How to enter the password protected "priv" rommon
mode on Cisco routers
Table of contents
Article summary
This article describes how to enter the
password protected "priv" rommon mode on Cisco routers.
It also describes how to find out the password.
The "priv" rommon mode can be used to
restore a corrupt cookie. For more information see BSKB-000001.
Warning: The "priv" rommon mode
offers commands that may damage your router. Use it at your own
risk.
Back to top
Products to which this information applies
All information in this article applies to Cisco routers of the following series:
Although it is possible that some or all of the
information in this article also applies to routers of other
families, this has not been tested an thus cannot be guaranteed.
Back to top
What
the "priv" mode is
The "priv" rommon mode is a priviledged rommon
mode that
normally is not available to the customer, but only to cisco
support personnel. It offers an additional set of undocumented commands.
Back to top
Find
out the password for the "priv" mode
The "priv" mode is password
protected. This password is derived from the routers cookie value,
and thus it is different for each box. A valid password for one
router cannot be used on another router, even it is exactly the
same hardware.
To find out the password, boot the router and
enter rommon mode by pressing the break key sequence. Click
here for more information on valid break key sequences.
You should see output similar to the following:
System Bootstrap, Version 12.2(4r)XM1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
C800/SOHO series (Board ID: 13-62) platform with 32768 Kbytes of main memory
rommon 1 >
Type "cookie" and press enter. The
router should display it's current cookie, similar to the
following.
rommon 1 > cookie
cookie:
01 01 00 04 27 fe 00 ea 3e 00 01 ff 01 ff 00 00
00 00 00 00 00 00 00 00 4a 41 42 01 02 41 42 43
44 04 01 00 00 00 00 00 00 ff ff ff 50 04 49 11
ec 03 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
rommon 2 >
Now use your terminal to copy the cookie into the following field, then press
"Calculate".
Back to top
How
to enter the "priv" mode
To enter the "priv" mode, boot your
router and enter rommon by pressing the break sequence. You should
see output similar to the following:
System Bootstrap, Version 12.2(4r)XM1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 2001 by cisco Systems, Inc.
C800/SOHO series (Board ID: 13-62) platform with 32768 Kbytes of main memory
rommon 1 >
Type "?" and press enter. A list of
about 25 available commands appears.
rommon 1 > ?
alias
set and display aliases command
boot
boot up an external process
break
set/show/clear the breakpoint
confreg
configuration register utility
cont
continue executing a downloaded image
context
display the context of a loaded image
cookie
display contents of cookie PROM in hex
dev
list the device table
dir
list files in file system
dis
display instruction stream
dnld
serial download a program module
frame
print out a selected stack frame
help
monitor builtin command help
history
monitor command history
meminfo
main memory information
repeat
repeat a monitor command
reset
system reset
set
display the monitor variables
stack
produce a stack trace
sync
write monitor environment to NVRAM
sysret
print out info from last system return
tftpdnld
tftp image download
unalias
unset an alias
unset
unset a monitor variable
xmodem
x/ymodem image download
rommon 2 >
Then type the command "priv". A password
prompt appears.
rommon 2 > priv
Password:
Enter the password and press enter. The router's output
should be a text similar to this:
rommon 2 > priv
Password:
You now have access to the full set of monitor commands.
Warning: some commands will allow you to destroy your
configuration and/or system images and could render
the machine unbootable.
rommon 3 >
If you don't see this message, your password
was wrong. Simply try again.
You are now in "priv" rommon mode.
Type "?" and press enter again. A much longer list of
available commands appears.
rommon 3 > ?
addrloop
walk 1 thru range of addresses
alias
set and display aliases command
alter
alter locations in memory
berrscan
scan range of addresses for bus errors
boot
boot up an external process
break
set/show/clear the breakpoint
call
call a subroutine at address with converted hex args
cat
concatenate files
checksum
checksum a block of memory
clrerr
clear the error log
compare
compare two blocks of memory
confreg
configuration register utility
cont
continue executing a downloaded image
context
display the context of a loaded image
cookie
display contents of cookie PROM in hex
cpu
cpu / system information and control
dev
list the device table
dir
list files in file system
dis
display instruction stream
dnld
serial download a program module
dump
display a block of memory
echo
monitor echo command
errlog
display the error log
fdump
file dump utility
fill
fill a block of memory
flash
flash services command
frame
print out a selected stack frame
help
monitor builtin command help
history
monitor command history
ifill
fill a block of memory w/incrementing pattern
initfs
re-initialize the file system access structures
jump
call a subroutine at address with argc/argv
launch
launch a downloaded image
memdebug
write/read/verify scope loop
meminfo
main memory information
memloop
write or read scope loop
memtest
simple memory test
menu
main diagnostic menu
move
move a block of memory
repeat
repeat a monitor command
reset
system reset
set
display the monitor variables
sleep
millisecond sleep command
speed
timed performance loop
stack
produce a stack trace
sync
write monitor environment to NVRAM
sysret
print out info from last system return
tcal
timer calibration test
tftpdnld
tftp image download
tscope
timer scope loop
unalias
unset an alias
unset
unset a monitor variable
watchdog
test watchdog rebooting of the box
xmodem
x/ymodem image download
rommon 4 >
Back to top
Article information
Current revision
|
Article ID |
BSKB-000002 |
|
Revision |
1.0 |
|
Last modification |
05/05/08 23:54:39 +0200
|
|
Keywords |
cisco router rommon priv password
protected cookie boot
|
Revision history
|
Revision |
Changes |
|
1.0 |
Initial release |
Related articles
|
ID |
Title |
|
BSKB-000001 |
How to resolve the "Warning: Cookie
information is corrupt" error on cisco routers |
Disclaimer: The information in this article is provided "as
is". Use of this information is at your own risk. Bitshift
cannot be made responsible for any damage or financial loss that
arises from using information from this article.
Back to top
|