No problem! The complete CBOS rewrite procedure doesn't require them, since you erase them immediately after entering "debug mode" (RMON) anyway.
If you only want to reset your passwords and running configuration, but don't want to touch the CBOS, click here for How-to.
?"I only want to change the running configuration, not clear my CBOS, but I can't remember my Passwords"
OK. You'll have to delete the running configuration (including passwords), then replace it with a new one. Changing the running configuration without passwords is described at this link.
?"What if I just want Option 2 (Redoing NVRAM Configuration to Add Security)?" ?"What if my router won't even give me the CBOS prompt over the hyperterminal link?"
?"I lost my management cable. Now what?" Yes, there are other ways to access your router's inner workings, including telnetting to it from your friend's house, but then you'll definitely have to start with a) a healthy router b) your correct passwords, and c) your telnetting enabled to your router, which also allows non-benevolent hacker types to access your router. The configuration I recommend includes turning the telnetting off to your router. So, I always use my management cable when messing with the router's insides. Then I unplug when finished; my management cable hasn't been attached since Aug 2001. ?"How do I know if my CBOS is corrupt?" If this is your problem, you'll need to perform all of Option 3. ?"I redid the config, but my router disconnects after every couple of hours. Now what?" At cbos#, type set web disable <press
enter> (reply is) WEB is disabled
At cbos#, type set web port 8080 <press enter> (...or to some other port of your choosing not equal to 80. If you don't know what you're doing here, use 8080.)
(reply is) You must use "write" then reboot for changes to take effect.
At cbos#, type set web remote 10.10.10.10 <press enter> (reply is) Web restricted to 10.10.10.10 ?"OK, I did Option 3. So why didn't it work?" ?"Why are you doing this?"
Get into Hyperterminal (usually under Start/Programs/Accessories/Communications), and createa new
session for your router, with these settings: Bit per second: 38400
Data bits: 8 Now you are going toget
into "debug" mode in your router. (That's the mode where the "=>" prompt
shows up in the Hyperterminal window). Do this by unplugging
the router's power for several seconds. Then plug it in, and when the "alarm"
light on the router comes on, quickly hit "CTRL-C" at the same time. You might have to
hit enter a few times to make the "=>" show up. If you didn't get
into debug mode the first time, unplug the router and try again. Once you're in Debug,
delete the current running configuration like this:
At the " =>"
prompt, type es 6 <press enter> (reply is "Erasing sector 00000006. Sector erased") At the " =>"
prompt, type rb <press enter> The router reboots. Now you have to
put the router settings in the way you want them, so you'll still be using hyperterminal. This
time, when the router is plugged in, it should say (when you press enter): Hello! Expanding
CBOS image... (CBOS
version info, etc etc) IV.1) <Press enter> Then it will ask
you: User Access
Verification Password: IV.2)You don't have a password yet (since
you just cleared out your router), so just <press
enter> IV.3) At the
"cbos>" prompt, type enable <press enter> IV.4) At
"Password:" press enter. IV.5) At "cbos#", type set nvram erase <press
enter> It replies: Erasing Running Configuration. You must use "write" for changes
to be permanent. IV.6) At cbos#, type write <press enter> NVRAM written. IV.7) At cbos#, type reboot <press enter> Hello! Expanding CBOS image... (CBOS version
info, etc etc) After the "Hello!" message, etc., V.1) <Press enter> The router will
ask you: User Access
Verification Password: V.2)You still don't have a password yet, so
just <press enter> V.3) At the
"cbos>" prompt, type enable <press enter> V.4) At
"Password:" press enter. V.5)At cbos#, type set ppp wan0-0 ipcp 0.0.0.0 <press
enter> (reply is) PPP wan0-0 IPCP Address set to
0.0.0.0 V.6)At cbos#, type set ppp wan0-0 dns 0.0.0.0 <press
enter> (reply is) PPP wan0-0 DNS Server Addresses set to
0.0.0.0 V.7)At cbos#, type set ppp wan0-0 login
yourusername <press
enter> This username
MUST be the one on record with your ISP. (reply is) User name for wan0-0 has been set to yourusername. V.8)At cbos#, type set ppp wan0-0 password yourpassword
<press enter> This password
MUST be the one on record with your ISP (reply is) Password for wan0-0 has been set to yourpassword. V.9)At cbos#, type set ppp restart enable <press
enter> (reply is) CPE Remote Restart is now enabled... V.10)At cbos#, type set nat enable <press enter> (reply is) NAT is now enabled You must use
"write" then reboot for changes to take effect. V.11)At cbos#, type set dhcp server enable
<press enter> (reply is) DHCP Server enabled VI.1) At cbos#, type set password exec yourexecpassword <press
enter> (This executive password can be anything you want, or you
can skip the password.) (reply is) Exec Password Change Successful! VI.2)At cbos#, type set password enable yourenablepassword <press
enter> (This enable password can be anything you want, or you
can skip the password.) (reply is) Enable Password Change Successful! (The next two steps will help
keep your router protected from remote access, so the worm won't get you
again.) VI.3) At cbos#, type set web disable <press
enter> (reply is) WEB is disabled
VI.4) At cbos#, type set web port 8080 <press enter> (...or to some other port of your choosing not equal to 80. If you don't know what you're doing here, use 8080.)
