89375

Fixed an issue where the ASR1001-X and ASR1002-X failed to generate a kernel core file on watchdog timeout.

  • CSCup40376

Added support in ASR1000-RP2 and ASR1002-X for Micron N25Q032 boot rom devices.

  • CSCuq16289

Support added in ASR1001-X for eMMC bootflash devices.

  • CSCus69314

Added basic checks of IOS image codesigning information for ASR1000-RP2.

  • CSCus69322

Support for loading 16.x-based IOS-XE images.

  • CSCut92421

Fixed an issue with ASR1002-X ROMMON 15.4(2r)S intermittently halting during autoboot from the bootflash: file system.

  • CSCuu70271

With “no service password recovery” enabled, allow the user to cancel a request to perform factory default clearing of router information.

  • CSCuu75086

Fixed an issue with codesigning key storage on ASR1001-X and ASR1002-X whereby an administrative user could overwrite the revocation key, potentially allowing secure boot to be bypassed.

  • CSCuv59014

Fixed a vulnerability in the ROMmon secure boot feature that could allow an authenticated, local attacker to bypass secure boot and allow arbitrary code to be loaded and executed on the affected device.

Resolved Caveats in ROMmon Release 15.4(2r)S

Release 15.4(2r)S supports the following new hardware:

  • Cisco ASR1000-6TGE Fixed Ethernet Line Card
  • Cisco ASR 1001-X Router

The following issues have been resolved in Release 15.4(2r)S:

  • CSCuw27745

Fixed an issue where the ASR1000-2T+20X1GE built-in SPA is displayed in the output of the show platform command as SPA-2XOC48POS/RPR. This is an intermittent issue and can cause failure of field programmable devices (FPD upgrade) on ASR1000-2T+20X1GE.

  • CSCul93322

Cisco ASR 1002-X Router: On systems with 16 GB memory, allocate more memory to the Cisco IOSd.

  • CSCum68812

CPU microcode maintenance upgrade now supports all x86 CPUs such as RP2, the Cisco ASR 1001 Router, the Cisco ASR 1002-X Router, FP40, FP100, and FP200.

  • CSCud13142

Support for the new management Ethernet port 82577 PHY in the Cisco ASR 1002-X Router.

Resolved Caveats in ROMmon Release 15.3(3r)S1

The following issue has been resolved in Release 15.3(3r)S1:

  • CSCui25176

Modified the CPLD’s HKP PLL configuration register value in the Cisco ASR1000-2T+20x1GE Ethernet Line Card to reflect IBM’s recommended value for the correct HKP PLL configuration.

Resolved Caveats in ROMmon Release 15.3(3r)S

Release 15.3(3r)S supports the following new hardware:

  • 200-Gbps Cisco ASR 1000 Series ESP (Cisco ASR1000-ESP200)
  • Cisco ASR1000-2T+20x1GE Fixed Ethernet Line Card

The following issues have been resolved in Release 15.3(3r)S:

  • CSCue41800

Uninitialized early access to CPLD is not compatible with a newer model of boot flash.

  • CSCue55809

A new feature to configure “no service password recovery” has been added.

  • CSCuf85827

Netboot failure when using a TFTP server or network that does not support 1500 byte MTU sizes.

Resolved Caveats in ROMmon Release 15.3(1r)S

The following issues have been resolved in Release 15.3(1r)S:

  • CSCud07826

CPU microcode maintenance upgrade now supports the latest Intel release for ASR1002-X and ASR1000-ESP100/ESP200.

  • CSCtc18691

Error correction is now enabled on all the latest hardware configurations of the ASR1000-SIP10 processor memory.

  • CSCud13086

CPU configuration maintenance incorporates latest CPU vendor data (ASR1000-RP1, ASR1000-ESP5/10/20, ASR1000-SIP10/40, ASR1002).

Resolved Caveats in ROMmon Release 15.2(4r)S1

The following issue has been resolved in Release 15.2(4r)S1:

  • CSCua27722

The Cisco Flexible NetFlow (FNF) timestamp clock drift issue is resolved on ESP40, ASR1001.

Resolved Caveats in ROMmon Release 15.2(4r)S

There are no resolved issues in Release 15.2(4r)S. This release was created to support the Cisco ASR 1002-X Router and Cisco ASR1000-ESP100/ESP200.

Resolved Caveats in ROMmon Release 15.2(1r)S

The following issues have been resolved in Release 15.2(1r)S:

  • CSCto91590

The ROMmon image installation process now supports the loading of images that are larger than 512 MB.

  • CSCth42243

The ROMmon image installation process now supports long boot file names.

  • CSCti77689

The ROMmon image now supports the VTx virtualization mode for third-party applications on a Cisco ASR 1001 Router or a router on which the Cisco ASR1000-RP2 is installed.

Resolved Caveats in ROMmon Release 15.0(1r)S

The following issues have been resolved in Release 15.0(1r)S:

  • CSCtf20517

Issues encountered on booting a zero size file when the 0x8000 config-register setting is used have been resolved.

  • CSCtf97260

The ROMmon upgrade process now supports the ATMEL SPI flash device.

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.