- Index file
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring Supervisor Engine Redundancy Using RPR and SSO
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- netasist
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring STP and MST
- Configuring Optional STP Features
- Configuring EtherChannel
- Configuring CDP
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring LLDP, and LLDP-MED
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Flexible NetFlow
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring 802.1X Port-Based Authentication
- Configuring Web-based Authentication
- Configuring Port Security
- Configuring Control Plane Policing
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Dynamic ARP Inspection
- Configuring Network Security with ACLs
- Support for IPv6
- Port Unicast and Multicast Flood Blocking
- Configuring CFM
- Configuring Y.1731 (AIS and BDI)
- Configuring Cisco IOS IP SLAs Operations
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring System Message Logging
- Configuring OBFL
- Configuring SNMP
- Configuring RMON
- Configuring Call Home
- Performing Diagnostics
- ROM Monitor
- Configuring MIB Support
- Acronyms
ROM Monitor
This appendix describes the Cisco Catalyst 4500 switch ROM monitor (also called the bootloader program). The ROM monitor firmware runs when the switch is powered up or reset. The firmware helps to initialize the hardware and boot the operating system software. Use the ROM monitor to perform certain configuration tasks, such as recovering a lost password, booting an IOS image on the on-board flash/removeable storage media/management port, and upgrading the Rommon image itself. If there is no Cisco IOS software image loaded on the switch, the ROM monitor runs the switch.
This appendix contains the following sections:
Note 
For complete syntax and usage information for the switch commands used in this chapter, refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
Entering the ROM Monitor
To use the ROM monitor, you must be using a terminal or PC that is connected to the switch over the console port. Refer to the installation chapter in the Cisco Catalyst 4500 Switch Hardware Installation Guide that came with the switch to connect the router to a PC or terminal..
Perform these steps to configure the switch to boot up in ROM monitor mode the next time it is rebooted.
|
|
|
|
|---|---|---|
Step 1 |
enable |
Enters privileged EXEC mode. |
Step 2 |
configure terminal |
Enters global configuration mode. |
Step 3 |
config-reg 0x0 |
Resets the configuration register. |
Step 4 |
exit |
Exits global configuration mode. |
Step 5 |
reload |
Reboots the switch with the new configuration register value. The router remains in ROM monitor and does not boot the Cisco IOS software. As long as the configuration value is 0x0, you must manually boot the operating system from the console. See the boot command in the "Command Descriptions" section in this appendix. After the switch reboots, it is in ROM monitor mode. The number in the prompt increments with each new line. |
ROM Monitor Commands
Enter ? or help at the ROM monitor prompt to display a list of available commands and options, as follows (commands are case sensitive):
rommon 1 >?
alias set and display aliases command
boot boot up an external process
clear clear configurations, use 'clear help' for more info
confreg configuration register utility
dev list the device table with physical device information
dir list filesystem information
gdb break into GDB debugger
help monitor builtin command help
history monitor command history
macstats print management port MAC statistics counters
meminfo main memory information
ping ping utility to determine network connectivity
repeat repeat a monitor command
reset system reset
set show/set environment vars, use 'set help' for more info
sprom serial eprom operations
unalias unset an alias
unset unset a monitor variable
version display Rom Monitor version information
rommon 2 >
Command Descriptions
Table 56-1 describes the most commonly used ROM monitor commands.
Configuration Register
The virtual configuration register is in nonvolatile RAM (NVRAM) and has the same functionality as other Cisco switches/routers. You can view or modify the virtual configuration register from either the ROM monitor or the operating system software. Within ROM monitor, you can change the configuration register by allowing the ROM monitor to prompt you for the setting of each bit.
Entering the confreg command without an argument displays the contents of the virtual configuration register and a prompt to alter the contents by describing the meaning of each bit. The new virtual configuration register value is written into NVRAM but does not take effect until you reset or reboot the switch.
