Cisco Router 860, 880 Series User Manual

							 
B-11
Book Title
OL-xxxxx-xx
Appendix B      Concepts
  Access Lists
Access Lists
With basic standard and static extended access lists, you can approximate session filtering by using the 
established keyword with the permit command. The established keyword filters TCP packets based on 
whether the ACK or RST bits are set. (Set ACK or RST bits indicate that the packet is not the first in the 
session and the packet therefore belongs to an established session.) This filter criterion would be part of 
an access list applied permanently to an interface. 
						

							 
B-12
Book Title
OL-xxxxx-xx
Appendix B      Concepts
  Access Lists 
						

							 
C-1
Book Title
OL-xxxxx-xx
APPENDIXC
ROM Monitor
The ROM monitor firmware runs when the router is powered up or reset. The firmware helps to initialize 
the processor hardware and boot the operating system software. You can use the ROM monitor to 
perform certain configuration tasks, such as recovering a lost password or downloading software over 
the console port. If there is no Cisco
 IOS software image loaded on the router, the ROM monitor runs 
the router.
This appendix contains the following sections:
 Entering the ROM Monitor, page C-1
 ROM Monitor Commands, page C-2
 Command Descriptions, page C-3
 Disaster Recovery with TFTP Download, page C-3
 Configuration Register, page C-6
 Console Download, page C-7
 Debug Commands, page C-8
 Exiting the ROM Monitor, page C-10
Entering the ROM Monitor
To use the ROM monitor, you must be using a terminal or PC that is connected to the router over the 
console port.
Perform these steps to configure the router to boot up in ROM monitor mode the next time it is rebooted.
CommandPurpose
Step 1enableEnters privileged EXEC mode.
Enter your password if prompted.
Step 2configure terminalEnters global configuration mode.
Step 3config-reg 0x0Resets the configuration register. 
						

							 
C-2
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  ROM Monitor Commands
TimesaverBreak (system interrupt) is always enabled for 60 seconds after the router reboots, regardless of whether 
it is set to on or off in the configuration register. During this 60-second window, you can break to the 
ROM monitor prompt by pressing the Break key. 
ROM Monitor Commands
Enter ? or help at the ROM monitor prompt to display a list of available commands and options, as 
follows:
rommon 1 > ?alias set and display aliases command
boot boot up an external process
break set/show/clear the breakpointconfreg configuration register utility
cont continue executing a downloaded image
context display the context of a loaded image
cookie display contents of cookie PROM in hexcopy Copy a file-copy [-b ]  
delete Delete file(s)-delete 
dir List files in directories-dir dis display instruction stream
dnld serial download a program module
format Format a filesystem-format frame print out a selected stack frame
fsck Check filesystem consistency-fsck 
help monitor builtin command helphistory monitor command history
meminfo main memory information
mkdir Create dir(s)-mkdir more Concatenate (type) file(s)-cat 
rename Rename a file-rename  
repeat repeat a monitor commandreset system reset
rmdir Remove a directory
set display the monitor variablesstack produce a stack trace
sync write monitor environment to NVRAM
sysret print out info from last system returntftpdnld tftp image download
unalias unset an alias
unset unset a monitor variablexmodem x/ymodem image download
Step 4exitExits global configuration mode.
Step 5reloadReboots the router with the new configuration register value. The router 
remains in ROM monitor and does not boot the Cisco
 IOS software.
As long as the configuration value is 0x0, you must manually boot the 
operating system from the console. See the boot command in the “
Command 
Descriptions” section in this appendix. 
After the router reboots, it is in ROM monitor mode. The number in the 
prompt increments with each new line.
Command Purpose 
						

