A colleague made me aware of a potentially serious problem on Cisco 1921 and other ISR G2 routers. According to Field Note 63355, these devices shipped with a buggy version of ROMMON, the software that controls the boot process of Cisco routers. Here’s how Cisco describe the problem:
Routers with ROMMON version 15.0(1r)M1 fail to respond to the break sequence command received from a device connected to the console port. This failure prevents normal password recovery of the device.
If you have a 1941 you can simply pull the CF card to enter into ROMON. But what about it you have a 1921 and need to perform password recovery? the Cisco 1921 doesn’t have a CF card, and according to Cisco has no user-replaceable flash. You’re essentially forever locked out of your device.
Thankfully, there’s a workaround. If you pop open the cover of a Cisco 1921, using a Torx 10 screwdriver, you’ll see a small daugher-board. This small daughter-board, secured with a single screw, is the flash on the 1921. Remove the single screw and carefully lift out the board.
Turn on your router with a serial-cable connected and you’ll enter ROMMON where you can perform the usual reset procedure (confreq). Entering ROMMON should look like the following:
System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2011 by cisco Systems, Inc. Total memory size = 512 MB Field Upgradeable ROMMON Integrity test _______________________________________ ROM: Digitally Signed Release Software CISCO1921/K9 platform with 524288 Kbytes of main memory Main memory is configured to 64 bit mode with ECC disabled Upgrade ROMMON initialized rommon 1 > confreg 0x2142 rommon 2 > reset
Once you’ve reset the device you can reseat and secure the flash, then put the case back on.