A colleague made me aware of a potentially serious problem on Cisco 1921 and other ISR G2 routers. According to Field Note 63355, these devices shipped with a buggy version of ROMMON (the software that controls the boot process of Cisco IOS devices). Here’s how Cisco describe the problem:

Routers with ROMMON version 15.0(1r)M1 fail to respond to the break sequence command received from a device connected to the console port. This failure prevents normal password recovery of the device.

If you have a device that uses CompactFlash, like the 1941, you can simply pull the CF card to enter into ROMON. But what about if you have a 1921 and need to perform password recovery? The Cisco 1921 doesn’t have a CF card and according to Cisco has no user-replaceable flash.

Thankfully, there’s a (likely unsupported) workaround on the 1921:

  1. Slide the cover off the Cisco 1921 (You may need a Torx T10 screwdriver to get in via screws on either side)
  2. You’ll see a small daughter-board, secured with a single screw. This is the flash storage. Remove the screw and carefully lift out the board
  3. Turn on the device
  4. Using a serial-cable and terminal emulator (e.g. PuTTY), let the device boot (you may need to wait a while). Eventually it’ll enter ROMMON
  5. Perform the usual reset procedure (confreg):
    System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 2011 by cisco Systems, Inc.
    
    Total memory size = 512 MB
    Field Upgradeable ROMMON Integrity test
    _______________________________________
    ROM: Digitally Signed Release Software
    CISCO1921/K9 platform with 524288 Kbytes of main memory
    Main memory is configured to 64 bit mode with ECC disabled
    
    
    Upgrade ROMMON initialized
    rommon 1 > confreg 0x2142
    rommon 2 &gt; reset</pre>
    
  6. Once reset, you can reseat and secure the flash and put the case back on.