Fehler: Navigationsleiste kann nicht angezeigt werden.
|
How to resolve the "Warning: Cookie information is corrupt" error on
Cisco routers
Table of contents
Article summary
Most Cisco routers contain an EEPROM. It holds
essential information which is unique to the device, such as the
processor board ID or the Ethernet MAC address. This information
is read by the bootstrap when the router is powered on or
reloaded.
Under certain circumstances, the EEPROM can get
erased. If that happens, the router is unable to boot and
thus is rendered unusable.
This article describes how this issue can be
resolved.
Please notice that if you have a service
contract for your router, it may be a better solution to have the
device replaced, since that's what a service contract is for.
You have to be familiar with hexadecimal numbers
to proceed successfully.
Back to top
Products to which this information applies
All information in this article applies to Cisco
routers of the following series:
-
826, 827, 828, 836, 837
-
SOHO77
Although it is possible that some or all of the
information in this article also applies to routers of other
families, this has not been tested an thus cannot be guaranteed.
It clearly does NOT apply to devices of the following series:
Back to top
What
a cookie is
The cookie is a data structure stored in an
EEPROM. It contains information about the router hardware and is
programmed during manufacturing of the device. Some of the
information contained in the cookie is unique to each router.
That's why it is not stored in ROM.
Back to top
How
to display the cookie
To display the current cookie, boot the router
and enter rommon mode by pressing the break key sequence. Click
here for more information on valid break key sequences.
You should see output similar to the following:
System Bootstrap, Version 12.2(4r)XM1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
C800/SOHO series (Board ID: 13-62) platform with 32768 Kbytes of main memory
rommon 1 >
Type "cookie" and press enter. The
router should display its current cookie, similar to the following:
rommon 1 > cookie
cookie:
01 01 00 04 27 fe 00 ea 3e 00 01 ff 01 ff 00 00
00 00 00 00 00 00 00 00 4a 41 42 01 02 41 42 43
44 04 01 00 00 00 00 00 00 ff ff ff 50 04 49 11
ec 03 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
rommon 2 >
On IOS 12.2(8)T (may depend on the platform,
maybe not implemented on 800 series routers), you can also issue
a "show diag" exec mode command to show the cookie contents.
This will also show you the cookie contents of any daughter card
or module, if any.
Back to top
How
to find out that a cookie is corrupt
If the cookie of a router is corrupt, it is
almost everytime set to all zeros.
Your router may be still working after the cookie has been
corrupted. However it is unable to boot. So if you reload or
power-cycle the router, it won't come up any more. Instead it goes
to rommon mode after displaying something like this:
System Bootstrap, Version 12.2(4r)XM1,
RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
WARNING: Cookie information is corrupt
C800/SOHO series (Board ID: 13-0) platform with 32768 Kbytes of
main
memory
loadprog: error - Invalid image for platform
e_machine = 62, cpu_type = 0
boot: cannot load "flash:"
System Bootstrap, Version 12.2(4r)XM1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
WARNING: Cookie information is corrupt
C800/SOHO series (Board ID: 13-0) platform with 32768 Kbytes of
main
memory
loadprog: error - Invalid image for platform
e_machine = 62, cpu_type = 0
boot: cannot load "flash:"
System Bootstrap, Version 12.2(4r)XM1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
WARNING: Cookie information is corrupt
C800/SOHO series (Board ID: 13-0) platform with 32768 Kbytes of
main
memory
rommon 1 >
Back to top
Cookie data structure
The cookie consists of 128 bytes of data. It is
normally displayed in hexadecimal form, 8 rows of 16 bytes.
Each byte has a specific meaning. See the
following table:
|
Byte index |
Size in bytes |
Name |
Description |
|
0x00 |
1 |
Version |
Not 100% clear. Maybe this is the version
of the cookie format. |
|
0x01 |
1 |
Vendor |
The vendor of the device. It is assumed
that this value is always 0x01, as the vendor is always
Cisco. |
|
0x02 |
6 |
Ethernet HW Address |
The MAC address (bia) of the first
integrated Ethernet interface. |
|
0x08 |
1 |
Processor |
This is the processor type.
This value is sometimes referred to as "e_machine".
Some routers also display a "Board ID" (such as
"Board ID: 13-62") during boot, where the second
of the two numbers is identical to
"CPU Type", but is notated in decimal instead
of hex. |
|
0x09 |
1 |
NVRAM Size |
Size index of the NVRAM.
This value is NOT the size in KBytes or similar. |
|
0x0a |
1 |
CPU Speed |
The speed index of the CPU.
This value is NOT the speed in MHz or similar. |
|
0x0b |
1 |
Unused |
- |
|
0x0c |
2 |
On-board PM ID |
It is not currently known what this is
exactly. |
|
0x0e |
2 |
MAC Address Allocated |
It is not currently known what this is
exactly. |
|
0x10 |
8 |
Unknown |
- |
|
0x18 |
9 |
Processor board ID |
This is the encoded processor board ID,
which is printed on a label on the mainboard of the router.