							 
C-3
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  Command Descriptions
Commands are case sensitive. You can halt any command by pressing the Break key on a terminal. If 
you are using a PC, most terminal emulation programs halt a command when you press the Ctrl and the 
Break keys at the same time. If you are using another type of terminal emulator or terminal emulation 
software, see the documentation for that product for information on how to send a Break command. 
Command Descriptions
Ta b l e C-1 describes the most commonly used ROM monitor commands.
Disaster Recovery with TFTP Download
The standard way to load new software on your router is to use the copy tftp flash privileged EXEC 
command from the Cisco
 IOS software command-line interface (CLI). However, if the router is unable 
to boot Cisco
 IOS software, you can load new software while in ROM monitor mode.
This section describes how to load a Cisco IOS software image from a remote TFTP server to the router 
flash memory. Use the tftpdnld command only for disaster recovery, because it erases all existing data 
in flash memory before downloading a new software image to the router.
Ta b l e C-1 Commonly Used ROM Monitor Commands 
CommandDescription
help or ?Displays a summary of all available ROM monitor commands.
-?Displays information about command syntax; for example:
rommon 16 > dis -?usage : dis [addr] [length]
The output for this command is slightly different for the xmodem download 
command:
rommon 11 > xmodem -?
xmodem: illegal option -- ?
usage: xmodem [-cyrxu] -c  CRC-16
-y  ymodem-batch protocol
-r  copy image to dram for launch-x  do not launch on download completion
-u  upgrade ROMMON, System will reboot after upgrade
reset or iResets and initializes the router, similar to a power up.
dir device:Lists the files on the named device; for example, flash memory files:
rommon 4 > dir flash:
Directory of flash:/2 -rwx 10283208  c880-advsecurityk9-mz
9064448 bytes available (10289152 bytes used)
boot commandsFor more information about the ROM monitor boot commands, see the Cisco IOS 
Configuration Fundamentals and Network Management Guide.
bBoots the first image in flash memory.
b flash: [filename]Attempts to boot the image directly from the first partition of flash memory. If you 
do not enter a filename, this command will boot this first image in flash memory. 
						

							 
C-4
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  Disaster Recovery with TFTP Download
TFTP Download Command Variables
This section describes the system variables that can be set in ROM monitor mode and that are used 
during the TFTP download process. There are both required variables and optional variables. 
NoteThe commands described in this section are case sensitive and must be entered exactly as shown.
Required Variables
These variables must be set with these commands before you use the tftpdnld command:
VariableCommand
IP address of the router.IP_ADDRESS= ip_address
Subnet mask of the router.IP_SUBNET_MASK= 
ip_address
IP address of the default gateway of the 
router.DEFAULT_GATEWAY= 
ip_address
IP address of the TFTP server from which the 
software will be downloaded.TFTP_SERVER= ip_address
Name of the file that will be downloaded to 
the router.TFTP_FILE= filename 
						

							 
C-5
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  Disaster Recovery with TFTP Download
Optional Variables
These variables can be set with these commands before using the tftpdnld command:
Using the TFTP Download Command
To download a file through TFTP perform these steps in ROM monitor mode 
Step 1Use the appropriate commands to enter all the required variables and any optional variables described in 
preceding sections.
Step 2Enter the tftpdnld command as follows:
rommon 1 > tftpdnld -r 
NoteThe -r variable is optional. Entering this variable downloads and boots the new software but does 
not save the software to flash memory. You can then use the image that is in flash memory the 
next time you enter the reload command.
VariableCommand
Configures how the router displays file 
download progress.
0—No progress is displayed.
1—Exclamation points (!!!) are displayed to 
indicate file download progress. This is the 
default setting.
2—Detailed progress is displayed during the 
file download process; for example:
 Initializing interface.
 Interface link state up.
 ARPing for 1.4.0.1
 ARP reply for 1.4.0.1 received.  MAC 
address 00:00:0c:07:ac:01
TFTP_VERBOSE= setting
Number of times the router attempts ARP and 
TFTP download. The default is 7. TFTP_RETRY_COUNT= 
retry_times
Length of time, in seconds, before the download 
process times out. The default is 
 
2,400 seconds (40 minutes).
TFTP_TIMEOUT= time
Whether or not the router performs a checksum 
test on the downloaded image:
1—Checksum test is performed.
0—No checksum test is performed.
TFTP_CHECKSUM=setting 
						

