on 05-28-2020 05:38 AM
CCO documentation lists out the ability to do a password recovery for eXR with a ZTP/PXE boot.
One can also perform the operation manually, like a "turboboot" for classic XR in this facinity.
this procedure will wipe out the complete system and install a fresh copy on the system exactly similar as what
one is used to from a turboboot with tftp (yuk:) download from rommon.
with this procedure one can use a remote file repository from http for instance, or still tftp, but this can also be on an inserted usb stick.
here is how to do it:
reload the system and wait for this prompt:
BIOS Ver: 09.19 Date: 11/02/2015 17:02:33 Press <DEL> or <ESC> to enter boot manager.
Select the otpion for the build in UFI shell:
iPXE> ifstat
net0: 00:a0:c9:00:00:00 using i350-b on PCI01:00.0 (closed)
[Link:up, TX:0 TXE:0 RX:0 RXE:0]
net1: 00:a0:c9:00:00:01 using i350-b on PCI01:00.1 (closed)
[Link:up, TX:0 TXE:0 RX:0 RXE:0]
net2: 00:a0:c9:00:00:02 using i350-b on PCI01:00.2 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net3: 00:a0:c9:00:00:03 using i350-b on PCI01:00.3 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net4: 00:00:00:00:00:04 using dh8900cc on PCI02:00.1 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net5: 00:00:00:00:00:05 using dh8900cc on PCI02:00.2 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net6: 04:62:73:08:57:86 using dh8900cc on PCI02:00.3 (closed)
[Link:up, TX:0 TXE:0 RX:0 RXE:0]
iPXE> set net6/ip 3.0.1.100
iPXE> set net6/netmask 255.0.0.0
iPXE> set net6/gateway 3.0.0.1
iPXE>
iPXE> ifopen net6
iPXE> ping 3.0.0.1
64 bytes from 3.0.0.1: seq=1
64 bytes from 3.0.0.1: seq=2
Finished: Operation canceled (http://ipxe.org/0b072095)
iPXE> boot http://3.0.0.1/633/ncs5500-mini-x.iso-6.3.3
http://3.0.0.1/663/ncs5500-mini-x.iso-6.3.3... ok
that is it!!
for multi RP systems it is important, like classic xr, that the standby rp is held in rommon/bios and not attempting to boot.
------
Xander Thuijs CCIE #6775
Distinguished Engineer IOS-XR ASR9000/NCS5500
1. As you mentioned in the boot statement: boot http://3.0.0.1/633/ncs5500-mini-x.iso-6.3.3 , here we have the option HTTP, wanted to confirm, can we boot the router by using TFTP?
2. In the ifstat we are getting the 7 net interfaces 0 to 6, how we can identify that on which interface we have to configure the IP address? In the above example net0, net1, and net6 status are up, however, you have selected net6.
With the modern golden ISO file sizes it is impossible to boot system with TFTP. Reason for this TFTP protocol internals - within single file transfer TFTP can transmit up to 65535 chunks. For example your TFTP server support Jumbo MTU and TFTP will be able to pack single chunk in 9000 bytes UDP packet, simple math shows that theoretical maximum here is about 560Mb. Which is about slightly less then 1/3 part of Golden ISO.
So, the answer here - use HTTP to download golden iso and boot system.
There is a trick - if you don't have access to local network with available HTTP server. Almost any modern laptop with python installed can be turned into private and static HTTP server (tested on MacOSX):
Hi azarecha,
Thank you for your updates, however in my one case I had rebooted the router by using TFTP instead of HTTP.