The processor board ID is NOT identical with the serial
number of the device. |
|
0x21 |
2 |
CPU Revision |
This value is sometimes referred to as
the "Processor Revision". |
|
0x23 |
2 |
Deviation |
This value is sometimes referred to as
the "Hardware Revision" or just "HW
Revision". |
|
0x25 |
7 |
Unknown |
- |
|
0x2c |
1 |
CPU Type |
This is the type of CPU.
This value is sometimes referred to as "cpu_type". |
|
0x2d |
1 |
Board Config |
It is not currently known what this is
exactly. |
|
0x2e |
4 |
Unknown |
- |
|
0x32 |
6 |
WAN MAC Address |
Not 100% clear. Maybe this is the MAC bia
address of the second (WAN-side) Ethernet interface on some
models (e.g. 1710 router). |
|
0x38 |
72 |
Unused |
- |
As you can see, the meaning of some of the
values is still unclear or even totally unknown. But nevertheless
there is a good chance to repair a corrupt cookie by simply making
some good guesses.
Back to top
Recreating
cookie values
Still working on this...
Before you can reprogram the cookie, you have
to create a list of values.
Version
It is assumed that this value is always 0x01.
No other values have ever been seen.
Back to top
Vendor
It is assumed that this value is always 0x01,
as the vendor is always Cisco. No other values have ever been
seen.
Back to top
Ethernet
HW Address
The router always uses this value as the MAC
address of it's first Ethernet interface. So it seems essential
to have the valid MAC address at hand, or at least one that
doesn't impose any problems.
Restoring the original MAC address of the
router may be a bit tricky - not to say impossible - since it is
not printed on any label on the router, and there is no way to
derive it from some serial number or similar.
Try all possible sources that are available
to find out what MAC address the router once had, such as:
-
if you are very fast: the arp cache of
some other devices; but this chance is minimal since normal
arp cache timeouts are around minutes.
-
your documentation; maybe you have
documented the MAC address somewhere.
-
your element management system, such as
CiscoWorks 2000 RME.
-
your asset management system, such as QIP.
-
your network management system, such as
HP OpenView NNM or Tivoli; those tools always have the MAC
addresses of all nodes in their database.
-
your NAI ePO Server's "Rogue System
Sensor".
-
some network traces; maybe you have used
your network sniffer tool and have saved data to files.
These files may contain the MAC address of your router.
-
any syslogs / snmp traps
or messages / e-mails that may contain the MAC
address of your router.
-
whatever you may find...
If none of that helps you and you really are
unable to find it out, you must make a good guess.
When guessing a MAC address, the most important thing is not to
use a MAC address you have seen on any other device. If you do
that and those two devices are - by some strange coincidence -
once connected to the same Ethernet segment, then you will
confronted with one of the most boring network
problems that can ever arise. Ethernet simply does not work if
two devices have the same MAC address, and it is very hard to
identify this problem.
The best way is to visit the official
IEEE MAC address vendor
code list, scrolling down to a random position in this really large
text file, and then starting a search for "cisco" from
that position. Use the first match and add random bytes until
you have a six-byte value. This should be a suitable MAC
address, since the chance that you are conflicting with an
existing device is less than, say, one to a million.
Back to top
Processor
This is very simple, since a router with a
corrupt cookie prints this value onto the console when it is
powered on, at least as long as there is a valid image file in
flash.
Take a look at the following output fragment
taken from above:
loadprog: error - Invalid image for
platform
e_machine = 62, cpu_type = 0
The term "e_machine" is a alias for
the processor type. All you have to do is convert this decimal
value to a hex number.
By the way: This is the actual reason why the
router won't boot when the cookie is corrupt. At boot time, the
router compares the e_machine value found in the cookie with the
e_machine value found in the image file in flash. If these two
values do not match, the router assumes that this image file is
not valid for it's own platform, and refuses to load it.
Back to top
NVRAM
Size
This value defines the amount of NVRAM
available.
The only value that has been seen so far is
0x00 which means a NVRAM size of 256KBytes.
Do NOT enter the size of your NVRAM in KBytes
or such.
Back to top
CPU
Speed
This value obviously defines the CPU clock rate.
The only value that has been seen so far is
0x00 which means a CPU speed of 50MHz.
Do NOT enter the CPU speed in MHz or such.
Back to top
On-board
PM ID
Unfortunately it is not yet known what the
meaning of that is.
Different values have been found so far.
We are currently working on that.
Back to top
MAC
Address Allocated
Unfortunately it is not yet known what the
meaning of that is.
The only value that has been seen so far is
0x00.
We are currently working on that.
Back to top
Processor
Board ID
This is the hex-encoded id of the processor
board. This number, which is NOT identical to the serial number
of the router, is printed on a label on the mainboard and should
look like JAB0123A4B5 (most of them start with JA or FO). Thus
you will have to open the chassis.
