How to recover Cisco IOS from rommon

Thought I would add this to my blog to help anyone that was in the same situation I had back in April.  A big thanks to Richard Morrell ( @richardmorrell ) for this!

If you have a Cisco router which is unable to boot it’s IOS (flash image is corrupted, lost or wrong build), then you can boot the rommon and ask it to TFTP a replacement image across.  It is preferable you have a working flash device in the router to save the flash image to, but you can just boot it straight from TFTP to memory if you’re desparate.  Pre-requesits:

1) Console access to the Cisco device in question
2) A working IOS image
3) A TFTP server which the Cisco device can access

Firstly, lets see what happens when you lose your IOS:

yourname# format flash0:

Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in “flash0:”.  Continue? [confirm]
Writing Monlib sectors….
Monlib write complete

Format: All system sectors written. OK…

Format: Total sectors in formatted partition: 501728
Format: Total bytes in formatted partition: 256884736
Format: Operation completed successfully.

Format of flash0: complete
yourname#dir flash0:
Directory of flash0:/

No files in directory

256487424 bytes total (256487424 bytes free)
yourname#reload

System configuration has been modified. Save? [yes/no]: no

Proceed with reload? [confirm]

*Apr  9 11:51:50.531: %SYS-5-RELOAD: Reload requested  by cisco on console. Reload Reason: Reload Command.
System Bootstrap, Version 15.0(1r)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2009 by cisco Systems, Inc.

Total memory size = 512 MB – On-board = 512 MB, DIMM0 = 0 MB

CISCO1941/K9 platform with 524288 Kbytes of main memory

Main memory is configured to 64/-1(On-board/DIMM0) bit mode with ECC disabled

Readonly ROMMON initialized

program load complete, entry point: 0x80803000, size: 0x1b340

boot: cannot determine first executable file name ondevice “flash0:”

So what do we do?  Get the Cisco to go into the ROMMON bootstap by sending the “break” command.  Your terminal software should have an option to send a “break” (on putty it’s menu -> Special Command -> break).  Once the Cisco is in ROMMON, have a look at the settings that tftpdnld has already:

rommon 1 > tftpdnld

IP_ADDRESS: 10.1.1.54

IP_SUBNET_MASK: 255.255.255.0

DEFAULT_GATEWAY: 10.1.1.1

TFTP_SERVER: 10.1.1.1

TFTP_FILE: c1900-universalk9-mz.SPA.150-1.M2.bin

TFTP_MACADDR: 00:26:99:c7:36:e0

TFTP_DESTINATION: flash0:

GE_PORT: Ge0/0

TFTP_MEDIA_TYPE: Copper

TFTP_VERBOSE: Progress

TFTP_RETRY_COUNT: 18

TFTP_TIMEOUT: 7200

TFTP_CHECKSUM: No

GE_SPEED_MODE: Auto Detect

Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!

Do you wish to continue? y/n:  [n]:  n

TFTP download aborted – user request

For illustration, I’m going to change the IP address of the Cisco and the filename of the image to show you how to set variables,  Review the variables that are listed and change any required.

rommon 2 > IP_ADDRESS=10.1.1.2

rommon 4 > TFTP_FILE=c1900-universalk9-mz.SPA.150-1.M2.bin

Once you are happy with the settings, run the command again and proceed with the flash erase.  Note, if your flash is damaged/missing then you can just load the image into memory by adding “-r” to the end of the tftpdnld command but once you reboot then you’re back to having no IOS.

rommon 5 > tftpdnld

IP_ADDRESS: 10.1.1.2

IP_SUBNET_MASK: 255.255.255.0

DEFAULT_GATEWAY: 10.1.1.1

TFTP_SERVER: 10.1.1.1

TFTP_FILE: c1900-universalk9-mz.SPA.150-1.M2.bin

TFTP_MACADDR: 00:26:99:c7:36:e0

TFTP_DESTINATION: flash0:

GE_PORT: Ge0/0

TFTP_MEDIA_TYPE: Copper

TFTP_VERBOSE: Progress

TFTP_RETRY_COUNT: 18

TFTP_TIMEOUT: 7200

TFTP_CHECKSUM: No

GE_SPEED_MODE: Auto Detect

Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!

Do you wish to continue? y/n:  [n]:  y

Receiving c1900-universalk9-mz.SPA.150-1.M2.bin from 10.1.1.1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

File reception completed.

IOS Image Load Test

___________________

Digitally Signed Release Software

Copying file c1900-universalk9-mz.SPA.150-1.M2.bin to flash0:.

program load complete, entry point: 0x80803000, size: 0x1b340

Format: All system sectors written. OK…

Format: Total sectors in formatted partition: 501728

Format: Total bytes in formatted partition: %llu

Format: Operation completed successfully.

Once the transfer is complete, you need to reboot.  The Cisco should boot automatically off the first IOS image it finds in flash, but if you’ve messed around with any of the boot configs (outside of what this document has asked you to do) then you’ll need to put them back to defaults.

rommon 6 > reset

System Bootstrap, Version 15.0(1r)M3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2009 by cisco Systems, Inc.

Total memory size = 512 MB – On-board = 512 MB, DIMM0 = 0 MB

CISCO1941/K9 platform with 524288 Kbytes of main memory

Main memory is configured to 64/-1(On-board/DIMM0) bit mode with ECC disabled

Readonly ROMMON initialized

program load complete, entry point: 0x80803000, size: 0x1b340

IOS Image Load Test

___________________

Digitally Signed Release Software

program load complete, entry point: 0x81000000, size: 0x2ad3a14

Self decompressing the image : ################################################################################################################################################################################################################################################################ [OK]

You should be able to get into the router (at least from console, but you may even get in remotely if the config has survived in the NVRAM) and check to make sure it’s working properly.  If you have booted directly into memory, don’t forget to get a working replacement for the flash card and get the IOS image transfered onto it or the next reboot/power cut will put it back to it’s vegetative state.

About these ads

One thought on “How to recover Cisco IOS from rommon

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s