Solved: Re: Blocking from going to ROMMON

omal · ‎10-10-2006

Hi

Can we block a router from going to rommon mode, when we break the booting process?

There is a 2600 series router, when I turn off and turn it back on, I press Ctrl + Break commands. Then I get the below posted screen.

I cannot break the password. Can someone do something to the configuration, where I cannot go in to ROMMON> mode.

Any help on this would be highly appreciated.

The output of the router I will paste it in two posts as I exceed the words liminit when I try to post it in one.

Thanks in advance!!!

Press RETURN to get started!

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

PC = 0xfff0c100, Vector = 0x500, SP = 0x680127d0

PC = 0xfff08050, Vector = 0x500, SP = 0x680127c0

C2600 platform with 49152 Kbytes of main memory

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

PC = 0xfff115f8, Vector = 0x500, SP = 0x800046ac

program load complete, entry point: 0x80008000, size: 0xa14d18

Self decompressing the image : #################################################

################################################################################

############ [OK]

Smart Init is enabled

smart init is sizing iomem

ID MEMORY_REQ TYPE

0001C0 0X0010A400 C2600 Dual Fast Ethernet

0X000F34A8 public buffer pools

0X00211000 public particle pools

TOTAL: 0X0040E8A8

If any of the above Memory Requirements are

"UNKNOWN", you may be using an unsupported

configuration or there is a software problem and

system operation may be compromised.

Rounded IOMEM up to: 5Mb.

Using 10 percent iomem. [5Mb/48Mb]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

smothuku · ‎10-27-2006

Hi Omal ,

Recovery Mechanism:

If a user uses the secure ROMMON and loses the enable password, there is a way to erase the entire contents of NVRAM:

1.Boot the system

2.Wait until after the system decompresses the IOS image:

Self decompressing the image : ################################################]

3.Hit break within five seconds.

4.The 3600 will ask if you want to reset the router to the factory default configuration:

PASSWORD RECOVERY IS DISABLED.

Do you want to reset the router to factory default

configuration and proceed [y/n] ? y

Reset router configuration to factory default.

Risks:

If a router is configured with no service password-recovery, this disables all access to the ROMMON.

If there is not a valid IOS image in flash in the router, then the user will not be able to use the ROMMON XMODEM command to load a new flash image. In order to fix the router, you must get a new IOS image on a flash SIMM, or on a PCMCIA card (3600 only). In order to minimize this risk, a customer who uses ROMMON security should also use dual flash bank memory and put a backup IOS image in a separate partition. On the 3640 only, in an emergency you can remove the NVRAM and reseat it. The 3640 NVRAM is implemented using battery backed up SRAM. Removing the SRAM will erase the contents of NVRAM, which contains the no service password-recovery configuration. The NVRAM chip is located on the motherboard of the 3640 next to the PCMCIA connector. The silkscreen on the motherboard will identify it as "NVRAM".

*****Please be sure to use proper anti-static procedures when handling the NVRAM. The 3620 and 2600 use an EEPROM to hold the configuration. The EEPROM does not erase when you remove it.

Since from the above procedure all data will be lost on the router! A backup config might be helpful in bringing back the old configuration.

I Hope this helps you!

Regards,

Satish

View solution in original post

omal · ‎10-10-2006

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.2(2)T, RELEASE SOFTWARE (fc1)

TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support

Compiled Sat 02-Jun-01 21:34 by ccai

Image text-base: 0x80008088, data-base: 0x8118A888

cisco 2651 (MPC860P) processor (revision 0x200) with 44032K/5120K bytes of memor

y.

Processor board ID JAB05340FRP (4260492592)

M860P processor: part number 5, mask 2

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

interface Serial0/0

^

% Invalid input detected at '^' marker.

no ip address

% Incomplete command.

encapsulation ppp

^

% Invalid input detected at '^' marker.

ppp multilink

^

% Invalid input detected at '^' marker.

multilink-group 1

^

% Invalid input detected at '^' marker.

interface Serial0/1

^

% Invalid input detected at '^' marker.

description Second_E1

^

% Invalid input detected at '^' marker.

no ip address

% Incomplete command.

encapsulation ppp

^

% Invalid input detected at '^' marker.

ppp multilink

^

% Invalid input detected at '^' marker.

multilink-group 1

^

% Invalid input detected at '^' marker.

Press RETURN to get started!

User Access Verification

Password:

% Bad passwords

omal · ‎10-10-2006

PDRouter_SW2 con0 is now available

Press RETURN to get started.

