在升级IOS或某些情况下,ASA和router也可能被“刷成砖”,只能通过监控模式恢复IOS

ASA的配置:

0、恢复前的准备工作: 
a. 用一条完好的交叉线,一头接上ASA的一个管理接口,另一头接计算机的网卡接口。
b. 用console线接好ASA的console口和com口,启用超级终端。
c. 启用tftp服务器,并将相应IOS放到正确路径下,然后最小化TFTP服务器界面,不能关掉。
d. 接着在“超级终端”输入下面代码完成IOS恢复。

1、进入监控模式
在设备启动时会有提示按某个键进入监控模式。如下:

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
按“ESC”键进入监控模式。
rommon #1>
 
2、设置ASA
升级IOS需要对ASA进行一些简单的设置,如设置设备的地址、设置tftp服务器的地址、设置IOS软件的文件名、sync保存、用ping命令测试与tftpserver的连通性、最后执行命令tftpdnld,软件开始装入。
注意:在监控模式下我们需要将电脑和ASA5510的管理接口相连,IP地址也是为管理接口设置的。

rommon #2> ADDRESS=192.168.1.1(ASA地址)

rommon #3> GATEWAY=192.168.1.2(默认网关,设置为本机地址即可)

rommon #4> IMAGE=asa821-k8.bin(指定IOS文件名)

rommon #5> SERVER=192.168.1.2(TFTP SERVER 地址,即本机地址)

rommon #6>

rommon #6> sync

Updating NVRAM Parameters…

rommon #7> ping 192.168.1.2

Link is UP

Sending 20, 100-byte ICMP Echoes to 192.168.1.2, timeout is 4 seconds:

?!!!!!!!!!!!!!!!!!!!

Success rate is 95 percent (19/20)

 
3、执行tftpdnld命令
执行后显示如下:

rommon #8> tftpdnld

ROMMON Variable Settings:

ADDRESS=192.168.1.1

SERVER=192.168.1.

GATEWAY=192.168.1.2

PORT=Management0/0

VLAN=untagged

IMAGE=asa821-k8.bin

CONFIG=

LINKTIMEOUT=20

PKTTIMEOUT=4

RETRY=20

tftp [email protected] via 192.168.1.2

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


4、将IOS上传到ASA
此时IOS还没有装入ASA,而是从tftp引导启动设备。这一点当设备启动完毕后可以用show version命令看到:
System p_w_picpath file is “tftp://192.168.1.2/asa821-k8.bin”
启动完毕后需要将tftp server连接到除管理接口以外的其它接口,然后再升级IOS
注意:必须要将接口配置成 inside口

ASA#conf t

ASA(config)#int e0/0

ASA(config-if)#nameif inside

ASA(config-if)#ip add 192.168.1.1 255.255.255.0

ASA(config-if)#no sh

ASA#ping 192.168.1.2

通后就可以升级IOS了

ASA#copy tftp: flash:

Tftp server IP address:192.168.1.2

Source file name:asa821-k8.bin

Destination file name:asa821-k8.bin

到这一步并没有结束,此时还需要进行boot system的设置,使用命令:

ASA(config)#boot system disk0:/asa821-k8.bin

ASA(config)#wr

然后reload一下就可以了
重启之后在dir查看一下,基本上就大功告成了。


路由器的恢复:

0、恢复前的准备工作: 
a. 用一条完好的交叉线,一头接上路由器的一个快速以太网口,另一头接计算机的网卡接口。 
b. 用console线接好路由器的console口和com口,启用超级终端。 
c. 启用tftp服务器,并将相应IOS放到正确路径下,然后最小化TFTP服务器界面,不能关掉。
d. 接着在“超级终端”输入下面代码完成IOS恢复。


1、进入监控模式
在设备启动时会有提示按某个键进入监控模式。如下:
Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.
按“ESC”键进入监控模式。
rommon #1>


2、设置TFTP

rommon 2 > IP_ADDRESS=172.16.0.2

rommon 3 > IP_SUBNET_MASK=255.255.0.0

rommon 4 > DEFAULT_GATEWAY=172.16.0.100

rommon 5 > TFTP_SERVER=172.16.0.100

rommon 6 > TFTP_FILE=c2800nm-adventerprisek9-mz.124-11.T1.bin

//要恢复IOS,需要配置一些变量的值,主要是路由器的IP 地址、掩码等。由于路由器和TFTP 服务器在同一网段, 是不需要网关的, 但是不能不配置该值, 所以我们把DEFAULT_GATEWAY 胡乱地指向了TFTP 服务器。请注意变量名的大小写。


3、执行TFTP

rommon 8 > tftpdnld   //开始从tftp 恢复IOS

IP_ADDRESS: 172.16.0.2

IP_SUBNET_MASK: 255.255.0.0

DEFAULT_GATEWAY: 172.16.0.100

TFTP_SERVER: 172.16.0.100

TFTP_FILE: c2800nm-adventerprisek9-mz.124-11.T1.bin

TFTP_VERBOSE: Progress

TFTP_RETRY_COUNT: 18

TFTP_TIMEOUT: 7200

TFTP_CHECKSUM: Yes

TFTP_MACADDR: 00:19:55:66:63:20

GE_PORT: Gigabit Ethernet 0

GE_SPEED_MODE: Auto

Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!

