Recover IOS using tftpdnld from ROMMON

In Cisco 2600/2800/3800 Series Router we can recover IOS using Trivial File Transfer Protocol (TFTP) over ethernet interface using the ROMmon tftpdnld command.
tfptdnld is more faster rather than recovering IOS via Xmodem.

There are some variables to set when we want to transfer files to router using tftpdnld.
You can type tftpdnld -h

rommon 1 > tftpdnld -r

usage: tftpdnld [-hr]

Use this command for disaster recovery only to recover an image via TFTP.
Monitor variables are used to set up parameters for the transfer.
(Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.)
"ctrl-c" or "break" stops the transfer before flash erase begins.

The following variables are REQUIRED to be set for tftpdnld:
IP_ADDRESS: The IP address for this unit
IP_SUBNET_MASK: The subnet mask for this unit
DEFAULT_GATEWAY: The default gateway for this unit
TFTP_SERVER: The IP address of the server to fetch from
TFTP_FILE: The filename to fetch

The following variables are OPTIONAL:
GE_PORT: Ethernet port number for download, 0 or 1 (default=0)
TFTP_MEDIA_TYPE: Media select for GE_PORT=0, 0(Copper) or 1(Fiber) (default=0)
TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose
TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=20)
TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200)
TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1)
TFTP_MACADDR: The MAC address for this unit
GE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx, 4=1000/fdx, 5=Auto (default)

Command line options:
-h: this help screen
-r: do not write flash, load to DRAM only and launch image

Below is an example in using tftpdnld to recover an IOS image name c3845-adventerprisek9-mz.124-21.bin to a Cisco 3845 router:

rommon 1 > IP_ADDRESS=171.68.171.0
rommon 2 > IP_ADDRESS=10.0.0.1
rommon 3 > IP_SUBNET_MASK=255.255.255.0
rommon 4 > DEFAULT_GATEWAY=10.0.0.13
rommon 5 > TFTP_SERVER=10.0.0.13
rommon 6 > TFTP_FILE=c3845-adventerprisek9-mz.124-21.bin
rommon 7 > tftpdnld
IP_ADDRESS: 10.0.0.1
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.0.0.13
TFTP_SERVER: 10.0.0.13
TFTP_FILE: c3845-adventerprisek9-mz.124-21.bin
GE_PORT: Ge0/0
TFTP_MEDIA_TYPE: Copper
GE_SPEED_MODE: Auto Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y

Receiving c3845-adventerprisek9-mz.124-21.bin from 10.0.0.13 !!!!!!!!!!!!!!!!!!!!!!!!!!!!
File reception completed.
Copying file c3845-adventerprisek9-mz.124-21.bin to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000
rommon 8 >


References:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bf9e.shtml

Configuring Cisco HWIC-3G

Some people asked me about configuring HWIC-3G-GSM or HWIC-3G-CDMA module. To read more information about these modules, you can open this link http://www.cisco.com/go/3g

Basically, Cisco 3G Wireless WAN HWIC provides a cost-effective alternative to ISDN dial back up and provides Business Continuity for critical applications.

• Offers Broadband data rates up to 3.2 Mbps with EVDO and 3.6 Mbps with HSDPA
• Supports CDMA and GSM/UMTS standards (EVDO Rev A / HSDPA)
• Target Applications – WAN Backup, Rapid Deployment, Portable Applications
• Supported on Cisco 1841 / 2800 / 3800 Series Routers
• Embedded mini PCI express Cellular modem from Sierra Wireless
• Modem firmware is upgradeable, it is not bundled with IOS
• Multiple external antenna options for in-building deployments

Firmware

Sierra Wireless modem firmware is not bundled with IOS. Modem firmware upgrade may be required for bug fixes and enhancements

Search for new firmware here: http://www.cisco.com/kobayashi/sw-center/sw-wireless.shtml

IOS Commands to upgrade firmware:
microcode reload cellular cdma modem-provision
where pa-bay is 0 for HWIC, slot is the slot number where the 3G HWIC is plugged in (0-3).

Note: The firmware is packaged as a TAR archive. After copying to router flash, use the following command to untar:
archive tar /xtract flash: flash:


HWIC Insertion and Recognition

Router#show version
1 Virtual Private Network (VPN) Module
1 Cellular interface
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.

Router#show diag
WIC Slot 0:
3G WWAN HWIC-HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz
...
Product (FRU) Number : HWIC-3G-GSM
Version Identifier : NA

Router#show run
!
interface Cellular0/0/0
no ip address
shutdown
!


Profile Configuration CLI

Up to 16 Profiles can be configured at one time, when no profile is selected, profile 1 is used.