To hex-encode it, you will need an ASCII
characters table. Do the following:
-
Convert the ASCII value of the first
three characters to hex.
This will give you octets 0x18, 0x19 and 0x1a.
-
Add the next four numbers pair-wise as
they appear in the id.
These are octets 0x1b and 0x1c.
-
Convert the ASCII value of the last four
characters to hex. Those may contain number characters as
well (as opposed to the first three), which must be treated
as letters, not numbers.
These are octets 0x1d through 0x20.
The result should be a chain of seven octets.
Let's do that on the above example
(JAB0123A4B5), just for clarification:
-
The ASCII values of the three letters
"JAC" are (in hex): 0x4a, 0x41, 0x43.
-
The next four numbers are 0123, so you
add 0x01 and 0x23.
-
The ASCII values of the four letters
"A4B5" are (in hex:) 0x41, 0x34, 0x42, 0x35.
The result is 0x4a 0x41 0x43 0x01 0x23 0x41
0x34 0x42 0x35. This is the hex-encoding of
"JAC0123A4B5".
Back to top
CPU
revision
This two-byte value obviously defines the CPU
revision number.
Different values been seen so far. We will
report later on this.
Back to top
More
to come
Descriptions of other cookie values will
follow soon...
Back to top
Reprogramming
the cookie
If you are sure your cookie values list is as
accurate as needed, boot the router and go to "priv"
rommon mode. Click here to find out how
to do this.
If you are in "priv" rommon mode,
type "cookie" and press Enter. The router starts
interviewing you. Briefly enter one after another all values from
your list. This should look like that:
rommon 2 > cookie
View/alter bytes of serial cookie by field --
Input hex byte(s) or: CR -> skip field; ? -> list values
byte 0x00 - Version: 00
> 01
byte 0x01 - Vendor (Recommended Value: 0x01): 00
> 01
bytes 0x02-0x07 - Ethernet HW Address: 00 00 00 00 00 00
> 00 b0 c2 8d c9 6f
byte 0x08-0x08 - Processor (Recommended Value: 0x3e): 00
> 3e
byte 0x09-0x09 - NVRAM Size (Recommended Values: 256K - 0x00): 00
> 00
byte 0x0a-0x0a - CPU Speed (Recommended Value: 50Mhz - 0x01): 00
> 01
byte 0x0b-0x0b - Unused: 00
> ff
bytes 0x0c-0x0d - On-board PM ID: 00 00
> 01 ff
bytes 0x0e-0x0f - MAC Address Allocated: 00 00
> 00 00
bytes 0x10-0x17: 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00
bytes 0x18-0x22: 00 00 00 00 00 00 00 00 00 00 00
> 4a 41 44 06 15 30 34 48 48 04 01
bytes 0x23-0x24 - Deviation: 00 00
> 00 00
bytes 0x25-0x2c: 00 00 00 00 00 00 00 00
> 00 00 00 00 ff ff ff 50
bytes 0x2d-0x2d - Board Config: 00
> 04
bytes 0x2e-0x31: 00 00 00 00
> 49 11 ec 03
bytes 0x32-0x37 - WAN MAC Address: 00 00 00 00 00 00
> ff ff ff ff ff ff
bytes 0x38-0x3f: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x40-0x47: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x48-0x4f: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x50-0x57: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x58-0x5f: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x60-0x67: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x68-0x6f: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x70-0x77: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
bytes 0x78-0x7f: 00 00 00 00 00 00 00 00
> ff ff ff ff ff ff ff ff
rommon 3 >
Now your cookie has been reprogrammed. Try to
boot the router by entering "b" and pressing enter. If
the router successfully boots, you are almost finished. If not,
some of the values you chose may be wrong, or you may have
mistyped some when entering them into the router. Don't give up,
just give it another try.
Back to top
Test
the router
Before using the router again in a production
environment, you should thoroughly test it.
The simplest tests are the following:
-
Use "show version" to check if
the Processor Board ID is correct.
-
Use "show interface ..." to check
if the first ethernet interface's MAC address is correct.
-
Run simple IP tests (ping etc.)
-
Let the router run at least some hours with
a console attached, then check for eventual messages or
reboots / crashes.
If the router passes all tests, you're finished.
Back to top
Article information
Current revision
|
Article ID |
BSKB-000001 |
|
Revision |
0.3 |
|
Last modification |
12/30/07 16:20:40 +0100
|
|
Keywords |
cisco router cookie corrupt prom eprom
eeprom resolve repair boot
|
Revision history
|
Revision |
Changes |
|
0.3 |
Added reference to "show diag" |
|
0.2 |
Some minor additions |
|
0.1 |
Initial pre-release |
Related articles
|
ID |
Title |
|
BSKB-000002 |
How to enter the password protected
"priv" rommon mode on cisco routers |
Disclaimer: The information in this article is provided "as
is". Use of this information is at your own risk. Bitshift
cannot be made responsible for any damage or financial loss that
arises from using information from this article.
Back to top
|