Monday, January 9, 2017

Password Recovery on a Cisco 3650 Catalyst Switch

I had to reconfigure some used Cisco 3650 switches from a previous deployment but wasn't able to login using known passwords so I had to perform a password recovery. I've been doing password recovery on Cisco 3560 switch which is identical on other switch platforms, but the password recovery for a Cisco 3650 is a bit different. The CONSOLE port is found at the back and it's the top most port (look at LED arrow pointing upward).


The MODE button is found in front and it's a small black button beside the Cisco logo.


Booting...Initializing RAM +++++++@@@@@@@@...++++++++++++++++++++++++++++++++@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@done.
Memory Test Pass!

Base ethernet MAC Address: f4:4e:05:57:f1:23

Interface GE 0 link down***ERROR: PHY link is down      // WAIT FOR SYST AND ACTV LED TO BECOME AMBER BEFORE RELEASING MODE BUTTON

The system has been interrupted prior to initializing some
filesystems and loading the operating system software.
Console will be reset to 9600 baud rate, need to change terminal setting first.
The following commands will initialize the remaining filesystems,
and finish loading the operating system software:

    flash_init
    boot

switch: flash_init
Initializing Flash...

flashfs[7]: 0 files, 1 directories
flashfs[7]: 0 orphaned files, 0 orphaned directories
flashfs[7]: Total bytes: 6784000
flashfs[7]: Bytes used: 1024
flashfs[7]: Bytes available: 6782976
flashfs[7]: flashfs fsck took 2 seconds....done Initializing Flash.

switch: SWITCH_IGNORE_STARTUP_CFG=1     // BYPASS STARTUP-CONFIG IN NVRAM

switch: boot flash:packages.conf
Getting rest of image
Reading full image into memory....done
Reading full base package into memory...: done = 79121160
Nova Bundle Image
--------------------------------------
Kernel Address    : 0x6042f350
Kernel Size       : 0x402ecf/4206287
Initramfs Address : 0x60832220
Initramfs Size    : 0xdb98e6/14391526
Compression Format: .mzip

Bootable image at @ ram:0x6042f350
Bootable image segment 0 address range [0x81100000, 0x82110000] is in range [0x80180000, 0x90000000].
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@boot_system: 377
Loading Linux kernel with entry point 0x81653a10 ...Bootloader: Done loading app on core_mask: 0xf

### Launching Linux Kernel (flags = 0x5)

All packages are Digitally Signed
Starting System Services

Dec 8 02:21:06 %PLATFORM_MGR-1-PLATMGR_INIT_FAIL: Platform Manager: Failed to set system LEDs after POST.

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.03SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sun 27-Apr-14 18:33 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


FIPS: Flash Key Check : Begin
FIPS: Flash Key Check : End, Not Found,FIPS Mode Not Enabled

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3650-24PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1837EABC
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
257008K bytes of Crash Files at crashinfo:.
1550272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of  at webui:.

Base Ethernet MAC Address          : f4:4e:05:57:f1:823
Motherboard Assembly Number        : 73-15128-05
Motherboard Serial Number          : FDO18370DEF
Model Revision Number              : D0
Motherboard Revision Number        : A0
Model Number                       : WS-C3650-24PS
System Serial Number               : FDO1837EABC


         --- System Configuration Dialog ---

Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no


Press RETURN to get started!


*Dec  8 02:22:12.388: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Dec  8 02:22:14.285: Registering wireless registries required for roaming

