What is Cisco Rommon Mode?
ROM Monitor Mode, often referred to as “ROMMON” mode, is a low-level mode on Cisco networking devices that allows for basic device recovery and maintenance operations. ROMMON stands for “ROM Monitor,” and it provides a way to interact with the device’s firmware and bootstrap loader when normal operating conditions or the IOS (Internetwork Operating System) fail to load properly.
Here are some key points about Cisco ROMMON mode:
- Purpose: ROMMON mode is primarily used for device recovery and troubleshooting when the router or switch encounters critical issues that prevent it from booting into its regular operating system (IOS).
- Access: You can access ROMMON mode through the device’s console port by connecting to it using a console cable and terminal emulation software like HyperTerminal or PuTTY.
- Typical Use Cases:
- Password Recovery: ROMMON mode can be used to reset passwords or recover access to a device when login credentials are forgotten.
- IOS Recovery: If the device fails to boot due to a corrupt or missing IOS image, ROMMON can be used to load a new IOS image from a TFTP server.
- Configuration Recovery: ROMMON can be used to recover a device’s configuration or reset it to factory defaults.
- Hardware Diagnostics: Some ROMMON versions provide basic hardware diagnostic tools for troubleshooting hardware issues.
- Commands: ROMMON has its set of commands, which are often limited compared to the commands available in the IOS. Common ROMMON commands include
confreg(used for setting configuration register values),boot(used for booting an IOS image), and various commands for working with the device’s hardware. - Configuration Register: The configuration register value is an important aspect of ROMMON mode. It determines how the device boots and whether it ignores the startup configuration. Changing the configuration register value can have a significant impact on device behavior.
- Safety Precautions: When working in ROMMON mode, it’s essential to be cautious, as some commands can potentially erase or overwrite critical data. Always follow Cisco’s recommended procedures and documentation when using ROMMON for recovery or troubleshooting.
BASIC CONFIGURATION ON ROUTER
Router>enable Router#configure t erminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname RTest RTest(config)#interface g0/0 RTest(config-if)#ip address 10.0.0.1 255.0.0.0 RTest(config-if)#no shutdown RTest(config-if)# %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up RTest(config-if)#exit RTest(config)#interface g0/1 RTest(config-if)#ip address 20.0.0.1 255.0.0.0 RTest(config-if)#no shutdown RTest(config-if)# %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up RTest(config-if)#exit RTest(config)#ip routing RTest(config)#do copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] RTest(config)#enable secret OldPassword RTest(config)#do copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] RTest(config)#
NOW WE ASSUME THAT WE FORGOT OUR CREDENTIALS. THESE ARE THE STEPS WHICH WE FOLLOW BELOW.
PRESS CTRL + C during Boot
RTest#reload Proceed with reload? [confirm] System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2010 by cisco Systems, Inc. Total memory size = 512 MB - On-board = 512 MB, DIMM0 = 0 MB CISCO2901/K9 platform with 524288 Kbytes of main memory Main memory is configured to 72/-1(On-board/DIMM0) bit mode with ECC disabled Readonly ROMMON initialized program load complete, entry point: 0x80803000, size: 0x1b340 program load complete, entry point: 0x80803000, size: 0x1b340 IOS Image Load Test ___________________ Digitally Signed Release Software program load complete, entry point: 0x81000000, size: 0x3bcd3d8 Self decompressing the image : ##### monitor: command "boot" aborted due to user interrupt rommon 1 >
NOW CHANGE THE CONFIG REGISTER TO PREVENT THE ROUTER BOOT THE SAVED CONFIG ON BOOTUP.
rommon 1 >
rommon 1 > ?
boot boot up an external process
confreg configuration register utility
dir list files in file system
help monitor builtin command help
reset system reset
set display the monitor variables
tftpdnld tftp image download
unset unset a monitor variable
rommon 2 > confreg 0x2142
rommon 3 >
AND PHYSICALLY REBOOT THE ROUTER NOW.
NOW YOU WILL REALIZE THAT THIS IS A NEW CONFIGURATION BOOTEDUP.
BRING BACK YOUR OLD CONFIG NOW
Router>en
Router#copy startup-config running-config
Destination filename [running-config]?
668 bytes copied in 0.416 secs (1605 bytes/sec)
RTest#
%SYS-5-CONFIG_I: Configured from console by console
NOW CHANGE YOUR PASSWORD
RTest#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RTest(config)#enable secret NewPassword
CHANGE CONFIG REGISTER SETTINGS FOR A REGULAR BOOTUP.
RTest#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RTest(config)#config-register 0x2102
RTest(config)#
RTest(config)#do copy running-config startup-config
Ok it is done. You changed your password, now you can use your new credentials for login.
Feel free to contact me if you have any further questions.
Happy networking 🙂
