{"id":807,"date":"2024-12-10T02:22:54","date_gmt":"2024-12-09T23:22:54","guid":{"rendered":"https:\/\/itgen.itbumper.com\/?page_id=807"},"modified":"2024-12-14T02:14:26","modified_gmt":"2024-12-13T23:14:26","slug":"0028_cisco-firmware__rollback","status":"publish","type":"page","link":"https:\/\/itgen.itbumper.com\/?page_id=807","title":{"rendered":"0028_Cisco: Firmware_&amp;_Rollback_Password_reset"},"content":{"rendered":"<p style=\"text-align: justify;\">We are <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"0:11\">dealing<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"12:1\">with<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"14:10\">firmware<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"25:3\">for<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"29:5\">Cisco<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"35:1\">and<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"37:3\">how<\/span> to <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"41:10\">roll<\/span> back the <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"65:12\">hardware<\/span> <span class=\"EzKURWReUAB5oZgtQNkl\" data-src-align=\"52:12\">configurations.<\/span><\/p>\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n#Types of Cisco Firmware\n\n#IOS (Internetwork Operating System) it is a OS.\n#\t-Cisco IOS \u2014 the standart OS for most routers and switches\n#\t-Cisco IOS-XE \u2014 a modified version of IOS with support for virtualization and advanced features (e.g., ASR, Catalyst 9000).\n#\t-Cisco NX-OS \u2014 for Nexus devices (e.g., Nexus 9000 series).\n#\t-Cisco ASA Software \u2014 for security appliances, such as ASA Firewalls.\n#\t-Cisco IOS-XR \u2014 for service-provider-grade devices, such as ASR 9000 routers.\n\n#Naming Conventions and Structure of Firmware Names\n#For example:\n#\tc2900-universalk9-mz.SPA.152-4.M6.bin\n#\tDecoding the Name:\n#\t\t-c2900 \u2014 device family (e.g., Cisco 2900 Series routers)\n#\t\t-universalk9 \u2014 feature set, including licensed features (e.g., IP Base, Security, Data)\n#\t\t-mz \u2014 where the firmware is loaded:\n#\t\t\t-mz \u2014 firmware is loaded into DRAM\n#\t\t\t-lz \u2014 firmware is loaded into flash\n#\t\t-SPA \u2014 encrypted image (typically includes cryptographic support)\n#\t\t-152-4.M6 \u2014 version details:\n#\t\t\t-15.2 \u2014 major IOS version\n#\t\t\t-4 \u2014 minor release\n#\t\t\t-M6 \u2014 Maintenance release 6\n\n#Common Feature Sets:\n#\t-IP Base \u2014 Basic features (e.g., routing, VLANs)\n#\t-Security \u2014 Includes VPN, IPsec, and security features\n#\t-Enterprise Services \u2014 Advanced features for enterprise networks\n\n\n#Compatibility Check\n\n#Before downloading firmware, ensure it:\n#\t-Is compatible with your device\n#\t-Matches your memory requirements (DRAM and Flash)\n#\t-Supports your current licenses\n\n#Commands:\n\tcopy tftp:\/\/&lt;TFTP_IP&gt;\/c2900-universalk9-mz.SPA.152-4.M6.bin flash:\t\t#copy a FW to the device flash\n#\t\tboot system flash:c2900-universalk9-mz.SPA.152-4.M6.bin\t\t\t\t#set the Firmware as the Boot Image\n#\treload\n#\tshow version\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#to check FW version\n\t\n#Practical Tips\n#Backup Your Configuration: Before upgrading, save the current configuration and firmware!\n\tcopy running-config startup-config\n\tcopy flash:current_ios_version.bin tftp:\n#Test Boot the Firmware: If you're unsure about compatibility, you can test the firmware without changing the configuration:\n\t\tboot flash:c2900-universalk9-mz.SPA.152-4.M6.bin\n#Don\u2019t Upgrade Unnecessarily: Sometimes, new firmware can introduce bugs or incompatibilities\n#Use Recommended Versions: Cisco publishes Recommended Release Notes for stable and verified firmware versions\n\n#Troubleshooting\n#Insufficient Flash Memory: Delete unused or old files from the flash storage:\n\tdelete flash:&lt;filename&gt;\n\n#Then clear the deleted space:\n\tsqueeze flash:\n#Corrupted Firmware File: Verify the MD5 checksum of the firmware before uploading\n#Device Fails to Boot After Upgrade: Use the ROMmon mode to recover:\n\trommon 1 &gt; boot flash:&lt;filename&gt;\n\t\n#Useful