60.0 Troubleshooting Cisco Forum FAQ60.0 Troubleshooting
·Corrupt image & router boots into rommon mode
·Get LANCE error message? The Ethernet controller might be the problem.
·Config Register Value - After lost power or reload, router lost configuration
·Used wrong config-register and now the router does not boot!
·Password Recovery Procedures
·PPPoE: Problems with resolving DNS and general connectivity. Its your MTU!
·The Cisco Router Web Interface (= CRWS) hangs when I try to start it
·My SDM/CRWS (web configuration mode) doen't work. How do I revive it?
·KVM Switch: My router boots fine, but then doesn't respond.
·What are the various show commands?
·IPSec VPN and Microsoft - Remote user receives IP address, unable to map drives
·Server Load Balancing
»Cisco Forum FAQ »Deleted/Corrupted/Wrong Type/No IOS image and router won't boot
Have you tried to upgrade an image but were unsuccessful? The router is stuck in rommon mode? If yes to any one of those questions; it means that the router cannot find a valid image in the flash memory. The image usually gets corrupted or lost.
Try the following link to recover the problem. The URL should work on any router that has tftpdnld command in the rommon.
Routers ROM Monitor IOS Image Download Procedures
The whole idea is to utilize tftpdnld ROMMON mode command to download working IOS image from your TFTP server to the router. To recover a router using this method, there are assumptions as follow
* You have a valid working IOS image
* You have a working TFTP server
* The working IOS image is stored in the TFTP server
When you don't have TFTP server yet, check out the following FAQ for preparing the server
»Cisco Forum FAQ »How to prepare TFTP server with freeware
If you don't have a working IOS image file around, then you should be able to download one from Cisco website; assuming you have Smartnet contract. Check out the following FAQ for more info on Smartnet
»Cisco Forum FAQ »How/where do I get Cisco images (such as IOS, PIX/ASA OS)?
As an illustration on utilizing the tftpdnld command, check out this thread.
/forum/remark,9864781~mode=flat
»[HELP] ROMmon corrupted
feedback form
by aryoba
last modified: 2008-03-20 14:59:07
%LANCE-1-INITFAIL: Unit [dec], initialization timeout failure, csr[dec]=[hex]
The hardware has failed to initialize correctly.
Recommended Action: Repair or replace the controller.
On modular equipment, the ethernet controller is on the module. Whenever possible, try to remove the module concerned; just to ascertain whether the device goes through the bootup process with no issues. If that is the case, you might want to replace the module.
FYI, the LANCE error message is from the Ethernet controller. The following thread provides details.
/forum/remark,9778418~mode=flat
I hope this tip is useful ... :)
feedback formby nozero edited by Covenant
last modified: 2004-04-03 10:56:05
* power back on a router after power off for a while
* there is lightning strike around
* after configuring a router, you need to reload the router to let the new configuration kick in
* after installing new IOS image, you need to reload the router to let the new IOS image become active
You might want to check the config register value to verify if it is 0x2102 (the default) or else. When the config register value is not set as 0x2102, then you need to set the value back to the 0x2102.
To find out what the current router config register value is, you can simply do a "show version" and look at the last line.
To set the value back to 0x2102 (default value), one way of doing it is via the CLI with following commands
configure terminal
config-register 0x2102
copy running-config startup-config
end
When the router has 0x2102 config register value, the router will act as factory recommended (Cisco recommended) including loading the current configuration after reload or power cycle.
Note:
When you are in luck, there is one possibility is that the router still has the configuration even though the router does not boot the configuration. This situation applies when the router configuration before reload or before power loss is saved (by issuing "copy running-config startup-config" or "write memory").
feedback formby aryoba
Bits per second: 1200
Data bits: 8
Parity: None
Stop Bits: 1
Flow control: None
Once this is open, powercycle the router and press the spacebar for roughly 10 seconds (press and release). If you are able to see the rommon prompt, change the register back to normal by typing:
rommon>confreg 0x2102
rommon>reset
if you are not able to see anything on the screen, close the window and open a new one with these settings:
Bits per second: 9600
Data bits: 8
Parity: None
Stop Bits: 1
Flow control: None
And you should now see the rommon> prompt. Change the register from there and the router should be back in normal mode.
Side Note:
If you know the current setting of your router's config register value is, you can use the Config Register calculator to find out how the router is configured when it boots. You can download the calculator from this site.
Derived from this thread.
feedback formby Covenant edited by aryoba
last modified: 2008-01-22 11:52:48
Password Recovery Procedures (#8126)
Note: For security reasons, the password recovery procedures described there require physical access to the equipment.
