ROM Monitor
This appendix describes the Cisco Catalyst 4500 switch ROM monitor (also called the bootloader program). The ROM monitor firmware runs when the switch is powered up or reset. The firmware helps to initialize the hardware and boot the operating system software. Use the ROM monitor to perform certain configuration tasks, such as recovering a lost password, booting an IOS image on the on-board flash/removeable storage media/management port, and upgrading the Rommon image itself. If there is no Cisco IOS software image loaded on the switch, the ROM monitor runs the switch.
This appendix contains the following sections:
•Entering the ROM Monitor
•ROM Monitor Commands
•Command Descriptions
•Configuration Register
•Exiting the ROM Monitor
•Digital Signing
Note For complete syntax and usage information for the switch commands used in this chapter, refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
Entering the ROM Monitor
To use the ROM monitor, you must be using a terminal or PC that is connected to the switch over the console port. Refer to the installation chapter in the Cisco Catalyst 4500 Switch Hardware Installation Guide that came with the switch to connect the router to a PC or terminal..
Perform these steps to configure the switch to boot up in ROM monitor mode the next time it is rebooted.
|
|
|
Step 1 |
|
Enters privileged EXEC mode. |
Step 2 |
|
Enters global configuration mode. |
Step 3 |
|
Resets the configuration register. |
Step 4 |
|
Exits global configuration mode. |
Step 5 |
|
Reboots the switch with the new configuration register value. The router remains in ROM monitor and does not boot the Cisco IOS software. As long as the configuration value is 0x0, you must manually boot the operating system from the console. See the boot command in the "Command Descriptions" section in this appendix. After the switch reboots, it is in ROM monitor mode. The number in the prompt increments with each new line. |
ROM Monitor Commands
Enter ? or help at the ROM monitor prompt to display a list of available commands and options, as follows (commands are case sensitive):
alias set and display aliases command
boot boot up an external process
clear clear configurations, use 'clear help' for more info
confreg configuration register utility
dev list the device table with physical device information
dir list filesystem information
gdb break into GDB debugger
help monitor builtin command help
history monitor command history
macstats print management port MAC statistics counters
meminfo main memory information
ping ping utility to determine network connectivity
repeat repeat a monitor command
set show/set environment vars, use 'set help' for more info
sprom serial eprom operations
unset unset a monitor variable
version display Rom Monitor version information
Command Descriptions
Table 56-1 describes the most commonly used ROM monitor commands.
Table 56-1 Most Commonly Used ROM Monitor Commands
|
|
|
Resets and initializes the router, similar to a power up. |
|
Lists boot device identifications on the switch; for example:
Logical Physical Partition Status Begin Size Drive
Number Number Number sector in Kb Name
------- -------- --------- ------ -------- -------- --------
1 0 1 1 81f0 824832 flash1:
2 0 2 1 19afa0 16384 flash2:
3 0 3 1 1a3190 142336 flash3:
|
|
Lists the files on the named device; flash, for example:
rommon 1 > dir bootflash:
Date Time Attribute Size Name
========== ===== ========== ========== ================
2010/04/14 18:15 lrwxrwxrwx 12 USER -> /flash1/USER
2010/04/16 17:54 drwxrwxrwx 4096 .rollback_timer
2010/04/14 18:16 drwxrwxrwx 4096 .compatibility
2010/04/15 17:54 -rw-rw-rw- 129168608 test.bin
|
|
For more information about the ROM monitor boot commands, refer to the Cisco IOS Configuration Guide and the Cisco IOS Command Reference. |
|
Boots the first image in Flash memory. |
Configuration Register
The virtual configuration register is in nonvolatile RAM (NVRAM) and has the same functionality as other Cisco switches/routers. You can view or modify the virtual configuration register from either the ROM monitor or the operating system software. Within ROM monitor, you can change the configuration register by allowing the ROM monitor to prompt you for the setting of each bit.
Entering the confreg command without an argument displays the contents of the virtual configuration register and a prompt to alter the contents by describing the meaning of each bit. The new virtual configuration register value is written into NVRAM but does not take effect until you reset or reboot the switch.
The configuration register can be used to control the following things:
•Baud rate of the console part
•Autoboot settings
•Ignore IOS system configuration (useful for password recovery)
•Enabling/disabling the "break" character sequence (ie. Ctrl-C)
•Enabling/disabling of diagnostics mode
•Various other network connectivity settings
The following display shows an example of entering the confreg command:
=> autoboot from: autoboot disabled
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
enable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]: y
0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600 [0]: 5
change the boot characteristics? y/n [n]: y
1 = the first file from internal flash device
2 = commands specified in 'BOOT' environment variable
=> autoboot from: commands specified in 'BOOT' environment variable
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
Debug Commands
The following ROM monitor commands can be useful during debugging:
•meminfo-displays the size main memory and the size of NVRAM; for example:
Main memory size: 2048 MB.
•ping—verifies network connectivity of the management interface port, as follows:
rommon 3 > ping 172.25.60.31
Host 172.25.60.31 is alive
•sprom—displays the contensts of various EEPROMs on the switch; as follows:
sprom read linecard <modnum> [submodule]
sprom read muxbuffer <modnum>
sprom read powersupply <1..2>
•version—displays the version of the ROM monitor on the switch, as follows:
Rom Monitor Program Version 15.0(1r)XO(SG1)
Compiled Sat 10-Apr-10 00:59 by BLD-k10_rommon.15.0_1r_SG1
Supervisor: WS-X45-SUP7-E Chassis: WS-C4507R-E
CPU Rev: 1.1, Board Rev: 8, Board Type: 101
CPLD Moka Rev: 7.0x2643.0x5956 Installed memory: 2048 MBytes
Exiting the ROM Monitor
You must configure the boot characteristics of the configuration register to boot a Cisco IOS image from flash memory upon startup or reloading. You can either boot the first file from internal flash memory or form an image specified in the 'BOOT' IOS environment variable (which is set when you enter the IOS boot system filename command).
The following example shows how to modify the configuration register and cause the switch to boot the first Cisco IOS image stored in flash memory:
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: n
enable "use net in IP bcast address"? y/n [n]:
enable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
enable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]:
change the boot characteristics? y/n [n]: y
1 = the first file from internal flash device
2 = commands specified in 'BOOT' environment variable
=> autoboot from: the first file from internal flash device
do you wish to save this configuration? y/n [n]: y
You must reset or power cycle for new configuration to take effect
You must reset or power cycle for new config to take effect
Then, the switch boots the first Cisco IOS image in Flash memory.
Digital Signing
All bootable images (Rommon, Rommon upgrade utilities, IOS, offline diags, etc) are cryptographically signed to guard against tampering as per the FIPS 140-3 standard. When an image is booted, this signature is inspected. If the signature is valid, the image is allowed to boot. Otherwise, a suitable error message is displayed and the image is not allowed to boot. The most common reason for signatures to fail verification is due to image corruption caused by FTP'ing an image in ASCII mode or e-mailing the image (some e-mail clients have been known to alter the contents of binary files). Other reasons include a corrupted image and an image that has intentionally been tampered with or counterfeited.
An example of booting an image with a successful signature verification looks like this:
rommon 2 > boot bootflash:cat4500e-universalk9.SSA.03.00.00.1.63.150.1.XO.bin
Checking digital signature
bootflash:/cat4500e-universal.SSA.03.00.00.1.63.150.1.XO.bin: Digitally Signed Release
Software with key version A
An example of booting an image with a failed signature verification looks like this:
rommon 2 > boot bootflash:cat4500e-universalk9.SSA.03.00.00.1.63.150.1.XO.bin
Checking digital signature
Verification FAILED for image
bootflash:/cat4500e-universal.SSA.03.00.00.1.63.150.1.XO.bin, REASON: [reason string]
For more detailed information on Digital Signing, refer to the following URLs:
Configuration Fundamentals Configuration Guide, Cisco IOS XE Release 3S
http://www.cisco.com/en/US/docs/ios/ios_xe/fundamentals/configuration/guide/xe_3s/cf_xe_3s_book.html
Cisco IOS Configuration Fundamentals Command Reference
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_book.html