(Long geeky post alert. You probably don’t want to read this unless your Cisco is dead and you got here via google or something).
A number of years ago (May 2005, to be exact) Tanya’s Cisco 1600 (diginet leased-line router) went funny after a power outage. I pulled in a favour, got a friend of a friend who works with these things to look at it — but he couldn’t fix it.
After much googling* I learnt that there’s a “cookie” in Non-Volatile RAM (NVRAM) which very few people know about since it’s factory-set. If NVRAM is wiped, you have a problem. You need to connect to the Cisco using the right kind of cable, a terminal program, and 9600,N,8,1.
If your cookie is cleared, no problem. If it is corrupt, though, you will need to calculate the password to be able to change the corrupted bits.
System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) Copyright (c) 1994-1996 by cisco Systems, Inc. First location in NVRAM fails ... cannot size NVRAMWarning: monitor nvram area is corrupt ... using default valuesBad checksum on cookie structure, resorting to backup copyWarning: Cookie information is corrupt environment write to NVRAM failed C1600 processor with 2048 Kbytes of main memory(Here I hit Ctrl-Break)monitor: command "boot" aborted due to user interrupt rommon 1 > cookieBad checksum on cookie structure, resorting to backup copyWarning: Cookie information is corruptcookie: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00rommon 2 > priv Password: (This would be 0000 for the above cookie, otherwise you need to calculate it)Bad checksum on cookie structure, resorting to backup copyWarning: Cookie information is corrupt You now have access to the full set of monitor commands. Warning: some commands will allow you to destroy your configuration and/or system images and could render the machine unbootable.rommon 3 > cookie View/alter bytes of serial cookie by field -- Input hex byte(s) or: CR -> skip field; ? -> list values interfaces soc 0: 00Â Â Â (unknown) Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â > 01 vendor: 00Â Â Â (unknown) Â Â Â Â Â > 01 ethernet Hw address: 00 00 00 00 00 00 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â > d5 aa 96 de aa eb (Anybody recognise this?) processor: 00Â Â Â (PAN) Â Â Â Â Â Â Â Â > 09 Hw rework: 00 00 00 00 Â Â Â Â Â Â Â Â > 00 00 00 01 interfaces soc 1: 00Â Â Â (unknown) Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â > 02 unused 1: 00 00 Â Â Â Â Â Â Â > 00 00 BCD-packed 8-digit serial #: 00 00 00 00 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â > 00 0d 8c f3 unused 2: 00 00 00 00 00 00 00 00 00 Â Â Â Â Â Â Â > capabilities (future): 00 00 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â > cookie version #: 00 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â > 01
Now, you should be able to
rommon 4 > sync rommon 5 > boot program load complete, entry point: 0x4018060, size: 0x1da950
But instead what happened was
rommon 4 > sync environment write to NVRAM failed
So I pulled the cover, found the 28HC64 8k x 8 CMOS EEPROM, bought a new EEPROM and a socket from Communica, performed the appropriate transplant, and all is now well.
Now here’s where a bit of black magic slips in. I had to do this the previous time, and after much struggling I found that I also had to do it this time. And I have no idea where this information comes from, but it’s in my notes from 2005.
The first time the router boots up, go
> enable # configure terminal (config)# config-register 0x2142 (config)# end # write # reload
And then repeat with the original 0x2102 value. Then proceed to configure the router. I didn’t do this, and all was well, except that the configuration interface would not accept “ip route” commands, and of course the router wouldn’t. Route, that is.
There. Now you know as much as I do. Ask if you need to know how to actually configure the router.
* Actually, “googling” is rather generic since I found this page via altavista, not google.