Password Recovery Procedures
You need to enter ROMMON mode which may require you to send the BREAK key. Check out the following link to find the suitable BREAK key.
Standard Break Key Sequence Combinations During Password Recovery
It is highly recommended to use a computer that has an actual Serial port (RS-232) when sending BREAK key. Don't use computer that utilize USB port to emulate Serial port since the BREAK key might not be sent properly.
If the router password recovery functionality is disabled, then you can perform tasks provided on this link to re-enable the password recovery functionality.
To Disable and Re-enable Password Recovery Functionality
feedback formby nozero edited by aryoba
last modified: 2008-03-31 12:13:29
SANCH_INT_RTR#sh run
Building configuration...
Current configuration : 2593 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SANCH_INT_RTR
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $encrypted password$
!
username Cisco privilege 15 password 7
username Router password 7
ip subnet-zero
no ip finger
ip name-server 66.80.130.23
ip name-server 66.80.131.5
!
no ip dhcp-client network-discovery
vpdn enable
no vpdn logging
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
ip address 69.33.X.X 255.255.255.224
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface ATM0
no ip address
ip access-group 101 in
ip access-group 101 out
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 0/35
protocol pppoe
pppoe-client dial-pool-number 1
!
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
mtu 1492
ip address 69.33.XX.XX 255.255.255.0
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ppp-username@megapathdsl.net
ppp chap password 7 Encrypted password
ppp pap sent-username ppp-username@megapathdsl.net password 7 encrypted password
0A
!
ip classless
ip route 0.0.0.0 0.0.0.0 69.33.X.X
no ip http server
!
access-list 101 deny tcp any any eq 135
access-list 101 deny tcp any any eq 136
access-list 101 deny tcp any any eq 137
access-list 101 deny tcp any any eq 138
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 140
access-list 101 deny udp any any eq 135
access-list 101 deny udp any any eq 136
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny udp any any eq netbios-ss
access-list 101 deny udp any any eq 140
access-list 101 deny tcp any any eq 445
access-list 101 deny udp any any eq tftp
access-list 101 deny tcp any any eq 4444
access-list 101 deny tcp any any eq 593
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 110
access-list 101 permit tcp any any eq 25
access-list 101 permit gre any any
access-list 101 permit icmp any any
dialer-list 1 protocol ip permit
banner login ^CC^C
!
line con 0
password 7 XXXXXXXXX
transport input none
stopbits 1
line vty 0 4
exec-timeout 30 0
password 7 XXXXXXXXX
login
length 0
!
scheduler max-task-time 5000
end
This FAQ created using this post by sanchito75 and the naming suggested by Covenant.
feedback formby nozero
last modified: 2004-09-27 16:30:38
Introduction
CRWS is one of two GUI interfaces for the 800 and SOHO series routers (the other being SDM). It resides in a section of the router’s flash memory called “webflash.” When you want to access CRWS, you open an Internet browser window and type "http://10.10.10.1" in the URL address window (similar to open up Yahoo! website by typing "http://www.yahoo.com").
Note:
If accessing the "http://10.10.10.1" does not show anything but bunch of error messages in the page, there is a possibility that the router LAN IP address has changed. To verify and troubleshoot further, there is no other choice but to use CLI. Check out the following FAQ to revive CRWS/SDM via CLI.
»Cisco Forum FAQ »My SDM/CRWS (web configuration mode) doen't work. How do I revive it?
IF CRWS Hangs/Does Not Launch when opening up using Internet Explorer
A common cause of CRWS not working is a known bug in CRWS in which Microsoft Virtual Machine is required for it to run, the subject of this FAQ.
Microsoft Virtual Machine Configuration/Installation
Figure 1(»/showpic/faqs?···&1=1&1=1) – Open Internet Explorer and go tools\internet options
Figure 2(»/showpic/faqs?···&1=1&1=1) – In the Internet options window, click the “advanced” tab.
Figure 3(»/showpic/faqs?···&1=1&1=1) Then scroll down and see if there is a main heading for Microsoft VM (if there is no Microsoft VM heading, skip to figure 4). If the Microsoft VM main heading is there, under this heading check the box for “JIT compiler for Virtual Machine enabled.” Then go to the main heading above it entitled Java (Sun) and uncheck all the checkboxes there. Then click apply, exit out of the window and reboot your PC to save the settings
Figure4 (»/showpic/faqs?···er=0&1=1) - If there is no main heading for Microsoft VM you don't have it, you need this file – filename msjavx86.exe - from a trusted website – One website is »java-virtual-machine.net/download.html. Download it and (after checking for viruses as you would do with any download, right?) install it (it will ask you to reboot, do so). Then configure Internet Explorer as explained previously in figure 3 above
Figure 5 (»/showpic/faqs?···&1=1&1=1) – Go to Windows update to update the Microsoft VM.