(reply is) You must use "write" then reboot for changes to take effect.
VI.5) At cbos#, type set web remote 10.10.10.10 <press enter>
NOTE: Changing your "web remote" setting to 10.10.10.10 will disable your NAT (Network Address Translator) access to your router, meaning you won't be able to Telnet onto it anymore. You could use 10.0.0.1, but that will mean that only your router can telnet onto itself. You can also change to 10.0.0.2 or 10.0.0.3 etc. Check Cisco's page for full understanding of what this command does. For my needs, 10.10.10.10 does the trick, and it appears that without "set web remote (something)", you'll get reinfected. So you can either wait for a final recommendation from Cisco or Qwest, or just slap one of these settings in there and go! If you always use Hyperterminal when changing settings on your router, 10.10.10.10 will be OK. (reply is) Web restricted to 10.10.10.10
VI.6) At cbos#, type write<press
enter> (reply is) NVRAM written. VI.7)At cbos#, type reboot<press
enter> (reply is)
Hello! Expanding CBOS image... Etc etc. Now You're done!! You can exit
Hyperterminal. You might have to reboot the
whole PC to get Windows to see that you have the network back.
Click Here.
Fret not. This is the same problem I had with my router. However, it does mean you'll need Option 3 instead of Option 2 (see main page for options).
You'll need your management cable to reconfigure your router. If yours is lost, you can build a new one by following the pattern at this link.
Here's how it manifested itself on my machine.
When my router dropped the network, first, I tried the power cycling thing. No good, so I started a
hyperterminal session to erase just the part of the NVRAM that has the
running configuration, i.e. sector 6 (just like when you need to reset the
exec password, etc.). But when I opened hyperterminal, all it showed me was
the "=>" prompt, which is the sign that it's in "Debug" (RMON) mode. It ought to start out with a "Hello!" , a password request, and then the "cbos>" prompt.
When I gave it the "es 6" command to axe the running configuration and
reboot, it seemed to comply, then returned that it had an error at some
specific numeric address, and was right back in RMON.
So, I would claim that a good indicator of CBOS corruption would be bad performance of the
router (for example, opening in RMON), especially after sector 6 has been
erased, since all that's left then should be the CBOS anyway.
Sounds like you might have skipped a very important step in the reconfiguration process. Make sure you have included all 3 of the following during reconfig:
My email box runneth over with questions, problems, and anecdotes from people who had trouble with Option 3. Here are the most common problems:
That's easy. To help you fix your Cisco router, even if it has a corrupt CBOS.Option 2 for case where Passwords are Forgotten
I.) Connect
Make sure your
Cisco Management cable is plugged in.
Parity: None
Stop bits: 1
Flow control: None
(You're probably on
COM1 at this point.)II.) Get into Debug (RMON) Mode
III.) Erase sector 6
IV.) Erase the NVRAM
V) Fix Settings
VI.) Wrapping Up….
If you have a Cisco 675 or a Cisco 678 for CAP, skip these lines and continue with the next step
If you've got a Cisco 678 running on DMT lines, you'll also need to add:
set interface wan0-0 disable
set interface wan0-0 vpi 0
set interface wan0-0 vci 32
set interface wan0-0 enable
End of CISCO 678 DMT ONLY Info