A colleague made me aware of a potentially serious problem on Cisco 1921 and other ISR G2 routers. According to Field Note 63355, these devices shipped with a buggy version of ROMMON (the software that controls the boot process of Cisco IOS devices). Here’s how Cisco describe the problem:
Routers with ROMMON version 15.0(1r)M1 fail to respond to the break sequence command received from a device connected to the console port. This failure prevents normal password recovery of the device.
If you have a device that uses CompactFlash, like the 1941, you can simply pull the CF card to enter into ROMON. But what about if you have a 1921 and need to perform password recovery? The Cisco 1921 doesn’t have a CF card and according to Cisco has no user-replaceable flash.
Thankfully, there’s a (likely unsupported) workaround on the 1921:
- Slide the cover off the Cisco 1921 (You may need a Torx T10 screwdriver to get in via screws on either side)
- You’ll see a small daughter-board, secured with a single screw. This is the flash storage. Remove the screw and carefully lift out the board
- Turn on the device
- Using a serial-cable and terminal emulator (e.g. PuTTY), let the device boot (you may need to wait a while). Eventually it’ll enter ROMMON
- Perform the usual reset procedure (confreg):
System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2011 by cisco Systems, Inc. Total memory size = 512 MB Field Upgradeable ROMMON Integrity test _______________________________________ ROM: Digitally Signed Release Software CISCO1921/K9 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized rommon 1 > confreg 0x2142 rommon 2 > reset</pre> - Once reset, you can reseat and secure the flash and put the case back on.