Figure 6 (»/showpic/faqs?···&1=1&1=1) – Select the VM update(s) and install them, reboot if requested.
Figure 7 (»/showpic/faqs?···&1=1&1=1) – Open Internet Explorer, type "http://10.10.10.1", hit enter and CRWS should properly start now.
Note on CRWS usage:
1. leave the LAN IP address at 10.10.10.1, (see figure 7) as changing it can create problems for the router.
2. CRWS allows basic router functionality. It does not allow you to do everthing the router is capable of. Learning the Command Line Interface (CLI) is necessary to make use of all the router’s features.
Useful Links:
CRWS demo at Cisco website »www.cisco.com/warp/public/779/sm···crws.htm
CRWS description at Cisco website
»www.cisco.com/en/US/products/sw/···dex.html
CRWS User Guide
»www.cisco.com/univercd/cc/td/doc···ws30.htm
CRWS software downloads (includes CRWS “caveats” document, Cisco-speak for bugs)
»www.cisco.com/pcgi-bin/tablebuild.pl/crws
Switching Between SDM and CRWS
»www.cisco.com/en/US/products/sw/···cc8.html
feedback formby Requiems edited by aryoba
last modified: 2007-07-08 08:10:56
»Cisco Forum FAQ »The most straight-forward way to configure Cisco router: Introduction to CLI
There are various reasons why the SDM does not work. Some of them are the following.
* old Java issue
* SDM is not activated
* SDM software does not exist on the router
* The LAN interface IP address is changed
* The LAN interface is shutdown
This FAQ is not meant to be the complete SDM troubleshooting guide. This FAQ however points you to the right direction to find out what the cause is and to revive your router.
When the web configuration mode doesn't work, use the CLI (Command Line Interface) as the most reliable way to configure and troubleshoot routers, including troubleshooting SDM access issue.
Here are the steps to revive inactivated SDM.
1. Do a "show running-config" from enable (privilege) mode and check if there are such commands of "no ip http server" and/or "no ip http secure-server"
2. When you find it, it means the router is currently configured to disable the SDM/CRWS. To enable it, issue "ip http server" and/or "ip http secure-server" from global configuration mode
3. When there is no IP address under the LAN interface, you need to assign one. Make sure that the LAN interface IP address and your PC IP address are within the same subnet
4. Using your web browser on your PC, open "http://[YOUR ROUTER LAN IP ADDRESS]" and see if you are able accessing the SDM/CRWS
The following thread shows some walk through using CLI step-by-step from very beginning to revive the web configuration feature.
Keep in mind that even though your product may not be an 837 router as is used in the thread example, the description on CLI introduction still applies to any Cisco router that supports web configuration.
/forum/remark,11032540~mode=flat
»[Config] cisco 837 defaults
feedback formby aryoba
last modified: 2008-11-21 15:11:04
/forum/remark,10899597~mode=flat?hilite=2514
feedback formby aryoba edited by nozero
last modified: 2004-09-01 12:46:34
What are the various show commands? (#12627)
feedback formby nozero
The remote user is able to receive IP address off DHCP pool. Users at both sites are able to ping (ICMP echo and echo reply) each other's IP address.
You are using Microsoft network. One task is to have remote users try to map share drive and it fails. What is the problem?
1st of all, let's break out the problem. When the remote user is able to receive the IP address and are able to ping each other's IP address, then the VPN tunnel must be up. The fact that remote user is unable to map share drive is then not the VPN setup problem, but something on your Microsoft network is preventing the drive sharing.
Check out the following official Cisco link for more info.
Troubleshooting Microsoft Network Neighborhood After Establishing a VPN Tunnel
Scenario 2: Remote Users are unable to ping
The remote user is able to receive IP address off DHCP pool. Users at both sites are unable to ping (ICMP echo and echo reply) each other's IP address.
1st thing is to confirm that no firewall that blocks ICMP echo and echo reply. Once it is confirmed, then you might want to confirm IPSec VPN device configuration. If the VPN device is a PIX/ASA Firewall, then a isakmp nat-traversal command might be necessary to be in place. Check out the following FAQ for details.
»Cisco Forum FAQ »Remote User VPN Connection To Office Network
feedback formby aryoba
last modified: 2008-05-29 15:52:03
Server Load Balancing (#16075)
»[Info] Subtle GSS load balancing issue
feedback formby aryoba