Commands\nCheck the current IOS version:\n\tshow version\t\t\t\t\t\t#List all files in flash:\n\tdir flash:\t\t\t\t\t\t\t\t\n\tshow flash:\t\t\t\t\t\t\t#Check available flash memory:\n\tshow running-config | include boot\t#View current boot configuration:\n\n\n\n#ROMmon (ROM Monitor) is a lightweight operating system on Cisco devices used for tasks like loading IOS\n#recovering passwords, and troubleshooting hardware issues. \n#It acts as a fallback environment when the primary IOS fails to load or for advanced recovery operations\n#Key Functions of ROMmon\n#\t-Booting Firmware (IOS Images): Load firmware from flash, TFTP, or USB.\n\tboot flash:&lt;filename&gt;\n#\ttftpdnld \t\t\t#Load via TFTP\n\n#Changing Boot Configurations: Adjust the configuration register to determine boot behavior:\n\tconfreg 0x2142\t\t#Skip the startup configuration (useful for password recovery):\n\tconfreg 0x2102\t\t#\n\t\n#Example:\n#When a device is booting, break the booting process, press ctrl+c and you get into the ROMmon\n\tconfreg 0x2142\n\treset\t\t\t\t#Device will reboot\n\nenable\n\tcopy startup-config running-config\t#to load startup config to running-config\n\t\tenable secret &lt;new password&gt;\t#to set a new password\n\tconfig-register 0x2102\t\t\t\t#\n\t\n\tcopy running-config startup-config\t#to safe changes\n\treload\n\t\n#Done.\n\t\t\n#Diagnostics: Perform basic hardware diagnostics, though capabilities are limited.\nImage Recovery: Recover or reinstall a corrupted or missing IOS image.\n\n#Accessing ROMmon:\n#Using Console:\n#\tReboot the device and press Ctrl + Break or Ctrl + C during boot.\n#\tAutomatic Entry: If no valid IOS image is found, the device enters ROMmon automatically.\n\n#Useful Commands in ROMmon\n\tdir flash:\t\t#Check flash contents:\n\t#Set IP parameters for TFTP:\n\tIP_ADDRESS=192.168.1.1\n\tIP_SUBNET_MASK=255.255.255.0\n\tDEFAULT_GATEWAY=192.168.1.254\t\n\t\n\ttftpdnld\t\t#Load an IOS image from TFTP:\n\tconfreg 0x2102\t#Set configuration register:\n\n#Configuration Rollback in Cisco Devices\n#Save Archives Automatically:\nCisco devices can maintain a series of configuration snapshots (archives). These snapshots can be restored if needed\n\tarchive\n\t\tpath flash:config_archive\t\t\t#path specifies where to save the archives\n\t\tmaximum 10\t\t\t\t\t\t\t#maximum sets the number of archives to retain\n#Manually Save Snapshots:\n#Save the current configuration to a file for later use:\n\tcopy running-config flash:backup-config\n#Revert to a Previous Configuration:\n#Replace the current configuration with an archived one:\n\tconfigure replace flash:config_archive-1\nThis immediately applies the configuration from the specified archive\n#Preview Changes Before Applying:\n#Use the list option to see the differences between the current configuration and the archived one:\n\tconfigure replace flash:config_archive-1 list\n\t\n#Tips for Using Rollback Safely\n#Test Before Committing:\n#If unsure about changes, use the reload in command to schedule a device reload. \n#This ensures the device reverts to the last saved configuration if connectivity is lost:\n\n\treload in 10\t\t\t#reload the device\n\treload cancel\t\t\t#cancel reboot\n\n#Combine Rollback with Version Control:\n#If you manually manage backups, keep a versioned history of configuration files on a TFTP or FTP server for added flexibility.\n#Leverage Configuration Locking:\n#Cisco devices can lock configurations to prevent accidental overwrites during critical operations:\n\tconfigure terminal lock\n\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>We are dealing with firmware for Cisco and how to roll back the hardware configurations.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[],"tags":[],"_links":{"self":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/807"}],"collection":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=807"}],"version-history":[{"count":2,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/807\/revisions"}],"predecessor-version":[{"id":816,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/807\/revisions\/816"}],"wp:attachment":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}