Installing the Software

This chapter includes the following sections:

Overview

Installing software on the router involves installing a consolidated package (bootable image). This consists of a bundle of subpackages (modular software units), with each subpackage controlling a different set of functions.

These are the two main methods to install the software:

It is better to upgrade software in a planned period of maintenance when an interruption in service is acceptable. The router needs to be rebooted for a software upgrade to take effect.

ROMMON Images

A ROMMON image is a software package used by ROM Monitor (ROMMON) software on a router. The software package is separate from the consolidated package normally used to boot the router.

An independent ROMMON image (software package) may occasionally be released and the router can be upgraded with the new ROMMON software.


Note

A new version of the ROMMON image is not necessarily released at the same time as a consolidated package for a router.

Provisioning Files

This section provides background information about the files and processes used in Managing and Configuring a Router to Run Using Individual Packages.

The consolidated package on a router consists of a collection of subpackages and a provisioning file titled packages.conf. To run the software, the usual method used is to boot the consolidated package, which is copied into memory, expanded, mounted, and run within memory. The provisioning file's name can be renamed but subpackage file's names cannot be renamed. The provisioning file and subpackage files must be kept in the same directory. The provisioning file does not work properly if any individual subpackage file is contained within a different directory.


Note

An exception to this is that if a new or upgraded module firmware package is subsequently installed, it need not be in the same directory as the provisioning file.

Configuring a router to boot, using the provisioning file packages.conf, is beneficial because no changes have to be made to the boot statement after the Cisco IOS XE software is upgraded.

File Systems

The following table provides a list of file systems that can be seen on the Cisco Terminal Gateway.

Table 1. Router File Systems

File System

Description

bootflash:

Boot flash memory file system.

flash:

Alias to the boot flash memory file system above.

harddisk:

Hard disk file system (if NIM-SSD, NIM-HDD, or internal M.2 flash device is present in the router).

Note

 

The internal M.2 flash device is supported only on Cisco 1100 Terminal Server Gateway.

cns:

Cisco Networking Services file directory.

nvram:

Router NVRAM. You can copy the startup configuration to NVRAM or from NVRAM.

obfl:

File system for Onboard Failure Logging (OBFL) files.

system:

System memory file system, which includes the running configuration.

tar:

Archive file system.

tmpsys:

Temporary system files file system.

usb0: USB 3.0 Type- A

usb1: USB 3.0 Type-B

The Universal Serial Bus (USB) flash drive file systems.

Note

 

The USB flash drive file system is visible only if a USB drive is installed in usb0: or usb1: ports.

Use the ? help option, or use the copy command in command reference guides, if you find a file system that is not listed in the table above.

Autogenerated File Directories and Files

This section discusses the autogenerated files and directories that can be created, and how the files in these directories can be managed.

Table 2. Autogenerated Files

File or Directory

Description

crashinfo files

Crashinfo files may appear in the bootflash: file system.

These files provide descriptive information of a crash and may be useful for tuning or troubleshooting purposes. However, the files are not part of router operations, and can be erased without impacting the functioning of the router.

core directory

The storage area for .core files.

If this directory is erased, it will automatically regenerate itself at bootup. The .core files in this directory can be erased without impacting any router functionality, but the directory itself should not be erased.

lost+found directory

This directory is created on bootup if a system check is performed. Its appearance is completely normal and does not indicate any issues with the router.

tracelogs directory

The storage area for trace files.

Trace files are useful for troubleshooting. If the Cisco IOS process fails, for instance, users or troubleshooting personnel can access trace files using diagnostic mode to gather information related to the Cisco IOS failure.

Trace files, however, are not a part of router operations, and can be erased without impacting the router's performance.

Important Notes About Autogenerated Directories

Important information about autogenerated directories include:

  • Autogenerated files on the bootflash: directory should not be deleted, renamed, moved, or altered in any way unless directed by Cisco customer support.


    Note

    Altering autogenerating files on the bootflash: may have unpredictable consequences for system performance.

  • Crashinfo, core, and trace files can be deleted.

Flash Storage

Subpackages are installed to local media storage, such as flash. For flash storage, use the dir bootflash: command to list the file names.


Note

Flash storage is required for successful operation of a router.

Configuring the Configuration Register for Autoboot

The configuration register can be used to change router behavior. This includes controlling how the router boots. Set the configuration register to 0x0 to boot into ROM, by using one of the following commands:

  • In Cisco IOS configuration mode, use the config-reg 0x0 command.

  • From the ROMMON prompt, use the confreg 0x0 command.

For more information about the configuration register, see Use of the Configuration Register on All Cisco Routers.


Note

Setting the configuration register to 0x2102 will set the router to autoboot the Cisco IOS XE software.


Note

The console baud rate is set to 9600 after changing the confreg to 0x2102 or 0x0. If you cannot establish a console session after setting confreg, or garbage output appears, change the setting on your terminal emulation software to 9600.

