Notes from Sun Certified Solaris 9.0 System and Network Administrator All-in-One Exam Guide:

OpenBoot

View the OpenBoot release information for your firmware, as well as the system configuration:

ok banner SPARCstation 20, Type 5 Keyboard ROM Rev. 2.4, 256 MB memory installed, Serial #456543 Ethernet address 5:2:12:c:ee:5a HostID 456543

The OpenBoot PROM monitor is based on the Forth programming language, and can be used to run Forth programs that perform the following functions:

Booting the system, by using the boot command

Performing diagnostics on hardware devices by using the diag command

Testing network connectivity by using the watch-net command

The OpenBoot monitor has two prompts from which commands can be issued: the ok prompt, and the > prompt. In order to switch from the > prompt to the ok prompt, you simply need to type n:

> n ok

Changing the Default Boot Device To boot from the default boot device (usually the primary hard drive), you would enter the following:

ok boot

However, it is also possible to boot using the CDROM by using this command:

ok boot cdrom

The system may be booted from a host on the network by using this command:

ok boot net

Alternatively, if you have a boot floppy, the following command may be used:

ok boot floppy

Because many early Solaris distributions were made on magnetic tape, it’s also possible to boot using a tape drive with the following command:

ok boot tape

Instead of specifying a different boot device each time you want to reboot, it is possible to set an environment variable within the OpenBoot monitor, so that a specific device is booted by default. For example, to set the default boot device to be the primary hard disk, you would use the following command:

ok setenv boot-device disk boot-device = disk

To verify that the boot device has been set correctly to disk, the following command can be used:

ok printenv boot-device boot-device disk

In order to reset the system, to use the new settings, you simply use the reset command:

ok reset

To set the default boot device to be the primary network device, you would use the following command:

ok setenv boot-device net boot-device = net

This configuration is commonly used for diskless clients, such as Sun Rays, which use RARP and NFS to boot across the network. To verify that the boot device has been set correctly to net, the following command can be used:

ok printenv boot-device boot-device net disk

To set the default boot device to be the primary CD-ROM device, you would use the following command:

ok setenv boot-device cdrom boot-device = cdrom

To verify that the boot device has been set correctly to cdrom, the following command can be used:

ok printenv boot-device boot-device cdrom disk

To set the default boot device to be the primary floppy drive, you would use the following command:

ok setenv boot-device floppy boot-device = floppy

To verify that the boot device has been set correctly to floppy, the following command can be used:

ok printenv boot-device boot-device floppy disk

To set the default boot device to be the primary tape drive, you would use the following command:

ok setenv boot-device tape boot-device = tape

To verify that the boot device has been set correctly to tape, the following command can be used:

ok printenv boot-device boot-device tape disk

Testing System Hardware

The test command is used to test specific hardware devices, such as the loopback network device. This device could be tested by using the following command:

ok test net Internal Loopback test - (OK) External Loopback test - (OK)

This indicates that the loopback device is operating correctly. Alternatively, the watch-clock command is used to test the clock device:

ok watch-clock Watching the 'seconds' register of the real time clock chip. It should be ticking once a second. Type any key to stop. 1 2 3 Tip Timing results can be cross-checked against a reliable timing device for accuracy.

If the system is meant to boot across the network, but a boot attempt does not succeed, it is possible to test network connectivity using the watch-net program. This determines whether or not the system’s primary network interface is able to read packets from the network it is connected to. The output from the watch-net program looks like this:

Internal Loopback test - succeeded External Loopback test - succeeded Looking for Ethernet packets. '.' is a good packet. 'X' is a bad packet. Type any key to stop ......X.........XXXX.....….XX............ In this case, a number of packets are marked as bad, even though the system has been connected successfully to the network.

In addition to the watch-net command, the OpenBoot monitor can perform a number of other diagnostic tests. For example, all of the SCSI devices attached to the system can be detected by using the probe-scsi command. The probe-scsi command displays all of the SCSI devices attached to the system. The output of probe-scsi looks like this:

ok probe-scsi Target 1 Unit 0 Disk SUN0104 Copyright (C) 1995 Sun Microsystems All rights reserved Target 1 Unit 0 Disk SUN0207 Copyright (C) 1995 Sun Microsystems All rights reserved Here, we can see that two SCSI disks have been detected. If any other disks or SCSI devices were attached to the chain, they have not been detected, indicating a misconfiguration or hardware error.

Tip If you are using a PCI system, then SCSI devices may or may not appear. Troubleshooting Booting Problems

If a system fails to start correctly in multiuser mode, it’s likely that one of the scripts being run in /etc/rc2.d is the cause. In order to prevent the system from going multiuser, it is possible to boot directly into single-user mode from the ok prompt:

ok boot –s ... INIT: SINGLE USER MODE Type Ctrl-d to proceed with normal startup, (or give root password for system maintenance):

At this point, the root password can be entered, and the user will be given a root shell. However, not all file systems will be mounted, although individual scripts can then be checked individually for misbehaving applications.

