Cisco IPS: Always boot into ROMMON

Introduction
I bought a Cisco IPS 4240 at a very good price from Ebay, Cisco IPS arrived my home last night, I was excited and looking forward to use this appliance immediately. To my disappointment, Cisco IPS persistently boot into ROMMON.

I re-image the appliance, and saw the installation was successful, i was hopeful that the appliance can eventually boot into the sensor application, again it boot into ROMMON.

Re-image the IPS
Re-image refers to installing the IPS sensor application using the Cisco IPS 4240 img file. The file with img file format means system image, the file with pkg format is a service pack for user to upgrade the version of their IPS sensor application, the pkg can only be performed in IPS sensor application using the upgrade command.

In ROMMON you will have to use tftp file transfer to install the img file.

To check the network setting in rommon, type set command:

rommon #1> set
ROMMON Variable Settings:
  ADDRESS=10.0.0.1
  SERVER=10.0.0.2
  GATEWAY=0.0.0.0
  PORT=Management0/0
  VLAN=untagged
  IMAGE=IPS-4240-K9-sys-1.1-a-7.0-8-E4.img
  CONFIG=
  LINKTIMEOUT=20
  PKTTIMEOUT=4
  RETRY=20

rommon #2>

The default interface for file transfer for IPS4240 is management0/0. However you can choose the port you want to use by using interface gigabit0/0 command.

rommon #2> interface gigabit0/0
GigabitEthernet0/0
Link is DOWN
MAC Address: 000f.f775.8e74
rommon #3> set
ROMMON Variable Settings:
  ADDRESS=10.0.0.1
  SERVER=10.0.0.2
  GATEWAY=0.0.0.0
  PORT=GigabitEthernet0/0
  VLAN=untagged
  IMAGE=IPS-4240-K9-sys-1.1-a-7.0-8-E4.img
  CONFIG=
  LINKTIMEOUT=20
  PKTTIMEOUT=4
  RETRY=20

rommon #4>

Alternatively you can use PORT=management0/0 the variable name PORT must be capitalized otherwise you will receive this error Invalid or incorrect command. Use 'help' for help. All variables that you see from the set output must be capitalized.

Next configure your appliance local IP address and your TFTP server IP address. Lastly set your image name which you want to download from your TFTP server.

rommon #5> address 10.0.0.1
rommon #6> server 10.0.0.2
rommon #7> IMAGE=IPS-4240-K9-sys-1.1-a-7.0-8-E4.img
rommon #8> sync

Updating NVRAM Parameters...

rommon #9>

Use the sync command to save your settings to NVRAM. After you have saved your settings, you can start to download from your TFTP server by using tftp command.

Confreg
The reason why the appliance relentlessly boot into ROMMON is because of config register. The config register of my purchased appliance is at 0x00002140.

rommon #0> confreg

Current Configuration Register: 0x00002140
Configuration Summary:
  boot ROMMON
  ignore system configuration
  load ROMMON if netboot fails

The use of confreg command without specifying the register address will bring you to a wizard.

rommon #0> confreg

Current Configuration Register: 0x00002140
Configuration Summary:
  boot ROMMON
  ignore system configuration
  load ROMMON if netboot fails

Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]: y
select specific Flash image index? y/n [n]:
disable system configuration? y/n [n]:
go to ROMMON prompt if netboot fails? y/n [n]:
enable passing NVRAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]: y

Current Configuration Register: 0x00010000
Configuration Summary:
  boot ROMMON
  display of BREAK or ESC key prompt during auto-boot disabled

Update Config Register (0x10000) in NVRAM...

rommon #1>

The solution to this problem? Use confreg 0x7

rommon #9> confreg 0x7

Update Config Register (0x7) in NVRAM...

rommon #10> confreg

Current Configuration Register: 0x00000007
Configuration Summary:
  boot image index-3 from Flash

Do you wish to change this configuration? y/n [n]:

rommon #11>

Or confreg 0x1

rommon #11> confreg 0x1

Update Config Register (0x1) in NVRAM...

rommon #12> confreg

Current Configuration Register: 0x00000001
Configuration Summary:
  boot default image from Flash

Do you wish to change this configuration? y/n [n]:

rommon #13>

I should use 0x1, however 0x7 also brings me to the sensor login, and I begin to configure the startup wizard 🙂

Advertisements
This entry was posted in IDS/IPS, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s