How to Install and Upgrade the Software

To install or upgrade the software, use one of the following methods to use the software from a consolidated package or an individual package. Also see the overview section.

Managing and Configuring a Router to Run Using a Consolidated Package


Note
Do not use these procedures if you also need to install any optional subpackages or plan to upgrade individual subpackages. See Managing and Configuring a Router to Run Using Individual Packages.

Managing and Configuring a Consolidated Package Using copy and boot Commands

To upgrade a consolidated package, copy the consolidated package to the bootflash: directory on the router using the copy command. After making this copy of the consolidated package, configure the router to boot using the consolidated package file.

The following example shows the consolidated package file being copied to the bootflash: file system via TFTP. The config register is then set to boot using boot system commands, and the boot system commands instruct the router to boot using the consolidated package stored in the bootflash: file system. The new configuration is then saved using the copy running-config startup-config command, and the system is then reloaded to complete the process. 

Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 Mar 18 2008 17:31:17 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
 
928862208 bytes total (712273920 bytes free)
 
Router# copy tftp: bootflash:
Address or name of remote host []? 172.17.16.81
Source filename []? /auto/tftp-users/user/isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin
Destination filename [isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin]?
Accessing
tftp://172.17.16.81//auto/tftp-users/user/isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin
...
Loading /auto/tftp-users/user/isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin from
172.17.16.81 (via GigabitEthernet0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
[OK - 208904396 bytes]
208904396 bytes copied in 330.453 secs (632176 bytes/sec)
Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 Mar 18 2008 17:31:17 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
12 -rw- 208904396 May 28 2008 16:17:34 -07:00
isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin
928862208 bytes total (503156736 bytes free)
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# boot system flash bootflash:isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin
Router(config)# config-reg 0x2102
Router(config)# exit
Router# show run | include boot
boot-start-marker
boot system flash bootflash:isr4400-universalk9.03.10.00.S.153-3.S-ext.SPA.bin
boot-end-marker
Router# copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Router# reload

Configuring a Router to Boot the Consolidated Package via TFTP Using the boot Command: Example 

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#boot system tftp://10.74.48.3/c1100tg-universalk9.17.02.01r.SPA.bin
Router(config)#config-register 0x2102
Router(config)#exit

Router#show run | include boot
boot-start-marker
boot system bootflash:c1100tg-universalk9.BLD_POLARIS_DEV_LATEST_20200506_055739.SSA.bin
boot system tftp://10.74.48.3/c1100tg-universalk9.17.02.01r.SPA.bin
boot-end-marker
diagnostic bootup level minimal
Router# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router# reload
Proceed with reload? [confirm]
May 15 17:42:54.445 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit with 
reload chassis code
 
 
Initializing Hardware ...
 
ECC Support : NO

Checking for PCIe device presence...done
System integrity status: 0x610
Rom image verified correctly

System BootStrap, Version 17.2.1, 1913f73a, Tue 11/26/2019
Copyright (c) 1994-2019  by cisco Systems, Inc.


Current image running: Boot ROM1

Last reset cause: LocalSoft
C1100TG-1N24P32A platform with 4194304 Kbytes of main memory


........

          IP_ADDRESS: 10.75.163.169
      IP_SUBNET_MASK: 255.255.255.0
     DEFAULT_GATEWAY: 10.75.163.1
         TFTP_SERVER: 10.74.48.3
           TFTP_FILE: c1100tg-universalk9.17.02.01r.SPA.bin
        TFTP_MACADDR: 00:A0:C9:00:00:00
          ETHER_PORT: 0


Validating dev_mode signature

dev_mode validation succeeded for token 00A0C9000000 (0)
DevMode is enabled
Package header rev 3 structure detected
IsoSize = 543461376
Calculating SHA-1 hash...Validate package: SHA-1 hash:
        calculated 9FA1303E:AA3924C8:DE4A7528:F89D6172:D7BD4201
        expected   9FA1303E:AA3924C8:DE4A7528:F89D6172:D7BD4201
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
.

            Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           Cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.2.1r, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Apr-20 23:27 by mcpre


This software version supports only Smart Licensing as the software licensing mechanism.


PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,
AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE
"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL
ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU
ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.

Your use of the Software is subject to the Cisco End User License Agreement
(EULA) and any relevant supplemental terms (SEULA) found at
http://www.cisco.com/c/en/us/about/legal/cloud-and-software/software-terms.html.

You hereby acknowledge and agree that certain Software and/or features are
licensed for a particular term, that the license to such Software and/or
features is valid only for the applicable term and that such Software and/or
features may be shut down or otherwise terminated by Cisco after expiration
of the applicable license term (e.g., 90-day trial period). Cisco reserves
the right to terminate any such Software feature electronically or by any
other means available. While Cisco may provide alerts, it is your sole
responsibility to monitor your usage of any such term Software feature to
ensure that your systems and networks are prepared for a shutdown of the
Software feature.