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

PC = 0xfff0c100, Vector = 0x500, SP = 0x680127d0

PC = 0xfff08050, Vector = 0x500, SP = 0x680127c0

C2600 platform with 49152 Kbytes of main memory

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

PC = 0xfff115f4, Vector = 0x500, SP = 0x800046ac

PC = 0xfff14f74, Vector = 0x500, SP = 0x80004884

PC = 0xfff14f70, Vector = 0x500, SP = 0x80004884

PC = 0xfff14f74, Vector = 0x500, SP = 0x80004394

PC = 0x800043d4, Vector = 0x500, SP = 0x800043bc

program load complete, entry point: 0x80008000, size: 0xa14d18

Self decompressing the image : #################################################

################################################################################

############ [OK]

Smart Init is enabled

smart init is sizing iomem

ID MEMORY_REQ TYPE

0001C0 0X0010A400 C2600 Dual Fast Ethernet

0X000F34A8 public buffer pools

0X00211000 public particle pools

TOTAL: 0X0040E8A8

If any of the above Memory Requirements are

"UNKNOWN", you may be using an unsupported

configuration or there is a software problem and

system operation may be compromised.

Rounded IOMEM up to: 5Mb.

Using 10 percent iomem. [5Mb/48Mb]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

omal · ‎10-10-2006

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.2(2)T, RELEASE SOFTWARE (fc1)

TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support

Compiled Sat 02-Jun-01 21:34 by ccai

Image text-base: 0x80008088, data-base: 0x8118A888

cisco 2651 (MPC860P) processor (revision 0x200) with 44032K/5120K bytes of memor

y.

Processor board ID JAB05340FRP (4260492592)

M860P processor: part number 5, mask 2

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

interface Serial0/0

^

% Invalid input detected at '^' marker.

no ip address

% Incomplete command.

encapsulation ppp

^

% Invalid input detected at '^' marker.

ppp multilink

^

% Invalid input detected at '^' marker.

multilink-group 1

^

% Invalid input detected at '^' marker.

interface Serial0/1

^

% Invalid input detected at '^' marker.

description Second_E1

^

% Invalid input detected at '^' marker.

no ip address

% Incomplete command.

encapsulation ppp

^

% Invalid input detected at '^' marker.

ppp multilink

^

% Invalid input detected at '^' marker.

multilink-group 1

^

% Invalid input detected at '^' marker.

Press RETURN to get started!

scottmac · ‎10-10-2006

There is a service setting that does not allow for password recovery.

If it is set, and you lose / forget / don't know the password, it requires an RMA.

I don't know if that's the case here, but it's a possibility.

It might also be the case that your terminal emulation is not sending the right "break" character. Try ctrl-c, check your emulation settings, try a straight-up VT100, try ANSI, try whatever you have.

Try another emulator, try another PC/Laptop.

Good Luck

Scott

omal · ‎10-17-2006

Hi Scott

Thanks a lot for your reply. Well you are right. That service setting was used. But after reseting a BIOS ic like thing, the password has got reset. It was someone else who did this. Therefore I'm not quite sure how has it really done.

Anyway thank you so much for taking time to give me a reply.

sureshkumar.a · ‎10-26-2006

Hi,

You can restrict password recover option by using "no service password-recovery", command.

rgds,

omal · ‎10-28-2006

Hi

Thanks a lot for you advice. It's very helpful.

Best regards!!!!

smothuku · ‎10-27-2006

Hi Omal ,

Recovery Mechanism:

If a user uses the secure ROMMON and loses the enable password, there is a way to erase the entire contents of NVRAM:

1.Boot the system

2.Wait until after the system decompresses the IOS image:

Self decompressing the image : ################################################]

3.Hit break within five seconds.

4.The 3600 will ask if you want to reset the router to the factory default configuration:

PASSWORD RECOVERY IS DISABLED.

Do you want to reset the router to factory default

configuration and proceed [y/n] ? y

Reset router configuration to factory default.

Risks:

If a router is configured with no service password-recovery, this disables all access to the ROMMON.

If there is not a valid IOS image in flash in the router, then the user will not be able to use the ROMMON XMODEM command to load a new flash image. In order to fix the router, you must get a new IOS image on a flash SIMM, or on a PCMCIA card (3600 only). In order to minimize this risk, a customer who uses ROMMON security should also use dual flash bank memory and put a backup IOS image in a separate partition. On the 3640 only, in an emergency you can remove the NVRAM and reseat it. The 3640 NVRAM is implemented using battery backed up SRAM. Removing the SRAM will erase the contents of NVRAM, which contains the no service password-recovery configuration. The NVRAM chip is located on the motherboard of the 3640 next to the PCMCIA connector. The silkscreen on the motherboard will identify it as "NVRAM".

*****Please be sure to use proper anti-static procedures when handling the NVRAM. The 3620 and 2600 use an EEPROM to hold the configuration. The EEPROM does not erase when you remove it.

Since from the above procedure all data will be lost on the router! A backup config might be helpful in bringing back the old configuration.

I Hope this helps you!

Regards,

Satish

omal · ‎10-28-2006

Hi Satish

Thank you so much for your answer.

Really appreciate it.

Best regards

Omal