Monday, April 26, 2010

Misc 22

Here are the common ways which you can perform IOS recovery. I'm going to go through this rather quickly because I'll have to complete my CCNA Security. First of all, I'll go through a quick example on how to recover a router's password should you be locked out.
In a Cisco router exists a configuration register. This configuration register is looked at to determine how the router should boot. By default, the configuration register (which would be abbreviated to "confreg" from here on) is set to 0x2102. This value sets the router to a baud rate of 9600bps for the console port and allows the router to read from NVRAM for configuration.

Here is a list of confreg values. What we are interested here is the 0x2142 value, which causes the router to ignore the startup configuration stored in the NVRAM.

To actually configure the configuration register with no access to the terminal, you would have to enter ROMMON. ROMMON is activated by hitting the Break key on your keyboard during router POST. This brings you to a ROMMON prompt.

To change the confreg, simply type:
confreg 0x2142

When you're done, boot the router up with:

Now you should be able to take a peek at the router configuration once your router boots up. Simply type:
show startup

To change the confreg back to the default value, simply type:
conf t
config-register 0x2102

Now let's say that you want to change IOS versions. The first thing you'll need to do is to be able to make a backup of your IOS to a server somewhere. The server we're going to use is TFTPD32 which runs a variety of protocols including TFTP. TFTP is a UDP-based application layer protocol that listens to port 69. TFTP supports acknowledgment on the application layer, but has a limited window size. TFTP trades off its speed (compared to FTP) with its simplicity. Assuming you have TFTPD32 running at, to make a backup of your IOS, simply type:
copy flash:c[TAB] tftp://

Now that you've backed up your IOS, it's time to replace the existing IOS with a newer one. To do this, place the new IOS into the folder where TFTPD32 reads from. Then load the IOS into flash like this:
copy tftp:// flash

Once you reboot, you should be running on the newer version. If you wish to revert to a previous version, simply use the "copy tftp flash" command again.

Now comes the question: What if the IOS totally screws up and the router is unable to boot. To fix this, can do two things: Initiate a TFTP transfer from ROMMON, or do a xmodem. I'll go through TFTP first. To do this, simply go into ROMMON and type in:


Do not fear the long syntax. You can always use the ? command to give you some form of context sensitive help. For a start, I'll recommend:
tftpdnld ?

Now, what if TFTP (or any LAN communication) is not an option? You can always use something called the xmodem protocol. xmodem is not supported on PuTTY. To use xmodem, you'll have to use something like HyperTerminal or Tera Term. To initiate an xmodem transfer, type the following command in ROMMON:
xmodem -c c2600-js-mz.120-3.T3.bin

Once the prompt tells you that a transfer is possible, browse around your terminal client and you should find an option to send a file. Note that xmodem takes forever on an old router due to the capped speed of 9600bps including overhead. On a newer router, you can set the speed like this:
xmodem -cfs 115200 c2600-js-mz.120-3.T3.bin

No comments :

Post a Comment