Rommon Recovery

Rommon mode is the most basic capacity a router can function in. When a router boots into rommon mode it either means that it has no IOS image to boot from or that you have interrupted the router boot process with an interrupt key stroke. The key strokes on Windows are usually holding down the control and break keys (break can sometimes require a function key to be held down also).

Password Recovery

If you lose your router passwords then the only way to get back into enable mode is to reboot the router and quickly press the break key sequence. The router should then boot into rommon mode. To recover the router all you need to do is reset the configuration register to boot and skip the start up configuration. Once the router boots you issue a ‘copy start run’ command. You then write new passwords and or wipe the current passwords which you will not be able to see if they are encrypted.

Router#copy start run
Destination filename [running-config]?
333 bytes copied in 0.612 secs (544 bytes/sec)

Spoke1Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Spoke1Router(config)#no enable secret

This will wipe the current enable secret password off. You must then issue a copy run start in order to save your new password. If you have other passwords on the router then you need to either remove them or replace them.

When in rommon mode you will usually have two options for changing the config register depending upon the model of router you are using:

On the 2600 and other models hit the ? and press enter to see your options. If you see ‘confreg’ as one then you can change the configuration register easily by setting it to 0x2142 which tells the router to boot and ignore the start up configuration. Make sure you set it back to 0x2102 when you gain full access.

rommon 3 > confreg 0x2142

You can then type reset or reboot the router.
Other models such as the 2500 won’t accept this command and you need to type a different command.
>o/r 0x2142
Rommon Recovery

We associate rommon recovery with a damaged or missing IOS image on a router. Sometimes a router can be in rommon mode and yet still have an image available (see below). The issue comes in the fact that we rarely perform rommon recoveries and so the procedure can seem strange and that different models of router require different recovery procedures.

You may also have to break into rommon mode to perform a password recovery (see above).

If you find yourself in rommon mode then you can issue a dir flash: command to see if there is an image available. If there is then you may be able to boot from that image:

rommon 1 > dir flash:
File size           Checksum   File name
4754752 bytes (0x488d40)   0x4465    c1700-sy-mz.122-13a.bin
rommon 2 > boot flash: c1700-sy-mz.122-13a.bin
program load complete, entry point: 0x80008000, size: 0x488c4c
Self decompressing the image : ##################

Bear in mind that you may have to enter different commands on different models of router. You can easily find the procecdures for your model on Google by typing ‘Cisco password recovery [model number].’

If you have no image to boot from then you will have to use a recovery procedure known as x modem which requires the image to be sent down the console cable. This could take several hours so I recommend:

1. Loading a small image onto the router to recover it and then tftp the larger image.

2. Setting the baud rate as high as possible for the console session. See the below video.

Rommon recovery for all Cisco routers.

Xmodem recovery procedures.