*Dec  8 02:22:14.617: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
*Dec  8 02:22:14.617: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Dec  8 02:22:14.619: %NGWC_PLATFORM_FEP-6-FRU_PS_OIR: Switch 1: FRU power supply A inserted
*Dec  8 02:21:32.078: *%INIT-7-SWITCH_BOOTING: 1 wcm:  Switch booting...
*Dec  8 02:22:15.618: %LINEPROT% Generating 1024 bit RSA keys, keys will be non-exportable...O-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Dec  8 02:22:15.618: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Dec  8 02:22:16.507: %MGMTINFRA-3-CFG_PUSH: 1 eicored:  Config push failed.please check wcm provider.
*Dec  8 02:22:16.507: %MGMTINFRA-3-CFG_PUSH: 1 eicored:  Config push failed (rc=10000) for (wcm) on attributes [{ schedulerEnabled@1 : 10000, rtTimeout@1 : 10000, frameBurst@1 : 10000 }, { schedulerEnabled@1 : 10000, rtTimeout@
[OK] (elapsed time was 1 seconds)
1 : 10000, frameBurst@1 : 10000 }]
*Dec  8 02:22:16.893: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Dec  8 02:22:22.669: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuration is ignored based on the configuration register setting.
*Dec  8 02:22:26.454: %STACKMGR-6-ACTIVE_READY: 1 stack-mgr:  Active switch 1 is ready. System has been configured

*Dec  8 02:22:26.656: %SYS-5-RESTART: System restarted --
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.03SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sun 27-Apr-14 18:33 by prod_rel_team
*Dec  8 02:22:26.681: %AUTHMGR_SPI-6-START: Auth Manager SPI server started
*Dec  8 02:22:29.100: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Dec  8 02:22:33.460: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Dec  8 02:22:33.511: %PKI-6-AUTOSAVE: Running configuration saved to NVRAM
Switch>enable
Switch#copy startup-config running-config      // LOAD THE START-UP CONFIG FROM NVRAM
Destination filename [running-config]?
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
*Dec  8 04:12:14.228: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Dec  8 04:12:14.271: %PKI-4-NOAUTOSAVE: Configuration was modified.  Issue "write memory" to save new certificate
*Dec  8 04:12:20.062: %AAAA-4-NOSERVER: Warning: Server 89.1.2.8 is not defined.
*Dec  8 04:12:20.063: %AAAA-4-NOSERVER: Warning: Server 66.5.3.8 is not defined.
*Dec  8 04:12:20.063: %AAAA-4-NOSERVER: Warning: Server 66.1.3.9 is not defined.
 Warning: The cli will be deprecated soon
 'tacacs-server host 89.1.2.8'       // STARTUP-CONFIG HAS TACACS CONFIGURED
 Please move to 'tacacs server <name>' CLI
 Warning: The cli will be deprecated soon
 'tacacs-server host 66.5.3.9'
 Please move to 'tacacs server <name>' CLI
 Warning: The cli will be deprecated soon
 'tacacs-server host 66.5.3.8'
 Please move to 'tacacs server <name>' CLI
9523 bytes copied in 10.430 secs (913 bytes/sec)
sw02#     // THE HOSTNAME WAS ALSO LOADED
*Dec  8 04:12:20.096: % Multiple self signed certificates in config
    certificate for trust point TP-self-signed-1212499775 ignored
*Dec  8 04:12:20.382: %PKI-4-NOAUTOSAVE: Configuration was modified.  Issue "write memory" to save new certificate        // SAVE AFTER YOU RE-CONFIGURE THE NEW PASSWORDS, ISSUE THE reload COMMAND AND HOLD THE MODE BUTTON AGAIN
sw02#
sw02#delete vlan.dat        // AT THIS POINT YOU CAN EITHER RE-CONFIGURE THE ENABLE, LOCAL USERNAME AND VTY PASSWORDS OR COMPLETELY WIPE OUT THE SWITCH USING THE delete vlan.dat AND write erase COMMANDS (then do a reload).
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
sw02#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
sw02#reload     // HOLD THE MODE BUTTON AGAIN
*Dec  8 04:17:00.314: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