Do you wish to continue? y/n: [n]: y      //回答“y”开始从tftp 服务器上恢复IOS,根据IOS 的大小,通常需要十几分钟

Receiving c2800nm-adventerprisek9-mz.124-11.T1.bin from

172.16.0.100 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

(此处省略)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

File reception completed.

Validating checksum.

Copying file c2800nm-adventerprisek9-mz.124-11.T1.bin to flash.

Eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

//从tftp 服务器接收了IOS 后,会进行校验。

rommon 9 > reset           //重启路由器

路由器不像ASA一样要重传一遍IOS

转载自:http://www.elanfly.com/articles/389.html



Method 1: Transferring IOS p_w_picpath using TFTP

Step 1: Console into the Switch.

Step 2: Connect your Labtop (or TFTP Server) to the back port of the Switch (10/100TX, next to console/serial port) via Straight cable.

Note: I was using my Mac book and activated TFTP on it. You can do the same on your windows or mac laptop if you don’t have a separate TFTP Server.

Step 3: Initialize flash:

switch: flash_init

Step4: Initialize Management Interface

switch: mgmt_init

Step5: Assign IP address/Subnet Mask of the Management Interface (Not TFTP Server, which is mentioned in the Cisco documentation and is an error.) and default gateway. Make sure the variable are set in the same format below.

switch: set IP_ADDR ip_address/maskswitch: set DEFAULT_ROUTER ip_address

Example: 
switch: set IP_ADDR 10.1.100.2/255.255.255.0switch: set DEFAULT_ROUTER 10.1.100.1

Note: After setting the variable you can check simply by typing “set“. If you make a mistake just type “unset” and the variable. (ex. unset IP_ADDR)

Step6: Once the correct p_w_picpath is transferred to your Laptop/TFTP server you can enter:

switch: copy tftp://TFTP_Server_IP_Add/IOS_p_w_picpath_filename.bin flash:IOS_p_w_picpath_filename.bin

Example: 
switch: copy tftp://10.1.100.3/c3560e-universalk9-mz.122-53.SE2 flash:c3560e-universalk9-mz.122-53.SE2

Note: After flash: you need to specify full file name or else it will not accept.

If your attempt failed you will get the following message after a long wait.

 connection timed out

If your attempt was successful you will see following.

..........................................................................................................................................

File "tftp://10.1.100.3/c3560e-universalk9-mz.122-53.SE2" successfully copied to "flash:c3560e-universalk9-mz.122-53.SE2"

 

Method 2: Transferring IOS p_w_picpath using USB Flash drive.

Before creating this post I didn’t know the Boot Loader (Rommon) mode supports USB flash drive, until a gentle man (Leo) on Cisco forum share this little secret that’s not mention in Cisco docs. The steps as as below. (Thanks to  Leo L. & Muhammad Y. for these instructions on Cisco Forum: Source, I haven’t tested this method yet so I am not 100% if this works.)

Step 1: Take a USB of any size, format it using FAT16.

Step 2: Copy a valid IOS to the USB drive.

Step 3: Insert USB to your Router/Switch.

Step 4: Reset you Router/Switch.

Step 5: Enter following comman

switch: dir usbflash0:

Step 6: Once you verify that it has detected the flash you can boot router/Switch using the following command

switch: boot usbflash0:IOS_name.bin

Note: In case it’s not accepting the USB drive, try formatting it to 256 MB. Also “boot usbflash0:” is not only hidden but you might need to upgrade the router’s Bootstrap before you can use the command.  Newer switches, like the 2960X/X, 3650 and 3850, and ISR G2s now support this command.

I hope I have covered every step here. Please leave a comment and let me know if there is anything you feel is incorrect and if this have helped you or not.

If the above didn’t resolve your issue. Please also look at this blog post.

    •  i recovered a ws-3750G-12s that “suffered” a “format flash” command which erased everything.

      Follow this procedure, using transfer on console port.

      Xmodem Recovery:

      1.Speed Up Xmodem Recovery – “switch: set BAUD 115200” (with 9600 was estimated 3hrs, with 115200 was only about 30 min for a 7.7MB file)
      (restart the console program with new settings chosen)

      2.Start Xmodem IOS file Tranfer – “switch: copy xmodem: flash:c3750-advipservicesk9-mz.122-25.fz.bin”

      3.If you use HyperTerminal, on top of the window, choose Transfer > Send File then browse to the file and select it (i assume you have this, otherwise google it and download the bin file – NOT tar- for your device) , also on protocol (in the browse window) choose “xmodem” then “send”. Transfer will start, but is going to take a lot of time.

      4.Issue the show version command in order to verify the file, if is OK, proceed to next step otherwise retry transfer

      5.Boot the new p_w_picpath that you just copied by issuing the “boot flash:filename” command

      6.After the Xmodem recovery, set the BAUD rate back to 9600. If the set BAUD 9600 command does not bring the baud rate to 9600, issue the unset BAUD command in order to bring the baud rate to a default value of 9600 bps.

  •