Cisco IOS management tasks: IOS firmware upgrade, password recovery on routers and Catalyst switches, ROMMON-based IOS restore, and recovering ports from err-disabled state.
IOS Upgrade
Step-by-Step IOS Upgrade
| Command | Description |
|---|---|
| show flash: | 1. Check available flash space |
| copy flash:old.bin ftp://user:pass@172.10.1.2/old.bin | 2. Back up current IOS to FTP server |
| copy flash: ftp: | Interactive backup wizard (if direct copy fails) |
| delete c2801-ipbasek9-mz.124-24.T.bin | 3. Delete old IOS if flash is full |
| copy ftp://user:pass@172.10.1.2/new.bin flash:new.bin | 4. Download new IOS from FTP |
| copy tftp: flash: | Or download via TFTP (interactive) |
| verify /md5 flash:new.bin | 5. Verify MD5 hash โ compare with Cisco download page |
| boot system flash:new.bin | 6. Tell the router which image to boot |
| reload | 7. Reboot and verify |
Password Recovery โ Router
All steps require console access only โ SSH/Telnet cannot be used.
Router Password Recovery Procedure
| Command | Description |
|---|---|
| Ctrl+Break (Pause) | 1. Interrupt boot sequence to enter ROMMON |
| rommon> confreg 0x2142 | 2. Change config register โ boot without loading startup-config |
| rommon> boot | 2. Reboot into IOS with empty config (no password prompt) |
| Router# copy startup-config running-config | 3. Load old config into running-config (startup-config preserved) |
| Router(config)# enable secret NEW_PASSWORD | 4. Set new enable password |
| Router(config)# username admin secret NEW_PASS | 4. Reset user passwords as needed |
| rommon> confreg 0x2102 | 5. Reboot into ROMMON, restore config register to 0x2102 |
| rommon> boot | 5. Boot normally with restored config |
After recovery: all interfaces will be
administratively downโ bring them up manually withno shutdown.
If
no service password-recoveryis set, ROMMON protection is enabled. The only option then is a factory reset (wipes startup-config).
Break sequence by terminal program:
| Program | Key sequence |
|---|---|
| Hyperterminal / SecureCRT | Ctrl+Break |
| TeraTerm | Alt+B |
| Minicom (Linux) | Ctrl+A, then F |
| PuTTY | none (use right-click โ Special Command โ Break) |
Password Recovery โ Cisco Catalyst Switch
Catalyst Switch Password Recovery
| Command | Description |
|---|---|
| Power cycle + hold Mode button 15 s | 1. Interrupt boot, enter bootstrap loader |
| switch: flash_init | 2. Initialize flash filesystem |
| switch: load_helper | 2. Load helper libraries |
| switch: dir flash: | 3. List flash contents (find config.text) |
| switch: rename flash:config.text flash:config.text.old | 4. Rename config so switch boots without it |
| switch: boot | 5. Boot with no config (no password prompt) |
| Switch# rename flash:/config.text.old flash:/config.text | 6. Rename config file back |
| Switch# copy flash:config.text running-config | 6. Load old config into running-config |
| Switch(config)# enable secret NEW_PASSWORD | 7. Set new password |
| Switch# copy run start | 8. Save configuration |
ROMMON Recovery โ Restore IOS via TFTP
Used when flash is corrupted or IOS image is missing. TFTP only โ FTP is not supported in ROMMON.
ROMMON TFTP Recovery โ Router / Switch
| Command | Description |
|---|---|
| rommon> IP_ADDRESS=192.168.0.1 | Set device IP address |
| rommon> IP_SUBNET_MASK=255.255.255.0 | Set subnet mask |
| rommon> DEFAULT_GATEWAY=192.168.0.2 | Set gateway (even if server is in same subnet) |
| rommon> TFTP_SERVER=192.168.0.2 | TFTP server IP |
| rommon> TFTP_FILE=c2600-ipbasek9-mz.124-13b.bin | IOS image filename on TFTP server |
| rommon> set | Apply the configuration |
| rommon> tftpdnld | Download IOS from TFTP |
| rommon> boot | Boot the new IOS |
ROMMON TFTP Recovery โ Cisco ASA
| Command | Description |
|---|---|
| rommon> ADDRESS=192.168.0.1 | Device IP |
| rommon> SERVER=192.168.0.2 | TFTP server IP |
| rommon> GATEWAY=192.168.0.2 | Gateway IP |
| rommon> IMAGE=f1/asa800-232-k8.bin | ASA firmware image filename |
| rommon> PORT=Ethernet0/0 | Interface to use for TFTP |
| rommon> set | Apply settings |
| rommon> ping server | Verify connectivity to TFTP server |
| rommon> tftp | Download firmware |
| rommon> boot | Boot new firmware |
Err-Disabled Port Recovery
Err-Disabled Recovery
| Command | Description |
|---|---|
| errdisable recovery cause all | Enable auto-recovery for all err-disable causes |
| errdisable recovery interval 300 | Auto-recovery timer (default: 300 s; range: 30โ86400 s) |
| show interface fa0/1 status | Check if port is in err-disabled state |
| show interfaces status | Status of all ports including err-disabled |
| show errdisable recovery | Recovery timers per cause |
| show errdisable detect | Causes that can trigger err-disabled |
Manual recovery: fix the root cause โ
shutdownโno shutdownon the affected interface.
Configuration Register
The 16-bit config register controls boot behavior. View with show version (last line).
Common Config Register Values
| Value | Behavior |
|---|---|
| 0x2100 | Boot into ROMMON (manual recovery mode) |
| 0x2101 | Boot first image found in flash |
| 0x2102 | Normal boot โ follow boot system commands in startup-config (default) |
| 0x2142 | Ignore startup-config on boot โ used for password recovery |
Config Register Commands
| Command | Description |
|---|---|
| show version | Show current and next-boot config register values |
| config-register 0x2102 | Set register from global config mode |
| confreg 0x2102 | Set register from ROMMON prompt |
IOS Image Naming
Format: platform-featureset-format.version.bin
IOS Filename Breakdown
| Field | Example | Meaning |
|---|---|---|
| Platform | c2800nm | Hardware platform (c2800 series, NM slot) |
| Feature set | advipservicesk9 | Feature set โ IP Services + crypto (k9) |
| Format | mz | m = runs from RAM; z = compressed (zipped) |
| Version | 124-25.bin | IOS 12.4(25) |
Example: c2800nm-advipservicesk9-mz.124-25.bin
| Format code | Meaning |
|---|---|
| m | Runs from RAM (relocated) |
| z | Compressed image |
| f | Runs from Flash |
| l | Relocated to RAM |
Supervisor Redundancy (Catalyst)
Applies to chassis switches with redundant supervisor modules (Cat 4500, 6500, etc.).
Redundancy Modes
| Mode | Standby behavior | Failover time |
|---|---|---|
| RPR | Standby boots only after active fails | > 2 minutes |
| RPR+ | OS loaded on standby; data/protocols load only on failover | ~30 seconds |
| SSO | Standby fully mirrors active config in real time | ~1 second |
RPR = Route Processor Redundancy ยท SSO = Stateful Switchover
Redundancy Commands
| Command | Description |
|---|---|
| redundancy | Enter redundancy configuration mode |
| mode sso | Set redundancy mode to SSO |
| show redundancy | Redundancy state and active/standby roles |
| show redundancy states | Detailed state of both supervisors |
Cisco IOS Command Reference | IOS Management