If the system will not boot into single-user mode, the solution is more complicated because the default boot device cannot be used. For example, if an invalid entry has been made in the /etc/passwd file for the root user, the system will not boot into single- or multiuser mode. To recover the installed system, the host needs to be booted from the installation CD-ROM into single-user mode. At this point, the default root file system can be mounted on a separate mount point, the /etc/passwd file edited, and the system rebooted with the default boot device. This sequence of steps is shown next, assuming that /etc is located on /dev/dsk/c0t0d0s1:

ok boot cdrom ... INIT: SINGLE USER MODE Type Ctrl-d to proceed with normal startup, (or give root password for system maintenance): # mkdir /temp # mount /dev/dsk/c0t0d0s1 /temp # vi /temp/etc/passwd # sync; init 6

STOP Commands

The STOP commands are executed on the SPARC platform by holding down the special STOP key located on the left-hand side of the keyboard, and another key that specifies the operation to be performed. The following functions are available:

STOP Enters the POST environment. STOP-A Enters the PROM monitor environment. STOP-D Performs diagnostic tests. STOP-F Enters a program in the Forth language. STOP-N Initializes the nonvolatile RAM settings to their factory defaults.

I've been trying to pick up some Cisco bits and pieces from various sources and came across this useful tidbit from CCNA: Cisco Certified Network Associate Study Guide.

As an aside formatting text is still a PITA on the web - I ended up settling on a combination of PRE and CODE - I'm sure there are fancy CSS ways of dealing with this stuff but I can't be bothered...

Anyways - Cisco stores config information in Hex codes within the routers NVRAM - by tweaking these config registers you can do some pretty low-level things. Its a little like messing with a PC Bios or OpenBoot/SRM console.

In the book Todd Lammle explains one of many handy use for Config Register Codes:

Recovering Passwords

If you're locked out of a router because you forgot the password, you can change the configuration register to help you get back on your feet. As I said earlier, bit 6 in the configuration register is used to tell the router whether to use the contents of NVRAM to load a router configuration.

The default configuration register value is 0x2102, meaning that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6. Doing this will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142.

Here are the main steps to password recovery:

Boot the router and interrupt the boot sequence by performing a break.

Change the configuration register to turn on bit 6 (with the value 0x2142).

Reload the router.

Enter privileged mode.

Copy the startup-config file to running-config.

Change the password.

Reset the configuration register to the default value.

Save the router configuration.

Reload the router.

I'm going to cover these steps in more detail in the following sections, and I'll show you the commands to restore access to 2600 and 2500 series routers.

Interrupting the Router Boot Sequence Your first step is to boot the router and perform a break. This is usually done by pressing the Ctrl+Break key combination when using HyperTerminal and while the router first reboots.

After you've performed a break, you should see something like this:

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0
C2600 platform with 32768 Kbytes of main memory
PC = 0xfff0a530, Vector = 0x500, SP = 0x80004374
monitor: command "boot" aborted due to user interrupt
rommon 1 >

Notice the line command "boot" aborted due to user interrupt. At this point, you will be at the rommon 1> prompt on some routers.

Changing the Configuration Register As I explained earlier, you can change the configuration register by using the config-register command. To turn on bit 6, use the configuration register value 0x2142.

Note Remember that if you change the configuration register to 0x2142, the startup-config will be bypassed and the router will load into setup mode. Cisco 2600 Series Commands

To change the bit value on a Cisco 2600 series router, you just enter the command at the rommon 1> prompt:

rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect

Cisco 2500 Series Commands

To change the configuration register on a 2500 series router, type o after creating a break sequence on the router. This brings up a menu of configuration register option settings. To change the configuration register, enter the command o/r, followed by the new register value. Here's an example of turning on bit 6 on a 2501 router:

System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0x1098FEC (PC)
>o
Configuration register = 0x2102 at last boot
Bit#    Configuration register option settings:
15      Diagnostic mode disabled
14      IP broadcasts do not have network numbers
13      Boot default ROM software if network boot fails
12-11   Console speed is 9600 baud
10      IP broadcasts with ones
08      Break disabled
07      OEM disabled
06      Ignore configuration disabled
03-00   Boot file is cisco2-2500 (or 'boot system' command)
>o/r 0x2142

Notice that the last entry in the router output is 03-00. This tells the router what the IOS boot file is. By default, the router will use the first file found in the flash memory, so if you want to boot a different file name, you can either change the configuration register or use the boot system ios_name command.

Note Another way to change the configuration register is to load an IOS image from a TFTP server by using the command boot system tftp ios_name ip_address from global configuration mode. Reloading the Router and Entering Privileged Mode

At this point, you need to reset the router like this:

From the 2600 series router, type reset.

From the 2500 series router, type I (for initialize).

The router will reload and ask if you want to use setup mode (because no startup-config is used). Answer No to entering setup mode, press Enter to go into user mode, and then type enable to go into privileged mode.

Viewing and Changing the Configuration Now you're past the point where you would need to enter the user-mode and privileged-mode passwords in a router. Copy the startup-config file to the running-config file:

copy startup-config running-config

or use the shortcut

copy start run

The configuration is now running in random access memory (RAM), and you're in privileged mode, meaning that you can now view and change the configuration. But you can't view the enable secret setting for the password. To change the password, do this:

config t
enable secret todd

Resetting the Configuration Register and Reloading the Router

After you're finished changing passwords, set the configuration register back to the default value with the config-register command:

config t
config-register 0x2102

Finally, save the new configuration with a copy running-config startup-config and reload the router.

Note If you save your configuration and reload the router and it comes up in setup mode, the configuration register setting is probably incorrect.