GSM Profile configuration command:
cellular x/x/x gsm profile create [chap|pap] username passwd
cellular x/x/x gsm profile delete

Profile Selection
Using “ATDT*98*#”in the dialer chat script

Router# cellular 0/0/0 gsm profile create 1 ISP.CINGULAR chap ISP@CINGULARGPRS.COM CINGULAR1

Profile 1 = INACTIVE*
--------
PDP Type = IPv4, Header Compression = OFF
Data Compression = OFF
Access Point Name (APN) = ISP.CINGULAR
Authentication = PAP
Username: ISP@CINGULARGPRS.COM, Password: CINGULAR1


New Cellular Interface configuration

The new Cellular interface is an Async Serial interface and requires following configuration

PPP Configuration
encapsulation ppp
ppp chap hostname
ppp chap password
ppp ipcp dns request

Dialer Configuration:
async mode interactive
dialer in-band

IP Address configuration
ip address negotiated

Sample Configuration:

interface Cellular0/0/0
ip address negotiated
ip nat outside
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname dummy
ppp chap password 0 dummy
ppp ipcp dns request
!


Dialer/Chat Scripts

ATDT*98*#
where profile-number could be 1-16 and represents
the modem profile to be used for the call.

Example chat script:
chat-script gsm “” “ATDT*98*2#” TIMEOUT 30 CONNECT

For default Profile 1, profile number can be left out in the chat script:
chat-script gsm “” “ATDT*98#” TIMEOUT 30 CONNECT



Configuration Examples














Here we have the 3G as the primary connection, we use Dynamic IP Address and the Router acting as a DHCP server. The laptop connects to the router via wireless, in the router we have HWIC-AP module installed.

dot11 ssid test
authentication open
!
ip dhcp pool wlan-client
network 10.4.0.0 255.255.0.0
default-router 10.1.0.1
dns-server 66.102.163.231 66.102.163.232
!
chat-script gsm "" "ATDT*99#" TIMEOUT 60 "CONNECT"
!
interface Dot11Radio0/2/0
no ip address
!
ssid test
!
bridge-group 104
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname cisco@wwan.ccs
ppp chap password 0 cisco
ppp ipcp dns request
!
interface bv1
ip address 10.4.0.1 255.255.0.0
ip nat inside
!
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
!
ip nat inside source list 10 interface Cellular0/0/0 overload
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
!
line 0/0/0
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
!

How to Configure an Access Server for Lab

If you see CBT Nuggets, TrainSignal, Cisco Video Mentor, the instructors can change access between devices easily. That's where an Access Server comes into play.
Moving around to plug/unplug a console cable from one to another is tired every time you want to configure/access different device. The solution to this problem is purchasing and configuring an Access Server.
Remote labs from Internetwork Expert also use an Access Server for the labs at racks.internetworkexpert.com.

If the Async port is serial like 2511's picture below, you will need a special octal cable CAB-OCTAL-ASYNC Cable. But if the Access Server Async ports are in RJ-45, you will only need a basic UTP RJ-45-to-RJ-45 rollover cable.









Once you've got your AS and the appropriate cable, you're ready to configure your AS. Below is the example diagram on how to connect the AS with the devices, and then you will connect one of the RJ-45 connectors to the console port of each one of your devices that has console port. If you're using an octal cable, make sure to note the number that's on the cable itself right below the connector, because that's very important.




















In the above example, we have an Access Server, 2 routers, 1 switch, and 1 ASA.
Router 1 (R1) will be plugged using 1st cable and it will be using port 2001, 2nd cable will be port 2002, etc.

Basically we only need to configure a loopback interface, an an ip host name and port that point to the loopback address. The basic configuration will be like this:

hostname AS
!
!
ip host ASA 2004 1.1.1.1
ip host S1 2003 1.1.1.1
ip host R2 2002 1.1.1.1
ip host R1 2001 1.1.1.1
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
no ip directed-broadcast
!

There are two ways to connect to devices attached to an access server, you can terminate your exec session on the access server itself (one terminal window for all sessions), or you can terminate your exec session on the device connected to the access server (one terminal window for each session).

When you terminate your exec session on the access server you then “reverse telnet” to the individual devices connected to the access server. Normally to do this you first login to the access server and then issue the “show hosts” command to see the host mappings. Next, reverse telnet to them by typing the hostname and pressing enter. To get back to the access server issue the escape sequence CTRL-SHIFT-6-X. To do so hold ctrl and shift, hit 6, release all keys, then hit X. From the access server you can then open new connections or resume connections that you already have open.

When you terminate your exec session on the device connected to the access server, i.e. by telnetting to the access server at port 2001, you cannot issue the escape sequence to reconnect to the access server. In this situation you would open multiple terminal windows if you wanted to connect to multiple devices.

In my office lab, I made it similar to internetwork expert racks lab. Using login local, and have multiple user plus a menu.

For more information watch this class-on-demand video on using an Access Server.