Below are logs,
iPXE> ifstat
net0: 00:00:01:1c:00:00 using i350-b on PCI01:00.0 (closed)
[Link:up, TX:10 TXE:0 RX:22 RXE:22]
[RXE: 22 x "The socket is not connected (http://ipxe.org/380f6093)"]
net1: 00:00:01:1c:00:00 using i350-b on PCI01:00.1 (closed)
[Link:up, TX:10 TXE:0 RX:28 RXE:28]
[RXE: 28 x "The socket is not connected (http://ipxe.org/380f6093)"]
net2: 00:a0:c9:00:00:02 using i350-b on PCI01:00.2 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net3: 00:a0:c9:00:00:03 using i350-b on PCI01:00.3 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net4: 00:00:00:00:00:04 using dh8900cc on PCI02:00.1 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net5: 00:00:00:00:00:05 using dh8900cc on PCI02:00.2 (closed)
[Link:down, TX:0 TXE:0 RX:0 RXE:0]
[Link status: Down (http://ipxe.org/38086193)]
net6: 5c:5a:c7:11:68:62 using dh8900cc on PCI02:00.3 (open)
[Link:up, TX:10 TXE:0 RX:260 RXE:151]
[RXE: 107 x "Operation not supported (http://ipxe.org/3c086083)"]
[RXE: 38 x "Error 0x440e6083 (http://ipxe.org/440e6083)"]
[RXE: 6 x "The socket is not connected (http://ipxe.org/380f6093)"]
iPXE> set net6/ip 10.7.7.48
iPXE> set net6/netmask 255.255.255.0
iPXE> set net6/gateway 10.7.7.1
iPXE> boot tftp://10.7.8.76/ncs5500-mini-x-6.5.3.iso
tftp://10.7.8.76/ncs5500-mini-x-6.5.3.iso... 0% 0% 1% 1% 2% 2% 2% 3% 3% 4% 4% 5% 5% 5% 6% 6% 7% 7% 8% 8% 8% 9% 9% 10% 10% 10% 11% 11% 12% 12% 13% 13% 13% 14% 14% 15% 15% 16% 16% 16% 17% 17% 18% 18% 18% 19% 19% 20% 20% 20% 21% 21% 21% 22% 22% 23% 23% 23% 24% 24% 25% 25% 26% 26% 26% 27% 27% 28% 28% 28% 29% 29% 30% 30% 30% 31% 31% 32% 32% 33% 33% 33% 34% 34% 35% 35% 35% 36% 36% 37% 37% 38% 38% 38% 39% 39% 40% 40% 41% 41% 41% 42% 42% 43% 43% 43% 44% 44% 44% 44% 45% 45% 46% 46% 46% 46% 47% 47% 47% 48% 48% 48% 49% 49% 50% 50% 50% 51% 51% 52% 52% 52% 53% 53% 54% 54% 55% 55% 55% 56% 56% 57% 57% 58% 58% 58% 59% 59% 60% 60% 61% 61% 61% 62% 62% 63% 63% 63% 64% 64% 65% 65% 66% 66% 66% 67% 67% 68% 68% 68% 69% 69% 70% 70% 71% 71% 71% 72% 72% 73% 73% 73% 74% 74% 75% 75% 76% 76% 76% 77% 77% 78% 78% 79% 79% 79% 80% 80% 81% 81% 81% 82% 82% 83% 83% 84% 84% 84% 85% 85% 86% 86% 87% 87% 87% 88% 88% 89% 89% 90% 90% 90% 91% 91% 92% 92% 92% 93% 93% 94% 94% 95% 95% 95% 96% 96% 97% 97% 98% 98% 98% 99% 99% ok
Memory required for image[ncs5500-mini-x-6.5.3.iso]: 1417299968, available: 2079309824
Image verified sucessfully. Booting...
Booting iso-image@0x5eb85b000(1417299968), bzImage@0x5eb897000(6114366)
**** PASS: secure boot verification of image: bzImage****
[ 0.594564] Allocating netns hash table
Expanding ISO image
User Access Verification
Username: root
Password:
RP/0/RP1/CPU0:ios#sh ver
Wed May 13 08:19:36.253 UTC
Cisco IOS XR Software, Version 6.5.3
Hi pradeshi,
Can you please share which TFTPd protocol server was used here? I'm aware only about two TFTPd servers allowing to serve the chunks greater available MTU:
Regards,
Andrii
Hi Andrii,
tftp-hpa 5.2, with remap, with tcpwrappers running on Ubuntu 16.04.6 LTS was used.
Regards,
Pradeep Shinde
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: