We are dealing with firmware for Cisco and how to roll back the hardware configurations.
#Types of Cisco Firmware
#IOS (Internetwork Operating System) it is a OS.
# -Cisco IOS — the standart OS for most routers and switches
# -Cisco IOS-XE — a modified version of IOS with support for virtualization and advanced features (e.g., ASR, Catalyst 9000).
# -Cisco NX-OS — for Nexus devices (e.g., Nexus 9000 series).
# -Cisco ASA Software — for security appliances, such as ASA Firewalls.
# -Cisco IOS-XR — for service-provider-grade devices, such as ASR 9000 routers.
#Naming Conventions and Structure of Firmware Names
#For example:
# c2900-universalk9-mz.SPA.152-4.M6.bin
# Decoding the Name:
# -c2900 — device family (e.g., Cisco 2900 Series routers)
# -universalk9 — feature set, including licensed features (e.g., IP Base, Security, Data)
# -mz — where the firmware is loaded:
# -mz — firmware is loaded into DRAM
# -lz — firmware is loaded into flash
# -SPA — encrypted image (typically includes cryptographic support)
# -152-4.M6 — version details:
# -15.2 — major IOS version
# -4 — minor release
# -M6 — Maintenance release 6
#Common Feature Sets:
# -IP Base — Basic features (e.g., routing, VLANs)
# -Security — Includes VPN, IPsec, and security features
# -Enterprise Services — Advanced features for enterprise networks
#Compatibility Check
#Before downloading firmware, ensure it:
# -Is compatible with your device
# -Matches your memory requirements (DRAM and Flash)
# -Supports your current licenses
#Commands:
copy tftp://<TFTP_IP>/c2900-universalk9-mz.SPA.152-4.M6.bin flash: #copy a FW to the device flash
# boot system flash:c2900-universalk9-mz.SPA.152-4.M6.bin #set the Firmware as the Boot Image
# reload
# show version #to check FW version
#Practical Tips
#Backup Your Configuration: Before upgrading, save the current configuration and firmware!
copy running-config startup-config
copy flash:current_ios_version.bin tftp:
#Test Boot the Firmware: If you're unsure about compatibility, you can test the firmware without changing the configuration:
boot flash:c2900-universalk9-mz.SPA.152-4.M6.bin
#Don’t Upgrade Unnecessarily: Sometimes, new firmware can introduce bugs or incompatibilities
#Use Recommended Versions: Cisco publishes Recommended Release Notes for stable and verified firmware versions
#Troubleshooting
#Insufficient Flash Memory: Delete unused or old files from the flash storage:
delete flash:<filename>
#Then clear the deleted space:
squeeze flash:
#Corrupted Firmware File: Verify the MD5 checksum of the firmware before uploading
#Device Fails to Boot After Upgrade: Use the ROMmon mode to recover:
rommon 1 > boot flash:<filename>
#Useful Commands
Check the current IOS version:
show version #List all files in flash:
dir flash:
show flash: #Check available flash memory:
show running-config | include boot #View current boot configuration:
#ROMmon (ROM Monitor) is a lightweight operating system on Cisco devices used for tasks like loading IOS
#recovering passwords, and troubleshooting hardware issues.
#It acts as a fallback environment when the primary IOS fails to load or for advanced recovery operations
#Key Functions of ROMmon
# -Booting Firmware (IOS Images): Load firmware from flash, TFTP, or USB.
boot flash:<filename>
# tftpdnld #Load via TFTP
#Changing Boot Configurations: Adjust the configuration register to determine boot behavior:
confreg 0x2142 #Skip the startup configuration (useful for password recovery):
confreg 0x2102 #
#Example:
#When a device is booting, break the booting process, press ctrl+c and you get into the ROMmon
confreg 0x2142
reset #Device will reboot
enable
copy startup-config running-config #to load startup config to running-config
enable secret <new password> #to set a new password
config-register 0x2102 #
copy running-config startup-config #to safe changes
reload
#Done.
#Diagnostics: Perform basic hardware diagnostics, though capabilities are limited.
Image Recovery: Recover or reinstall a corrupted or missing IOS image.
#Accessing ROMmon:
#Using Console:
# Reboot the device and press Ctrl + Break or Ctrl + C during boot.
# Automatic Entry: If no valid IOS image is found, the device enters ROMmon automatically.
#Useful Commands in ROMmon
dir flash: #Check flash contents:
#Set IP parameters for TFTP:
IP_ADDRESS=192.168.1.1
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=192.168.1.254
tftpdnld #Load an IOS image from TFTP:
confreg 0x2102 #Set configuration register:
#Configuration Rollback in Cisco Devices
#Save Archives Automatically:
Cisco devices can maintain a series of configuration snapshots (archives). These snapshots can be restored if needed
archive
path flash:config_archive #path specifies where to save the archives
maximum 10 #maximum sets the number of archives to retain
#Manually Save Snapshots:
#Save the current configuration to a file for later use:
copy running-config flash:backup-config
#Revert to a Previous Configuration:
#Replace the current configuration with an archived one:
configure replace flash:config_archive-1
This immediately applies the configuration from the specified archive
#Preview Changes Before Applying:
#Use the list option to see the differences between the current configuration and the archived one:
configure replace flash:config_archive-1 list
#Tips for Using Rollback Safely
#Test Before Committing:
#If unsure about changes, use the reload in command to schedule a device reload.
#This ensures the device reverts to the last saved configuration if connectivity is lost:
reload in 10 #reload the device
reload cancel #cancel reboot
#Combine Rollback with Version Control:
#If you manually manage backups, keep a versioned history of configuration files on a TFTP or FTP server for added flexibility.
#Leverage Configuration Locking:
#Cisco devices can lock configurations to prevent accidental overwrites during critical operations:
configure terminal lock