A colleague made me aware of a potentially serious problem on Cisco 1921 and other ISR G2 routers. According to Field Note 63355, these devices shipped with a buggy version of ROMMON, the software that controls the boot process of Cisco routers. Here’s how Cisco describe the problem:
Routers with ROMMON version 15.0(1r)M1 fail to respond to the break sequence command received from a device connected to the console port. This failure prevents normal password recovery of the device.
If you have a 1941 you can simply pull the CF card to enter into ROMON. But what about it you have a 1921 and need to perform password recovery? the Cisco 1921 doesn’t have a CF card, and according to Cisco has no user-replaceable flash. You’re essentially forever locked out of your device.
Thankfully, there’s a workaround. If you pop open the cover of a Cisco 1921, using a Torx 10 screwdriver, you’ll see a small daugher-board. This small daughter-board, secured with a single screw, is the flash on the 1921. Remove the single screw and carefully lift out the board.
Turn on your router with a serial-cable connected and you’ll enter ROMMON where you can perform the usual reset procedure (confreq). Entering ROMMON should look like the following:
System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2011 by cisco Systems, Inc. Total memory size = 512 MB Field Upgradeable ROMMON Integrity test _______________________________________ ROM: Digitally Signed Release Software CISCO1921/K9 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized rommon 1 > confreg 0x2142 rommon 2 > reset
Once you’ve reset the device you can reseat and secure the flash, then put the case back on.
Found your page after searching on how to open the cover of the 1921, since Cisco states that there’s no need to open the cover there’s little information available. My unit had a bit stubborn cover, found out you’ll have to slide the cover and then it can be lifted. Cheers!
I tried removing the board, but it gets stuck in a ROMMON boot loop. Please help
I have a 2511 that I cannot access rommon mode; the break sequence does not work. Any suggestions?
Thank you sir- worked like a champ, thought this thing was gonna have to be trashed because no one had the password.
Thank you men this saves my night, to open the cover is only a slide from back to forth
Mine just loops. I don’t know what to do. I can’t get into ROMMON.
System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
Total memory size = 512 MB
CISCO1921/K9 platform with 524288 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC disabled
Readonly ROMMON initialized
PASSWORD RECOVERY FUNCTIONALITY IS DISABLED
open(): Open Error = -1
usbflash0: not present
Hi, didn’t work for me 🙁
Shows me the message “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED” and don’t let me do break signal.
Any ideoa? Thanks!
I’m a bit late with the answer, but let it loop for a bit.
Eventually the bootloader will give up and go straight into ROMMON.
OP: Thanks so much for your help! I was wondering why I was unable to send a break sequence
That worked perfectly!!! Thank you…