[c-nsp] Cisco 7200 router with AAA problem and nvram corruption
Jay Hennigan
jay at west.net
Sat Oct 8 13:47:42 EDT 2011
On 10/8/11 8:51 AM, root net wrote:
> Hello,
>
> Just want to confirm what should be done. I have a router that resulted in a
> bad NPE 225. Had a spare NPE 225 but it wouldn't work for some strange
> reason. So had an old NPE 150 laying around so inserted. When the router
> came backup noticed that a message flashed nvram corrupt on console. All
> circuits came up lovely but now I can't access the router to possibly move
> circuits to different router.
The NVRAM is actually a battery-backed SRAM. Some are like the early
Sun boxes with a Dallas/Mostek chip. It looks like a tall DIP chip.
Others are SRAM and a coin battery. This also can keep the time-of-day
clock going when the box is powered down. They are supposed to last 10
years but your mileage may vary. I suspect this will be happening more
and more as the boxes age.
The NVRAM holds the configuration as well as a few other variables such
as if-index persistence, some environmental data, etc.
The NVRAM isn't on the NPE unless you're using a NPE-G1 or NPE-G2. It's
on the I/O module on all others.
Its battery is likely dead and hence it has lost its checksum. I seem
to recall a means from monitor mode to clear/reset it but it's one of
those obscure commands and I'm unable to locate it right now via search.
Not the kind of thing you want to do other than in a situation like the
one you're in. You may be able to just go into password recovery and
then write the configuration in order to restore it.
I'm surprised that all circuits came up lovely, as the corrupt NVRAM is
where the configuration is saved. I wouldn't count on it remembering
its configuration again. RANCID is your friend....
> I have the router configured with AAA for local and no backup
> authentication. (Silly)
>
> What should be the steps I take to recover access to router so I can setup
> AAA for local and backup auth?
Replace the I/O module or the NVRAM if you want to try -- see below.
Copy your configuration from backup (you do have a backup?), and you're
good.
You'll have this problem every time the power is removed from the box
until you replace the battery. The Mostek chips are still available as
are the coin batteries. If you've got the soldered-in battery on little
legs, it can be replaced but it's tricky. Best to make friends with
someone who does PCB rework if you're not skilled at soldering, or just
get a replacement I/O module with a fairly recent date code so you don't
get bit again for a while.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list