All TCP AO KDF Tests Pass
cisco C1100TG-1N24P32A (1RU) processor with 1392289K/6147K bytes of memory.
Processor board ID PSZ23461E0E
Router operating mode: Autonomous
1 Virtual Ethernet interface
26 Gigabit Ethernet interfaces
64 terminal lines
8192K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
6565887K bytes of flash memory at bootflash:.

no device-tracking logging theft
     ^
% Invalid input detected at '^' marker.



Press RETURN to get started! 
 
Router>
Router>
Router>enable
Router# show version
Cisco IOS XE Software, Version 17.02.01r
Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.2.1r, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Apr-20 23:27 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2020 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON

RSBL uptime is 5 minutes
Uptime for this control processor is 7 minutes
System returned to ROM by Reload Command
System image file is "tftp://10.74.48.3/c1100tg-universalk9.17.02.01r.SPA.bin"
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.



Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite                 Suite Current         Type           Suite Next reboot
--------------------------------------------------------------------------------

Technology Package License Information:

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
appxk9           None             Smart License    None
securityk9       None             Smart License    None
ipbase           ipbasek9         Smart License    ipbasek9

The current throughput level is 500000 kbps


Smart Licensing Status: UNREGISTERED/No Licenses in Use

cisco C1100TG-1N24P32A (1RU) processor with 1392289K/6147K bytes of memory.
Processor board ID PSZ23461E0E
Router operating mode: Autonomous
1 Virtual Ethernet interface
26 Gigabit Ethernet interfaces
64 terminal lines
8192K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
6565887K bytes of flash memory at bootflash:.

Configuration register is 0x2102

Managing and Configuring a Router to Run Using Individual Packages

To choose between running individual packages or a consolidated package, see Overview section.

The following topics are included in this section:

Installing Subpackages from a Consolidated Package

Perform the following procedure to obtain the consolidated package from a TFTP server.

Another variation of this procedure obtains the consolidated package from a USB flash drive. This is described in Installing Subpackages from a Consolidated Package on a Flash Drive.

Before you begin

Copy the consolidated package to the TFTP server.

SUMMARY STEPS

  1. show version
  2. dir bootflash:
  3. show platform
  4. mkdir bootflash: URL-to-directory-name
  5. request platform software package expand file URL-to-consolidated-package to URL-to-directory-name
  6. reload
  7. boot URL-to-directory-name/packages.conf
  8. show version installed

DETAILED STEPS

  Command or Action Purpose

Step 1

show version

Example:

Router# show version
Cisco IOS XE Software, Version 17.02.01r
Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.2.1r, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Apr-20 23:27 by mcpre
.
.
.

Shows the version of software running on the router. This can later be compared with the version of software to be installed.

Step 2

dir bootflash:

Example:

Router# dir bootflash:

Displays the previous version of software and that a package is present.

Step 3

show platform

Example:

Router# show platform
Chassis type: C1100TG-1N24P32A

Displays the inventory.

Step 4

mkdir bootflash: URL-to-directory-name

Example:

Router# mkdir bootflash:mydir

Creates a directory to save the expanded software image.

You can use the same name as the image to name the directory.

Step 5

request platform software package expand file URL-to-consolidated-package to URL-to-directory-name

Example:

Router#  request platform software package expand file 
bootflash:c1100tg-universalk9.17.02.01r.SPA.bin to bootflash:mydir

Expands the software image from the TFTP server (URL-to-consolidated-package) into the directory used to save the image (URL-to-directory-name), which was created in Step 4.

Step 6

reload

Example:

Router# reload
rommon >

Enables ROMMON mode, which allows the software in the consolidated file to be activated.

Step 7

boot URL-to-directory-name/packages.conf

Example:

rommon 1 > boot bootflash:mydir/packages.conf

Boots the consolidated package, by specifying the path and name of the provisioning file: packages.conf.

Step 8

show version installed

Example:

Router# show version installed
Package: Provisioning File, version: n/a, status: active

Displays the version of the newly installed software.

Examples

The initial part of the example shows the consolidated package, c1100tg-universalk9.17.02.01r.SPA.bin, being copied to the TFTP server. This is a prerequisite step. The remaining part of the example shows the consolidated file, packages.conf, being booted. 

Router# copy tftp:c1100tg-universalk9.17.02.01r.SPA.bin bootflash:
Address or name of remote host []? 1.1.1.1
Destination filename [c1100tg-universalk9.17.02.01r.SPA.bin]?
Accessing tftp://1.1.1.1/c1100tg-universalk9.17.02.01r.SPA.bin...
Loading /c1100tg-universalk9.17.02.01r.SPA.bin from 1.1.1.1 (via GigabitEthernet0): !!!!!!!!
[OK - 410506248 bytes]
 
410506248 bytes copied in 338.556 secs (1212521 bytes/sec)
 
 
Router# show version
Cisco IOS XE Software, Version 17.02.01r
Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.2.1r, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Apr-20 23:27 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2020 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON

RSBL uptime is 5 minutes
Uptime for this control processor is 7 minutes
System returned to ROM by Reload Command
System image file is "tftp://10.74.48.3/c1100tg-universalk9.17.02.01r.SPA.bin"
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.



Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite                 Suite Current         Type           Suite Next reboot
--------------------------------------------------------------------------------

Technology Package License Information:

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
appxk9           None             Smart License    None
securityk9       None             Smart License    None
ipbase           ipbasek9         Smart License    ipbasek9

The current throughput level is 500000 kbps


Smart Licensing Status: UNREGISTERED/No Licenses in Use

cisco C1100TG-1N24P32A (1RU) processor with 1392289K/6147K bytes of memory.
Processor board ID PSZ23461E0E
Router operating mode: Autonomous
1 Virtual Ethernet interface
26 Gigabit Ethernet interfaces
64 terminal lines
8192K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
6565887K bytes of flash memory at bootflash:.

Configuration register is 0x2102

Router# dir bootflash:
Directory of bootflash:/
 
11 drwx 16384 May 3 2012 19:58:37 +00:00 lost+found
178465 drwx 4096 Jun 6 2012 15:20:20 +00:00 core
584065 drwx 4096 Jul 13 2012 19:19:00 +00:00 .prst_sync
405601 drwx 4096 May 3 2012 19:59:30 +00:00 .rollback_timer
113569 drwx 40960 Jul 13 2012 19:19:32 +00:00 tracelogs
64897 drwx 4096 May 3 2012 19:59:42 +00:00 .installer
13 -rw- 1305 May 7 2012 17:43:42 +00:00 startup-config
14 -rw- 1305 May 7 2012 17:43:55 +00:00 running-config
15 -r-- 1541 Jun 4 2012 18:32:41 +00:00 debug.conf
16 -rw- 1252 May 22 2012 19:58:39 +00:00 running-config-20120522
519169 drwx 4096 Jun 4 2012 15:29:01 +00:00 vman_fdb
 
7451738112 bytes total (7067635712 bytes free)
 
 
 
Router# show platform
Chassis type: C1100TG-1N24P32A

Slot      Type                State                 Insert time (ago)
--------- ------------------- --------------------- -----------------
0         C1100TG-1N24P32A    ok                    00:13:53
 0/0      C1100TG-2x1GE       ok                    00:12:31
 0/1      C1100TG-A-48        ok                    00:12:31
 0/2      C1100TG-ES-24       ok                    00:12:31
 0/3      NIM-16A             ok                    00:12:31
R0        C1100TG-1N24P32A    ok, active            00:13:53
F0        C1100TG-1N24P32A    ok, active            00:13:53
P0        PWR-12V             empty                 never
P2        C1100TG-FANASSY     ok                    00:13:23

Slot      CPLD Version        Firmware Version
--------- ------------------- ---------------------------------------
0         2004172A            17.2.1, 1913f73a
R0        2004172A            17.2.1, 1913f73a
F0        2004172A            17.2.1, 1913f73a

Router# mkdir bootflash:c1100tg-universalk9.17.02.01r.dir1
Create directory filename [c1100tg-universalk9.17.02.01r.dir1]?
Created dir bootflash:/c1100tg-universalk9.17.02.01r.dir1
Router# request platform software package expand file bootflash:c1100tg-universalk9.NIM.bin 
to bootflash:c1100tg-universalk9.17.02.01r.dir1
Verifying parameters
Validating package type
Copying package files
SUCCESS: Finished expanding all-in-one software package.
 
Router# reload
Proceed with reload? [confirm]
 
*May 15 19:39:06.354: %SYS-5-RELOAD: Reload requested by console.Reload Reason: Reload Command.
 
rommon 1 > boot bootflash:c1100tg-universalk9.17.02.01r.dir1/packages.conf
 
File size is 0x00002836
Located c1100tg-universalk9.17.02.01r.dir1/packages.conf
Image size 10294 inode num 324484, bks cnt 3 blk size 8*512
#
File is comprised of 1 fragments (33%)
 
is_valid_sha1hash: SHA-1 hash:
calculated 62f6235a:fc98eb3a:85ce183e:834f1cb3:8a1f71d1
expected 62f6235a:fc98eb3a:85ce183e:834f1cb3:8a1f71d1
File size is 0x04b3dc00
Located c1100tg-universalk9.17.02.01r.dir1/c1100tg-mono-universalk9-build_164422SSA.pkg
Image size 78896128 inode num 324491, bks cnt 19262 blk size 8*512
##############################################################################################
File is comprised of 21 fragments (0%)
.....
 