The configuration register can be used to control the following things:
•Baud rate of the console part
•Autoboot settings
•Ignore IOS system configuration (useful for password recovery)
•Enabling/disabling the "break" character sequence (ie. Ctrl-C)
•Enabling/disabling of diagnostics mode
•Various other network connectivity settings
The following display shows an example of entering the confreg command:
rommon 1 > confreg
Configuration Summary :
=> console baud: 9600
=> autoboot from: autoboot disabled
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
enable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]: y
enter rate:
0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600 [0]: 5
change the boot characteristics? y/n [n]: y
enter to boot:
0 = disable autoboot
1 = the first file from internal flash device
2 = commands specified in 'BOOT' environment variable
[0]: 2
Configuration Summary :
=> console baud: 38400
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
rommon 2 >
Debug Commands
The following ROM monitor commands can be useful during debugging:
•meminfo-displays the size main memory and the size of NVRAM; for example:
rommon 1 > meminfo
Main memory size: 2048 MB.
NVRAM size: 512KB
rommon 2 >
•ping—verifies network connectivity of the management interface port, as follows:
rommon 3 > ping 172.25.60.31
Host 172.25.60.31 is alive
rommon 4 >
•sprom—displays the contensts of various EEPROMs on the switch; as follows:
rommon 5 > sprom ?
Usage:sprom read sup
sprom read linecard <modnum> [submodule]
sprom read chassis
sprom read clock
sprom read fan
sprom read muxbuffer <modnum>
sprom read powersupply <1..2>
(modnum = 1..5)
rommon 6 >
•version—displays the version of the ROM monitor on the switch, as follows:
rommon 7 > version
Rom Monitor Program Version 15.0(1r)XO(SG1)
Compiled Sat 10-Apr-10 00:59 by BLD-k10_rommon.15.0_1r_SG1
Supervisor: WS-X45-SUP7-E Chassis: WS-C4507R-E
CPU Rev: 1.1, Board Rev: 8, Board Type: 101
CPLD Moka Rev: 7.0x2643.0x5956 Installed memory: 2048 MBytes
rommon 8 >
Exiting the ROM Monitor
You must configure the boot characteristics of the configuration register to boot a Cisco IOS image from flash memory upon startup or reloading. You can either boot the first file from internal flash memory or form an image specified in the 'BOOT' IOS environment variable (which is set when you enter the IOS boot system filename command).
The following example shows how to modify the configuration register and cause the switch to boot the first Cisco IOS image stored in flash memory:
rommon 1 > confreg
Configuration Summary :
=> console baud: 9600
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]:
enable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]: y
enter to boot:
0 = disable autoboot
1 = the first file from internal flash device
2 = commands specified in 'BOOT' environment variable
[0]: 1
Configuration Summary :
=> console baud: 9600
=> autoboot from: the first file from internal flash device
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
rommon 7 >
You must reset or power cycle for new config to take effect
rommon 2 >reset
Then, the switch boots the first Cisco IOS image in Flash memory.
Digital Signing
All bootable images (Rommon, Rommon upgrade utilities, IOS, offline diags, etc) are cryptographically signed to guard against tampering as per the FIPS 140-3 standard. When an image is booted, this signature is inspected. If the signature is valid, the image is allowed to boot. Otherwise, a suitable error message is displayed and the image is not allowed to boot. The most common reason for signatures to fail verification is due to image corruption caused by FTP'ing an image in ASCII mode or e-mailing the image (some e-mail clients have been known to alter the contents of binary files). Other reasons include a corrupted image and an image that has intentionally been tampered with or counterfeited.
An example of booting an image with a successful signature verification looks like this:
rommon 2 > boot bootflash:cat4500e-universalk9.SSA.03.00.00.1.63.150.1.XO.bin
loading image
Checking digital signature
bootflash:/cat4500e-universal.SSA.03.00.00.1.63.150.1.XO.bin: Digitally Signed Release Software with key version A
An example of booting an image with a failed signature verification looks like this:
rommon 2 > boot bootflash:cat4500e-universalk9.SSA.03.00.00.1.63.150.1.XO.bin
loading image
Checking digital signature
Verification FAILED for image bootflash:/cat4500e-universal.SSA.03.00.00.1.63.150.1.XO.bin, REASON: [reason string]
For more detailed information on Digital Signing, refer to the following URLs:
Configuration Fundamentals Configuration Guide, Cisco IOS XE Release 3S
http://www.cisco.com/en/US/docs/ios/ios_xe/fundamentals/configuration/guide/xe_3s/cf_xe_3s_book.html
Cisco IOS Configuration Fundamentals Command Reference
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_book.html
Feedback