System configuration has been modified. Save? [yes/no]: no     // TYPE yes IF YOU RE-CONFIGURED PASSWORDS; TYPE no IF YOU WANT A CLEAN CONFIG
Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]
*Dec  8 04:18:11.797: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.
*Dec  8 04:18:12.499: %STACKMGR-1-RELOAD_REQUEST: 1 stack-mgr:  Received reload request for all switches, reason Reload command
*Dec  8 04:18:12.500: %STACKMGR-1-RELOAD: 1 stack-mgr:  Reloading due to reason Reload command
*Dec  8 04:18:13.001: %IOSXE-3-PLATFORM: 1 process sysmgr: Reset/Reload requested by [stack-manager].
<Thu Dec  8 04:18:13 2016> Message from sysmgr: Reason Code:[3] Reset Reason:Reset/Reload requested by [stack-manager]. [Reload command]
umount: /proc/fs/nfsd: not mounted
Unmounting ng3k filesystems...
Unmounted /dev/sda3...
Warning! - some ng3k filesystems may not have unmounted cleanly...
Please stand by while rebooting the system...
Restarting system.


<OUTPUT TRUNCATED>


Booting...Initializing RAM +++++++@@@@@@@@...++++++++++++++++++++++++++++++++
Base ethernet MAC Address: f4:4e:05:51:a9:80

Interface GE 0 link down***ERROR: PHY link is down     // WAIT FOR SYST AND ACTV LED TO BECOME AMBER BEFORE RELEASING MODE BUTTON
The system has been interrupted prior to initializing some
filesystems and loading the operating system software.
Console will be reset to 9600 baud rate, need to change terminal setting first.
The following commands will initialize the remaining filesystems,
and finish loading the operating system software:

    flash_init      // SKIP THE flash_init and boot COMMANDS
    boot

switch: SWITCH_IGNORE_STARTUP_CFG=0      // INSTRUCTS THE SWITCH TO READ/LOAD THE STARTUP-CONFIG

switch: boot flash:packages.conf
Getting rest of image
Reading full image into memory....done
Reading full base package into memory...: done = 79121160
Nova Bundle Image
--------------------------------------
Kernel Address    : 0x6042d350
Kernel Size       : 0x402ecf/4206287
Initramfs Address : 0x60830220
Initramfs Size    : 0xdb98e6/14391526
Compression Format: .mzip

Bootable image at @ ram:0x6042d350
Bootable image segment 0 address range [0x81100000, 0x82110000] is in range [0x80180000, 0x90000000].
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@boot_system: 377
Loading Linux kernel with entry point 0x81653a10 ...
Bootloader: Done loading app on core_mask: 0xf

### Launching Linux Kernel (flags = 0x5)

All packages are Digitally Signed
Starting System Services

Dec 8 04:22:53 %PLATFORM_MGR-1-PLATMGR_INIT_FAIL: Platform Manager: Failed to set system LEDs after POST.

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.03SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sun 27-Apr-14 18:33 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


FIPS: Flash Key Check : Begin
FIPS: Flash Key Check : End, Not Found,FIPS Mode Not Enabled

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3650-24PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1837EABC
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
257008K bytes of Crash Files at crashinfo:.
1550272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of  at webui:.

Base Ethernet MAC Address          : f4:4e:05:51:a1:23
Motherboard Assembly Number        : 73-15128-05
Motherboard Serial Number          : FDO18370DEF
Model Revision Number              : D0
Motherboard Revision Number        : A0
Model Number                       : WS-C3650-24PS
System Serial Number               : FDO1837EABC



         --- System Configuration Dialog ---

Enable secret warning
----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable secret
If you choose not to enter the intial configuration dialog, or if you exit setup without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]:


Press RETURN to get started!


Switch>enable
Switch#configure terminal
Switch(config)#no manual ?     // no manual boot COMMAND IS UNAVAILABLE
% Unrecognized command
Switch(config)#no m?    
mab       mac     macro    map-class
map-list  memory  monitor 

Switch(config)#end
Switch#no m?


I chose to completely wipe out the switch, re-configure it and tested again by rebooting and the startup-config stored in NVRAM remained intact.