 
 
Router# show version installed
Package: Provisioning File, version: n/a, status: active
File: bootflash:ic1100tg-universalk9.17.02.01r9.dir1/packages.conf, on: RP0
Built: n/a, by: n/a
File SHA1 checksum: ad09affd3f8820f4844f27acc1add502e0b8f459
 Cisco IOS XE Software, Version 17.02.01r
Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.2.1r, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Apr-20 23:27 by mcpre
File SHA1 checksum: 5e95c9cbc4eaf5a4a5a1ac846ee2d0f41d1a026b

Installing Subpackages from a Consolidated Package on a Flash Drive

The steps for installing subpackages from a consolidated package on a USB flash drive are similar to those described in Installing Subpackages from a Consolidated Pacakage section .

Procedure

Step 1

show version

Step 2

dir usbn:

Step 3

show platform

Step 4

mkdir bootflash:URL-to-directory-name

Step 5

request platform software package expand fileusbn: package-name to URL-to-directory-name

Step 6

reload

Step 7

boot URL-to-directory-name/packages.conf

Step 8

show version installed

Installing a Firmware Subpackage

Before you begin

Obtain a consolidated package that contains your required firmware package and expand the package. (See Managing and Configuring a Router to Run Using Individual Packages.) Make a note of the location and name of the firmware package and use this information in the steps below for URL-to-package-name.

You can install a firmware subpackage if the router has been configured using, for example, Managing and Configuring a Router to Run Using Individual Packages.

Firmware subpackages are not released individually. You can select a firmware package from within a consolidated package after expanding the consolidated package. The firmware package can then be installed as shown in the procedure below.


Note

Read the Release Notes document pertaining to the consolidated package to verify that the firmware within the consolidated package is compatible with the version of Cisco IOS XE software that is currently installed on a router.

SUMMARY STEPS

  1. show version
  2. dir bootflash:
  3. show platform
  4. mkdir bootflash: URL-to-directory-name
  5. request platform software package expand file URL-to-consolidated-package to URL-to-directory-name
  6. reload
  7. boot URL-to-directory-name /packages.conf
  8. show version installed

DETAILED STEPS

  Command or Action Purpose

Step 1

show version

Example:

Router# show version
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Experimental Version 15.3(20120627:221639) [build_151722 111]
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 28-Jun-12 15:17 by mcpre
.
.
.

Shows the version of software running on the router. This can later be compared with the version of software to be installed.

Step 2

dir bootflash:

Example:

Router# dir bootflash:

Displays the previous version of software and that a package is present.

Step 3

show platform

Example:

Router# show platform
Chassis type: ISR4451/K9

Checks the inventory.

Also see the example in Installing Subpackages from a Consolidated Package section.

Step 4

mkdir bootflash: URL-to-directory-name

Example:

Router# mkdir bootflash:mydir

Creates a directory to save the expanded software image.

You can use the same name as the image to name the directory.

Step 5

request platform software package expand file URL-to-consolidated-package to URL-to-directory-name

Example:

Router#   request platform software package expand file 
bootflash:c1100tg-universalk9-NIM.bin to bootflash:mydir

Expands the software image from the TFTP server (URL-to-consolidated-package) into the directory used to save the image (URL-to-directory-name), which was created in the Step 4.

Step 6

reload

Example:

Router# reload
rommon >

Enables ROMMON mode, which allows the software in the consolidated file to be activated.

Step 7

boot URL-to-directory-name /packages.conf

Example:

rommon 1 > boot bootflash:mydir/packages.conf

Boots the consolidated package by specifying the path and name of the provisioning file: packages.conf.

Step 8

show version installed

Example:

Router# show version installed
Package: Provisioning File, version: n/a, status: active

Displays the version of the newly installed software.

Examples

The initial part of the following example shows the consolidated package, isr4400-universalk9.164422SSA.bin, being copied to the TFTP server. This is a prerequisite step. The remaining part of the example shows the consolidated file, packages.conf, being booted. 

Router# tftp:isr4400/isr4400-universalk9.164422SSA.bin bootflash:
Address or name of remote host []? 1.1.1.1
Destination filename [isr4400-universalk9.164422SSA.bin]?
Accessing tftp://1.1.1.1/isr4400/isr4400-universalk9.164422SSA.bin...
Loading isr4400/isr4400-universalk9.164422SSA.bin from 1.1.1.1 (via GigabitEthernet0): !!!!!!!!
[OK - 410506248 bytes]
 
410506248 bytes copied in 338.556 secs (1212521 bytes/sec)
 
 
Router# show version
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Experimental Version 
15.3(20120627:221639) [build_151722 111]
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 28-Jun-12 15:17 by mcpre
 
IOS XE Version: 2012-06-28_15.31_mcpre
 
Cisco IOS-XE software, Copyright (c) 2005-2012 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
 
 
ROM: IOS-XE ROMMON
 
Router uptime is 0 minutes
Uptime for this control processor is 3 minutes
System returned to ROM by reload
System image file is "tftp:isr4400/isr4400.bin"
Last reload reason: Reload Command
 
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
 
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
 
If you require further assistance please contact us by sending email to
export@cisco.com.
 