Reference:

• http://blog.internetworkexpert.com/
• http://www.thebryantadvantage.com/
  

Extract a file or copy a folder from TFTP to flash

Sometimes you need to copy a bunch of files or a folder or maybe extract an archive file to a Cisco device. For instance, you need to upgrade the IOS of your Cisco Catalyst Switch or Cisco Aironet Access Points. If you need to upgrade to a newer IOS, usually Cisco provides an archived IOS.
For example, a 1200 Aironet IOS image will be available like this in cisco.com: c1200-k9w7-tar.123-8.JA2.tar.
That is a bit different compared to a Cisco Router image that used to be a *.bin file.

If you extract the c1200-k9w7-tar.123-8.JA2.tar file, then you will have the image with a name like this: c1200-k9w7-mx.123-8.JA2, with another couple of files.
You will need to copy all these files into your Access Point.

So how to copy the the image to the Access Point?
Do we need to copy it one by one from tftp using "copy tftp flash" command?
The answer is no, that's where the "archive tar" command comes into play.

The example below, I extract a c1200-k9w7-tar.123-8.JA2.tar file from my TFTP server (192.168.3.250) to Cisco Aironet 's flash:

ap#archive tar /xtract tftp://192.168.3.250/c1200-k9w7-tar.123-8.JA2.tar flash:
Loading c1200-k9w7-tar.123-8.JA2.tar from 192.168.3.250 (via BVI1): !
extracting info (274 bytes)
c1200-k9w7-mx.123-8.JA2/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JA2/html/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JA2/html/level/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JA2/html/level/1/ (directory) 0 (bytes)
extracting c1200-k9w7-mx.123-8.JA2/html/level/1/appsui.js (557 bytes)
extracting c1200-k9w7-mx.123-8.JA2/html/level/1/back.shtml (498 bytes)!
...
...
...
(output truncated)
...
...
...
c1200-k9w7-mx.123-8.JA2/html/level/15/ap_contextmgr_scm_summary.shtml.gz (5559 bytes)!
extracting c1200-k9w7-mx.123-8.JA2/c1200-k9w7-mx.123-8.JA2 (3654874 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/5001.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/5101.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/6301.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/6701.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/6701_cal.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/info (274 bytes)
extracting info.ver (274 bytes)!
[OK - 5017600 bytes]

This is just a trick. To upgrade an IOS/image of a Cisco device, you can use the archive download-sw command or use the web GUI (for Cisco Aironet Access Point).

Frame Relay Switching over a Tunnel

In 1996 Cisco Systems to Join with StrataCom, a leading supplier of Asynchronous Transfer Mode (ATM) and Frame Relay high-speed wide area network (WAN) switching equipment that integrates and transports a wide variety of information, including voice, data and video.
Cisco MGX Multiservice Switches provide Frame Relay services at the Provider Edge.
In a lab situation, we can configured Cisco IOS on standard routers and access servers to provide frame relay services.

There are several ways to relay frames in IOS:

1. DCE-DCE (multiple DCE interfaces), basic switching using frame-route command
2. DCE-DCE (multiple DCE interfaces, on newer IOS such as 12.2T), using connect command
3. Hybrid, 1 DCE and 1 DTE
   
4. Back-to-Back, which requires lmi to be disabled with no keepalive
   
5. Tunnel Methods
   

To learn how to configure Cisco router as a Frame Relay switch, you can read my friend's blog, awa here.

Here I will give some configuration examples of Frame Relay switch using Tunnel methods.
Suppose you need 4 ports Frame Relay Switch for making a Full Mesh Frame Relay topology, but all you had is only 2 Cisco routers with 2 serials and 1 ethernet interfaces.
IOS permits us to send a switched frame relay packets over an IP tunnel. This permits the frame relay encapsulated serial interfaces to be located on different routers.
This diagram below may be looked complex, but its only just a Full Mesh Frame Relay topology.
















There are 2 fundamental tricks use to get this trick to work:

1. Using tunnel interface as the destination in the frame-route statements
2. Making the same PVC is referenced by the same DLCI on both side of the tunnels

Configuration of SW1:

interface serial 0
no ip address
encapsulation frame-relay
no fair-queue
clock rate 128000000
frame-relay intf-type dce
frame-route 102 interface Tunnel0 122
frame-route 103 interface Tunnel0 123
frame-route 104 interface Serial3 401

interface tunnel 0
ip unnumbered ethernet 0
tunnel source ethernet 0
tunnel destination 172.16.10.5

Configuration of SW2:

interface serial 1/0
no ip address
encapsulation frame-relay
clock rate 128000000
frame-relay intf-type dce
frame-route 201 interface Tunnel0 122
frame-route 203 interface Serial1/1 302
frame-route 204 interface Tunnel0 422

interface tunnel 0
ip unnumbered FastEthernet 0/0
tunnel source FastEthernet 0/0
tunnel destination 172.16.10.7