Solved: Re: C1121X-8P: Need image?

j03y · ‎04-04-2025

I made the mistake of running "factory-reset all secure 3-pass", not realizing this would sanitize the C1121X-8P requiring me to obtain my own IOS 17.6.3a image to recover it.

What do I need to do to obtain this image, or the latest official C1121X-8P image?
We bought this C1121X-8P used, and are just trying to configure it. It apparently came in "Router operating mode: Controller-Managed" and i was unable to get it out of this mode.

Now it's stuck here:

rommon 1 > dir flash:
media drive flash: not present
rommon 2 >

Leo Laohoo · ‎04-04-2025

While the router is in ROMMON, post the complete output to the command "set".

Next, there is a method to download Cisco firmware legally and for free. Here are the steps:

1. Autonomous (aka non-SDWAN) firmware can be found HERE. Take a note of the firmware filename and the web address where the file is hosted.

2. Read this: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

3. Scroll down to the "Customers Without Service Contracts" section. Read it very carefully.

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC.

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

4. Call TAC. Do not email TAC (because the email address has been decommissioned). CALL.

5. Provide TAC the following information:

Serial number of the router
Filename of the firmware (Step 1)
Web address (Step 1) where the file is being hosted
Security Bulletin affected (Step 2)

Good luck!

View solution in original post

M02@rt37 · ‎04-04-2025

hello @j03y

You'll need to load the IOS.xe software image manually. So, you'll need to download the correct IOS image from Cisco’s software download portal.

Once you have that IOS image, you'll need to set up a TFTP server on your computer. This will act as the source for transferring the image to your router.

Next, you'll need to configure the router's rommon mode to communicate with the TFTP server. Refer here: https://community.cisco.com/t5/other-network-architecture-subjects/how-to-download-image-from-tftp-to-a-rommon/td-p/104558

Once the IP configuration is set, you can initiate the image transfer from the TFTP server to the router’s flash memory. After the transfer is complete, verify that the image is succesfully copied to the router’s flash storage by checking again the directory in rommon mode.

Then, reboot!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

j03y · ‎04-04-2025

Thanks M02@rt37- much appreciated.
I am indeed familiar with TFTP'ing images to a boot loader (uboot) (and via USB drive is another option, correct?)

But we bought this C1121X-8P used, and I doubt we have a Cisco service contract, so I don't believe I have the necessary permission to download Cisco software images. (and our IT manager is out for a week.) I need to first buy a Cisco service contract to obtain an IOS.xe software image, correct? Or is there some other way? We have many Cisco switches here, but none of this type, and I don't believe IOS images are transferable...

M02@rt37 · ‎04-04-2025

Oh yes !

Without the contract, there are limited options, and the image cannot legally be obtained through unofficial means. Your IT manager will likely need to facilitate the contract purchase, after which you can access the required images for the router.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

j03y · ‎04-04-2025

For future use, can you tell what I *should* have done? I.e. how can i factory-reset this router, without bricking it? (by "brick", i mean, it does not reboot to a usable state without having to re-install software.)

I used the following page for guidance, section "How to Perform a Factory Reset", which did not clearly tell me that "factory reset" would brick this router.

In fact, this doc states: "The factory reset is a process of clearing the current running and startup configuration information on a router, and resetting the router to an earlier, fully functional state."

I emphasize: "fully functional".

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/terminal-services-gateways/sw-config/tg1100swcfg-xe-17-2-book/m_perform_factory_reset_tg.html#id_103746

Leo Laohoo · ‎04-04-2025

While the router is in ROMMON, post the complete output to the command "set".

Next, there is a method to download Cisco firmware legally and for free. Here are the steps:

1. Autonomous (aka non-SDWAN) firmware can be found HERE. Take a note of the firmware filename and the web address where the file is hosted.

2. Read this: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

3. Scroll down to the "Customers Without Service Contracts" section. Read it very carefully.

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC.

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

4. Call TAC. Do not email TAC (because the email address has been decommissioned). CALL.

5. Provide TAC the following information:

Serial number of the router
Filename of the firmware (Step 1)
Web address (Step 1) where the file is being hosted
Security Bulletin affected (Step 2)

Good luck!

j03y · ‎04-05-2025

Thanks! Looks very helpful. But i did call Cisco before reading your post.
Actually, first i did an online chat last night, and that guy told me to call 1(800)462-4726 and press option 3 (which turned out to be tech support (?!?!).
Just now, the person (in India) who spoke to me told me to email web-help-sr@cisco.com to get the service contract transferred from the original purchaser to me. She also told me they work ONLY by this email address and NOT by phone at all.

So i guess i can try both methods?

I don't have access to the C1121X-8P this weekend, so can't run "set".

Question for future steps: Apparently, this model we have doesn't have any WAN or wireless hardware installed. It looks like it's simply an 8-port switch with a router that uplinks via two Ethernet 1Gb uplinks to the internet, correct?

The only configuration i will want to do, is enable ssh, create a user, and assign an IP address to a VLAN which includes all eight LAN ports. I've done this many times on other Cisco switches. Will i be able to use the same commands? Because i didn't yet find any commands in the software config guide that show how to do this.

Leo Laohoo · ‎04-05-2025

@j03y wrote:
Apparently, this model we have doesn't have any WAN or wireless hardware installed.

If it is a router, it will always have a WAN port.

j03y · ‎04-05-2025

Two questions about software versions:
1) What is the difference between regular Cisco IOS and "Cisco IOS XE"? My reading tells me that the C1121 indeed uses the "XE" version.

2) Why did you point me to:

Release IOSXE-17.15.2a ED
c1100-universalk9.17.15.02a.SPA.bin

Instead of

Release Dublin -17.12.4b (MD - maintenance deployment release)
c1100-universalk9.17.12.04b.SPA.bin

I mean, what's the difference?

Thanks,
js.

j03y · ‎04-05-2025

Leo - WOW - This worked - I just now downloaded the file. Monday I'll work to install it (via USB), then start the configuration.

This is what I did:
1) Wrote to the email address the agent gave me on the phone:

Cisco.com Contract Associations <web-help-sr@cisco.com>

2) I wrote what the phone agent told me: to transfer the contract to my Cisco ID. He replied he couldn't do that, because the companies are not the same (I did NOT think that would work, for that exact reason).

3) So I then wrote him back with exactly what *you* wrote. He responded:

As we have checked the URL and we have published the software <c1100-universalk9.17.15.02a.SPA.bin> requested.

A separate email will be sent to the email address in your profile. The software image can be retrieved using the access code that is provided by the link in the email. Please be advised that the access code is valid for only 72 hours.

Thanks and Regards,
Global Customer Experience Centers
Shift Time- 18:00 – 03:30 IST (08:00 AM – 05:00PM EST)

4) Next email he sent contained the file download link - i think logged in to my Cisco account and downloaded it.

Now i just have to confirm that it actually works

Thank you for the solution Leo!

j03y · ‎04-11-2025

The image worked, and the C1121X-8P is running and configured!

Also, I looked at a few more CVE's, and they all had the same notice - so Leo's method appears to be much more generally applicable!

Great news!

Thanks again Leo - this insight has been a game-changer.