Bitshift Support

Help from competent people

Fehler: Navigationsleiste kann nicht angezeigt werden.

How to enter the password protected "priv" rommon mode on Cisco routers

Table of contents

Article summary
Products to which this information applies
What the "priv" mode is
Find out the password for the "priv" mode
How to enter the "priv" mode
Article information

Article summary

This article describes how to enter the password protected "priv" rommon mode on Cisco routers. It also describes how to find out the password.

The "priv" rommon mode can be used to restore a corrupt cookie. For more information see BSKB-000001.

Warning: The "priv" rommon mode offers commands that may damage your router. Use it at your own risk.

Products to which this information applies

All information in this article applies to Cisco routers of the following series:

800
1600 and 1600R

Although it is possible that some or all of the information in this article also applies to routers of other families, this has not been tested an thus cannot be guaranteed.

What the "priv" mode is

The "priv" rommon mode is a priviledged rommon mode that normally is not available to the customer, but only to cisco support personnel. It offers an additional set of undocumented commands.

Find out the password for the "priv" mode

The "priv" mode is password protected. This password is derived from the routers cookie value, and thus it is different for each box. A valid password for one router cannot be used on another router, even it is exactly the same hardware.

To find out the password, boot the router and enter rommon mode by pressing the break key sequence. Click here for more information on valid break key sequences.
You should see output similar to the following:

System Bootstrap, Version 12.2(4r)XM1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
C800/SOHO series (Board ID: 13-62) platform with 32768 Kbytes of main memory

rommon 1 >

Type "cookie" and press enter. The router should display it's current cookie, similar to the following.

rommon 1 > cookie

cookie:
01 01 00 04 27 fe 00 ea 3e 00 01 ff 01 ff 00 00
00 00 00 00 00 00 00 00 4a 41 42 01 02 41 42 43
44 04 01 00 00 00 00 00 00 ff ff ff 50 04 49 11
ec 03 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
rommon 2 >

Now use your terminal to copy the cookie into the following field, then press "Calculate".

How to enter the "priv" mode

To enter the "priv" mode, boot your router and enter rommon by pressing the break sequence. You should see output similar to the following:

Type "?" and press enter. A list of about 25 available commands appears.

rommon 1 > ?
alias               set and display aliases command
boot                boot up an external process
break               set/show/clear the breakpoint
confreg             configuration register utility
cont                continue executing a downloaded image
context             display the context of a loaded image
cookie              display contents of cookie PROM in hex
dev                 list the device table
dir                 list files in file system
dis                 display instruction stream
dnld                serial download a program module
frame               print out a selected stack frame
help                monitor builtin command help
history             monitor command history
meminfo             main memory information
repeat              repeat a monitor command
reset               system reset
set                 display the monitor variables
stack               produce a stack trace
sync                write monitor environment to NVRAM
sysret              print out info from last system return
tftpdnld            tftp image download
unalias             unset an alias
unset               unset a monitor variable
xmodem              x/ymodem image download
rommon 2 >

Then type the command "priv". A password prompt appears.

rommon 2 > priv
Password:

Enter the password and press enter. The router's output should be a text similar to this:

rommon 2 > priv
Password:
You now have access to the full set of monitor commands.
Warning: some commands will allow you to destroy your
configuration and/or system images and could render
the machine unbootable.
rommon 3 >

If you don't see this message, your password was wrong. Simply try again.

You are now in "priv" rommon mode. Type "?" and press enter again. A much longer list of available commands appears.

rommon 3 > ?
addrloop            walk 1 thru range of addresses
alias               set and display aliases command
alter               alter locations in memory
berrscan            scan range of addresses for bus errors
boot                boot up an external process
break               set/show/clear the breakpoint
call                call a subroutine at address with converted hex args
cat                 concatenate files
checksum            checksum a block of memory
clrerr              clear the error log
compare             compare two blocks of memory
confreg             configuration register utility
cont                continue executing a downloaded image
context             display the context of a loaded image
cookie              display contents of cookie PROM in hex
cpu                 cpu / system information and control
dev                 list the device table
dir                 list files in file system
dis                 display instruction stream
dnld                serial download a program module
dump                display a block of memory
echo                monitor echo command
errlog              display the error log
fdump               file dump utility
fill                fill a block of memory
flash               flash services command
frame               print out a selected stack frame
help                monitor builtin command help
history             monitor command history
ifill               fill a block of memory w/incrementing pattern
initfs              re-initialize the file system access structures
jump                call a subroutine at address with argc/argv
launch              launch a downloaded image
memdebug            write/read/verify scope loop
meminfo             main memory information
memloop             write or read scope loop
memtest             simple memory test
menu                main diagnostic menu
move                move a block of memory
repeat              repeat a monitor command
reset               system reset
set                 display the monitor variables
sleep               millisecond sleep command
speed               timed performance loop
stack               produce a stack trace
sync                write monitor environment to NVRAM
sysret              print out info from last system return
tcal                timer calibration test
tftpdnld            tftp image download
tscope              timer scope loop
unalias             unset an alias
unset               unset a monitor variable
watchdog            test watchdog rebooting of the box
xmodem              x/ymodem image download
rommon 4 >

Article information

Current revision

	Article ID	BSKB-000002
	Revision	1.0
	Last modification	05/05/08 23:54:39 +0200
	Keywords	cisco router rommon priv password protected cookie boot

Revision history

	Revision	Changes
	1.0	Initial release

	ID	Title
	BSKB-000001	How to resolve the "Warning: Cookie information is corrupt" error on cisco routers

Disclaimer: The information in this article is provided "as is". Use of this information is at your own risk. Bitshift cannot be made responsible for any damage or financial loss that arises from using information from this article.

Sitemap - Search - AGB - AUP

This page and all content as well as any embedded code are protected by international laws. Any reproduction of all or parts without permission is strictly prohibited.