							 
C-6
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  Configuration Register
You will see output similar to the following:
IP_ADDRESS: 10.3.6.7
IP_SUBNET_MASK: 255.255.0.0DEFAULT_GATEWAY: 10.3.0.1
TFTP_SERVER: 192.168.254.254
TFTP_FILE: c880-advsecurityk9-mzDo you wish to continue? y/n:  [n]:
Step 3If you are sure that you want to continue, enter y in response to the question in the output:
Do you wish to continue? y/n:  [n]:y
The router begins to download the new file.
If you mistakenly entered yes, you can enter Ctrl-C or Break to stop the transfer before the flash 
memory is erased.
Configuration Register
The virtual configuration register is in nonvolatile RAM (NVRAM) and has the same functionality as 
other Cisco routers. You can view or modify the virtual configuration register from either the ROM 
monitor or the operating system software. Within the ROM monitor, you can change the configuration 
register by entering the register value in hexadecimal format, or by allowing the ROM monitor to prompt 
you for the setting of each bit.
Changing the Configuration Register Manually
To change the virtual configuration register from the ROM monitor manually, enter the confreg 
command followed by the new value of the register in hexadecimal format, as shown in the following 
example:
rommon 1 > confreg 0x2101
You must reset or power cycle for new config to take effect
rommon 2 >
The value is always interpreted as hexadecimal. The new virtual configuration register value is written 
into NVRAM but does not take effect until you reset or reboot the router.
Changing the Configuration Register Using Prompts
Entering the confreg command without an argument displays the contents of the virtual configuration 
register and a prompt to alter the contents by describing the meaning of each bit. 
In either case, the new virtual configuration register value is written into NVRAM but does not take 
effect until you reset or reboot the router. 
						

							 
C-7
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  Console Download
The following display shows an example of entering the confreg command:
rommon 7> confreg
      Configuration Summary
enabled are:
console baud: 9600boot: the ROM Monitor
 
do you wish to change the configuration? y/n  [n]:  yenable  “diagnostic mode”? y/n  [n]:  y
enable  “use net in IP bcast address”? y/n  [n]:  
enable  “load rom after netboot fails”? y/n  [n]:  enable  “use all zero broadcast”? y/n  [n]:  
enable  “break/abort has effect”? y/n  [n]:  
enable  “ignore system config info”? y/n  [n]:  change console baud rate? y/n  [n]:  y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400  [0]:  0
change the boot characteristics? y/n  [n]:  yenter to boot:
 0 = ROM Monitor
 1 = the boot helper image 2-15 = boot system
    [0]:  0
 
Configuration Summaryenabled are:
diagnostic mode
console baud: 9600boot: the ROM Monitor
 
do you wish to change the configuration? y/n  [n]:   
 
You must reset or power cycle for new config to take effect
Console Download
You can use console download, which is a ROM monitor function, to download either a software image 
or a configuration file over the router console port. After download, the file is either saved to the 
mini-flash memory module or to main memory for execution (image files only).
Use console download when you do not have access to a TFTP server.
NoteIf you want to download a software image or a configuration file to the router over the console port, you 
must use the ROM monitor dnld command.
NoteIf you are using a PC to download a Cisco IOS image over the router console port at 115,200 bps, ensure 
that the PC serial port is using a 16550
 universal asynchronous transmitter/receiver (UART). If the PC 
serial port is not using a 16550
 UART, we recommend using a speed of 38,400 bps or less when 
downloading a Cisco IOS image over the console port. 
						

							 
C-8
Book Title
OL-xxxxx-xx
Appendix C      ROM Monitor
  Debug Commands
Command Description
The following are the syntax and descriptions for the xmodem console download command:
xmodem [-cyrx] destination_file_name
Follow these steps to run Xmodem:
Step 1Move the image file to the local drive where Xmodem will execute.
Step 2Enter the xmodem command.
Error Reporting
Because the ROM monitor console download uses the console to perform the data transfer, when an error 
occurs during a data transfer, error messages are only displayed on the console once the data transfer is 
terminated. 
If you have changed the baud rate from the default rate, the error message is followed by a message 
telling you to restore the terminal to the baud rate specified in the configuration register. 
Debug Commands
Most ROM monitor debugging commands are functional only when Cisco IOS software has crashed or 
is halted. If you enter a debugging command and Cisco
 IOS crash information is not available, you see 
the following error message:
xxx: kernel context state is invalid, can not proceed.
cOptional. Performs the download using 16-bit cyclic redundancy check (CRC-16) error 
checking to validate packets. Default is 8-bit CRC.
yOptional. Sets the router to perform the download using Ymodem protocol. The default 
is Xmodem protocol. The protocols differ as follows:
 Xmodem supports a 128-block transfer size. Ymodem supports a 1024-block 
transfer size.
 Ymodem uses CRC-16 error checking to validate each packet. Depending on the 
device that the software is being downloaded from, this function might not be 
supported by Xmodem.
rOptional. Image is loaded into DRAM for execution. The default is to load the image 
into flash memory.
xOptional. Image is loaded into DRAM without being executed.
destination_
file_nameName of the system image file or the system configuration file. In order for the router 
to recognize it, the name of the configuration file must be router_confg.