One such file you will encounter when managing the ASR 1000 Series (including ASR1001-X, ASR1002-X, ASR1004, ASR1006, and ASR1009) is:
| Symptom | Likely Cause | Remediation | |---------|--------------|--------------| | Router stuck at rommon 1 > | Missing or corrupt IOS XE package | Use tftpdnld to reinstall asr1000‑rommon.173‑1r.spa.pkg | | %PKG-4-PKG_UNTRUSTED warning | Signature verification failed | Re-download from official Cisco source; check hardware tampering | | Boot loop after upgrade | Incompatible ROMmon ↔ IOS XE version | Rollback to previous ROMmon via ROMMON variable BOOT | asr1000-rommon.173-1r.spa.pkg
Older ROMmon versions have known vulnerabilities. For example, a compromised ROMMON could allow an attacker to interrupt boot and load malicious code. Cisco often releases ROMmon updates to patch boot-time vulnerabilities (e.g., Cisco PSIRT advisory cisco-sa-rommon-privesc). One such file you will encounter when managing
On the ASR 1000, the boot process differs from traditional monolithic routers. The spa.pkg file contains the ROMmon image that resides on the embedded flash of the Route Processor (RP) or Embedded Services Processor (ESP). Its functions include: On the ASR 1000, the boot process differs
Use the following command to upgrade a specific processor (e.g., RP0):
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.