License Level: adventerprise
License Type: EvalRightToUse
Next reload license Level: adventerprise
cisco ISR4451/K9 (2RU) processor with 1136676K/6147K bytes of memory.
Processor board ID FGL161611AB
4 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7393215K bytes of Compact flash at bootflash:.
 
Configuration register is 0x8000
 
Router# dir bootflash:
Directory of bootflash:/
 
11 drwx 16384 May 3 2012 19:58:37 +00:00 lost+found
178465 drwx 4096 Jun 6 2012 15:20:20 +00:00 core
584065 drwx 4096 Jul 13 2012 19:19:00 +00:00 .prst_sync
405601 drwx 4096 May 3 2012 19:59:30 +00:00 .rollback_timer
113569 drwx 40960 Jul 13 2012 19:19:32 +00:00 tracelogs
64897 drwx 4096 May 3 2012 19:59:42 +00:00 .installer
13 -rw- 1305 May 7 2012 17:43:42 +00:00 startup-config
14 -rw- 1305 May 7 2012 17:43:55 +00:00 running-config
15 -r-- 1541 Jun 4 2012 18:32:41 +00:00 debug.conf
16 -rw- 1252 May 22 2012 19:58:39 +00:00 running-config-20120522
519169 drwx 4096 Jun 4 2012 15:29:01 +00:00 vman_fdb
 
7451738112 bytes total (7067635712 bytes free)
 
 
 
Router# show platform
Chassis type: ISR4451/K9
 
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ISR4451/K9 ok 15:57:33
0/0 ISR4451-6X1GE ok 15:55:24
1 ISR4451/K9 ok 15:57:33
1/0 SM-1T3/E3 ok 15:55:24
2 ISR4451/K9 ok 15:57:33
2/0 SM-1T3/E3 ok 15:55:24
R0 ISR4451/K9 ok, active 15:57:33
F0 ISR4451-FP ok, active 15:57:33
P0 Unknown ps, fail never
P1 XXX-XXXX-XX ok 15:56:58
P2 ACS-4450-FANASSY ok 15:56:58
 
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
0 12090323 15.3(01r)S [ciscouser-ISRRO...
1 12090323 15.3(01r)S [ciscouser-ISRRO...
2 12090323 15.3(01r)S [ciscouser-ISRRO...
R0 12090323 15.3(01r)S [ciscouser-ISRRO...
F0 12090323 15.3(01r)S [ciscouser-ISRRO...
 
Router# mkdir bootflash:isr4400-universalk9.dir1
Create directory filename [isr4400-universalk9.dir1]?
Created dir bootflash:/isr4400-universalk9.dir1
Router# request platform software package expand file bootflash:isr4400-universalk9.NIM.bin to
 bootflash:isr4400-universalk9.dir1
Verifying parameters
Validating package type
Copying package files
SUCCESS: Finished expanding all-in-one software package.
 
Router# reload
Proceed with reload? [confirm]
 
*Jul 13 19:39:06.354: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
 
rommon 1 > boot bootflash:isr4400-universalk9.dir1/packages.conf
 
File size is 0x00002836
Located isr4400-universalk9.dir1/packages.conf
Image size 10294 inode num 324484, bks cnt 3 blk size 8*512
#
File is comprised of 1 fragments (33%)
 
is_valid_sha1hash: SHA-1 hash:
calculated 62f6235a:fc98eb3a:85ce183e:834f1cb3:8a1f71d1
expected 62f6235a:fc98eb3a:85ce183e:834f1cb3:8a1f71d1
File size is 0x04b3dc00
Located isr4400-universalk9.dir1/isr4400-mono-universalk9-build_164422SSA.pkg
Image size 78896128 inode num 324491, bks cnt 19262 blk size 8*512
##############################################################################################
File is comprised of 21 fragments (0%)
.....
 
 
 
Router# show version installed
Package: Provisioning File, version: n/a, status: active
File: bootflash:isr4400-universalk9.dir1/packages.conf, on: RP0
Built: n/a, by: n/a
File SHA1 checksum: ad09affd3f8820f4844f27acc1add502e0b8f459
 
Package: rpbase, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-mono-universalk9-build_164422SSA.pkg, on: RP0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 5e95c9cbc4eaf5a4a5a1ac846ee2d0f41d1a026b
 
Package: firmware_attributes, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_attributes_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 71614f2d9cbe7f96d3c6e99b67d514bd108c6c99
 
Package: firmware_dsp_sp2700, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_dsp_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 8334565edf7843fe246783b1d5c6ed933d96d79e
Package: firmware_fpge, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_fpge_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: eb72900ab32c1c50652888ff486cf370ac901dd7
 
Package: firmware_sm_1t3e3, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_sm_1t3e3_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 803005f15d8ea71ab088647e2766727ac2269871
 
Package: rpcontrol, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-mono-universalk9_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 980fd58fe581e9346c44417b451d1c09ebb640c2
 
Package: rpios-universalk9, version: dir1, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-mono-universalk9_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.23, by: mcpre
File SHA1 checksum: 27084f7e30a1d69d45a33e05d1b00345040799fb
Package: rpaccess, version: 2012-07-10_16.22_mcpre, status: active
File: bootflash:isr4400-universalk9.dir1/isr4400-mono-universalk9_164422SSA.pkg, on: RP0/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 0119802deda2da91c38473c47a998fb3ed423448
 
Package: firmware_attributes, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_attributes_164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 71614f2d9cbe7f96d3c6e99b67d514bd108c6c99
 
Package: firmware_dsp_sp2700, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_dsp_164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 8334565edf7843fe246783b1d5c6ed933d96d79e
 
Package: firmware_fpge, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_fpge-BLD-BLD_MCP_DEV_LATEST_
20120710_164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: eb72900ab32c1c50652888ff486cf370ac901dd7
 
Package: firmware_sm_1t3e3, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_sm_1t3e3-BLD-BLD_MCP_DEV_LATEST_
20120710_164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 803005f15d8ea71ab088647e2766727ac2269871
 
Package: rpcontrol, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-rpcontrol-BLD-BLD_MCP_DEV_LATEST_20120710_
164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 980fd58fe581e9346c44417b451d1c09ebb640c2
 
Package: rpios-universalk9, version: 2012-07-10_16.23_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-rpios-universalk9-BLD-BLD_MCP_DEV_LATEST_
20120710_164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.23, by: mcpre
File SHA1 checksum: 27084f7e30a1d69d45a33e05d1b00345040799fb
 
Package: rpaccess, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-rpaccess-BLD-BLD_MCP_DEV_LATEST_20120710_
164422SSA.pkg, on: RP0/1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 0119802deda2da91c38473c47a998fb3ed423448
 
Package: rpbase, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-rpbase-BLD-BLD_MCP_DEV_LATEST_20120710_
164422SSA.pkg, on: RP1
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 5e95c9cbc4eaf5a4a5a1ac846ee2d0f41d1a026b
 
Package: firmware_attributes, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_attributes-BLD-BLD_MCP_DEV_LATEST_
20120710_164422SSA.pkg, on: RP1/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 71614f2d9cbe7f96d3c6e99b67d514bd108c6c99
 
Package: firmware_dsp_sp2700, version: 2012-07-10_16.22_mcpre, status: n/a
File: bootflash:isr4400-universalk9.dir1/isr4400-firmware_dsp_sp2700-BLD-BLD_MCP_DEV_LATEST_
20120710_164422SSA.pkg, on: RP1/0
Built: 2012-07-10_16.22, by: mcpre
File SHA1 checksum: 8334565edf7843fe246783b1d5c6ed933d96d79e
 
Package: firmware_fpge, version: 2012-07-10_16.22_mcpre, status: n/a

Configuring No Service Password-Recovery

The Cisco IOS password recovery procedure allows you to to gain access, using the console, to the ROMMON mode by using the Break key during system startup and reload. When the router software is loaded from ROMMON mode, the configuration is updated with the new password. The password recovery procedure makes anyone with console access have the ability to access the router and its network.

The No Service Password-Recovery feature is designed to prevent the service password-recovery procedure from being used to gain access to the router and network.

Configuration Registers and System Boot Configuration

The lowest four bits of the configuration register (bits 3, 2, 1, and 0) form the boot field. The boot field determines if the router boots manually from ROM or automatically from flash or the network. For example, when the configuration register boot field value is set to any value from 0x2 to 0xF, the router uses the register boot field value to form a default boot filename for autobooting from a network server.

Bit 8, when set to 1, ignores the startup configuration. Bit 6, when set to 1, enables break key detection. You must set the configuration register to autoboot to enable this feature. Any other configuration register setting will prevent the feature from being enabled.


Note

By default, the no confirm prompt and messages are not displayed after reloads.

How to Enable No Service Password-Recovery

You can enable the No Service Password-Recovery in the following two ways:

  • Using the no service password-recovery command. This option allows password recovery once it is enabled.

  • Using the no service password-recovery strict command. This option does not allow for device recovery once it is enabled.


Note

As a precaution, a valid Cisco IOS image should reside in the bootflash: before this feature is enabled.

If you plan to enter the no service password-recovery command, Cisco recommends that you save a copy of the system configuration file in a location away from the router.

Befor you beging, ensure that this feature is disabled before making any change to the router regardless of the significance of the change—such as a configuration, module, software version, or ROMMON version change.

The configuration register boot bit must be enabled to load the startup configuration by setting bit-8 to 0, to ignore the break key in Cisco IOS XE by setting bit-6 to 0, and to auto boot a Cisco IOS XE image by setting the lowest four bits 3-0, to any value from 0x2 to 0xF. Changes to the configuration register are not saved after the No Service Password-Recovery feature is enabled.


Note

If Bit-8 is set to 1, the startup configuration is ignored. If Bit-6 is set to 1, break key detection is enabled in Cisco IOS XE. If both Bit-6 and Bit-8 are set to 0, the No Service Password-Recovery feature is enabled.

This example shows how to enable the No Service Password-Recovery feature:

Router> enable
Router# show version
Router# configure terminal
Router(config)# config-register 0x2012
Router(config)# no service password-recovery
Router(config)# exit

Recovering a Device with the No Service Password-Recovery Feature Enabled

To recover a device after the no service password-recovery feature is enabled using the no service password-recovery command, look out for the following message that appears during the boot: “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED.” As soon as “.. ” appears, press the Break key. You are then prompted to confirm the Break key action:

  • If you confirm the action, the startup configuration is erased and the router boots with the factory default configuration with the No Service Password-Recovery enabled.

  • If you do not confirm the Break key action, the router boots normally with the No Service Password-Recovery feature enabled.


Note

You cannot recover a device if the No Service Password-Recovery feature was enabled using the no service password-recovery strict command.

This example shows a Break key action being entered during boot up, followed by confirmation of the break key action. The startup configuration is erased and the device then boots with the factory default configuration with the No Service Password-Recovery feature enabled. 

Initializing Hardware...

System integrity status: 00000610

Rom image verified correctly

System Bootstrap, Version 15.3(3r)S, RELEASE SOFTWARE

Copyright (c) 1994-2013 by cisco Systems, Inc.

Current image running: Boot ROM1

Last reset cause: LocalSoft

Cisco ASR 1000 platform with 4194304 Kbytes of main memory

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

..

telnet> send brk

..

PASSWORD RECOVERY IS DISABLED.

Do you want to reset the router to the factory default 
configuration and proceed [y/n] ? y

Router clearing configuration. Please wait for ROMMON prompt...

File size is 0x17938a80

Located isr4400-universalk9.BLD_V153_3_S_XE310_THROTTLE_LATEST_20130623_234109.SSA.bin

Image size 395545216 inode num 26, bks cnt 96569 blk size 8*512

This example shows a Break key action being entered during boot up, followed by the non-confirmation of the break key action. The device then boots normally with the No Service Password-Recovery feature enabled. 

Initializing Hardware...

System integrity status: 00000610

Rom image verified correctly

System Bootstrap, Version 15.3(3r)S, RELEASE SOFTWARE

Copyright (c) 1994-2013 by cisco Systems, Inc.

Current image running: Boot ROM1

Last reset cause: LocalSoft

Cisco ASR 1000 platform with 4194304 Kbytes of main memory

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

..

telnet> send brk

...

PASSWORD RECOVERY IS DISABLED.

Do you want to reset the router to the factory default 
configuration and proceed [y/n] ? n

Router continuing with existing configuration...

File size is 0x17938a80

Located isr4400-universalk9.BLD_V153_3_S_XE310_THROTTLE_LATEST_20130623_234109.SSA.bin

Image size 395545216 inode num 26, bks cnt 96569 blk size 8*512

######################################################################## …

Configuration Examples for No Service Password-Recovery

The following example shows how to obtain the configuration register setting (which is set to autoboot), disable password recovery capability, and then verify that the configuration persists through a system reload: 

Router# show version

Cisco Internetwork Operating System Software

IOS (tm) 5300 Software (C7200-P-M), Version 12.3(8)YA, RELEASE SOFTWARE (fc1)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2004 by Cisco Systems, Inc.

Compiled Wed 05-Mar-04 10:16 by xxx

Image text-base: 0x60008954, data-base: 0x61964000

ROM: System Bootstrap, Version 12.3(8)YA, RELEASE SOFTWARE (fc1)

...

125440K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).

8192K bytes of Flash internal SIMM (Sector size 256K).

Configuration register is 0x2102

Router# configure terminal

Router(config)# no service password-recovery

WARNING:

Executing this command will disable the password recovery mechanism.

Do not execute this command without another plan for password recovery.

Are you sure you want to continue? [yes]: yes

...

Router(config)# exit

Router#

Router# reload

Proceed with reload? [confirm] yes

00:01:54: %SYS-5-RELOAD: Reload requested

System Bootstrap, Version 12.3...

Copyright (c) 1994-2004 by cisco Systems, Inc.

C7400 platform with 262144 Kbytes of main memory

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

...

The following example shows how to disable password recovery capability using the no service password-recovery strict command:

Router# configure terminal

Router(config)# no service password-recovery strict

WARNING:

Do not execute this command without another plan for password recovery.

Are you sure you want to continue? [yes]: yes

..