Sunday, January 1, 2017

Installing PVDM4-64 and NIM-2FXS on a Cisco 4331 Router

I went to the Land of Smiles, Bangkok Thailand, the second time around and was hired to setup an office IT network that uses a Cisco 4331 router. I took a side trip after it was done and visited Wat Pho, which is one of the many Buddhist temples in Bangkok. This temple is known as the birthplace of the traditional Thai massage and it houses a huge reclining Buddha. Thai cuisine is amazingly good! I had Phat Thai (or Pad Thai), which is their famous stir-fried rice noodles, and Green Chicken Curry.





The Cisco 4331 is Cisco's latest ISR router in the 4000 series. The 4000 series routers are said to be 4-10 times faster (and cheaper) compared to the ISR G2 series routers. Here's the initial bootup process and startup-config. It now uses the IOS-XE which is Cisco classic IOS that runs on a Linux platform. There's also no need to issue a write erase and reload commands just to remove the default configurations such as the one-time username "cisco", ip http access-class 23 (used for HTTP/CCP) and transport input none (used on VTY lines), which locked me out of a router a few times.


Initializing Hardware ...

System integrity status: 00000610

Rom image verified correctly


System Bootstrap, Version 15.4(3r)S5, RELEASE SOFTWARE
Copyright (c) 1994-2015  by cisco Systems, Inc.

Current image running: Boot ROM0

Last reset cause: PowerOn

Cisco ISR4331/K9 platform with 4194304 Kbytes of main memory


no valid BOOT image found

Final autoboot attempt from default boot device...

Warning: filesystem is not clean

Warning: filesystem is not clean

File size is 0x1c0cd400

Located isr4300-universalk9.03.16.02.S.155-3.S2-ext.SPA.bin

Image size 470602752 inode num 12, bks cnt 114894 blk size 8*512

###############################################################################

Boot image size = 470602752 (0x1c0cd400) bytes

Package header rev 1 structure detected

Calculating SHA-1 hash...done

validate_package: SHA-1 hash:

    calculated 964c232a:7ae904ce:2722d662:5a878b27:c84ad6da

    expected   964c232a:7ae904ce:2722d662:5a878b27:c84ad6da

RSA Signed RELEASE Image Signature Verification Successful.
Package Load Test Latency : 8547 msec
Image validated
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 1 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 5 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 6 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 7 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 8 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 9 contained errors which were auto-corrected.
%IOSXEBOOT-4-FILESYS_ERRORS_CORRECTED: (rp/0): bootflash 10 contained errors which were auto-corrected.
%IOSXEBOOT-4-BOOT_SRC: (rp/0): mounting /boot/super.iso to /tmp/sw/isos

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706


Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 11-Feb-16 08:58 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

% failed to initialize nvram

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco ISR4331/K9 (1RU) processor with 1655569K/6147K bytes of memory.
Processor board ID FDO2012A123
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3223551K bytes of flash memory at bootflash:.

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no


Press RETURN to get started!


*Nov 29 05:16:16.090: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is initialized
*Nov 29 05:16:17.867: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = esg Next reboot level = ipbasek9 and License = ipbasek9
*Nov 29 05:16:19.041: %ISR_THROUGHPUT-6-LEVEL: Throughput level has been set to 100000 kbps
*Nov 29 05:16:20.019: %IOSXE_RP_NV-3-NV_ACCESS_FAIL: Initial read of NVRAM contents failed
*Nov 29 05:16:23.500: dev_pluggable_optics_selftest attribute table internally inconsistent @ 0x125
*Nov 29 05:16:27.288: %SPANTREE-5-EXTENDED_SYSID:
Router>Extended SysId enabled for type vlan
*Nov 29 05:16:28.261: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Nov 29 05:16:28.262: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Nov 29 05:16:28.262: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Nov 29 05:16:28.270: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Nov 29 05:16:29.596: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Nov 29 05:16:29.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Nov 29 05:16:29.648: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Nov 29 05:16:29.648: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Nov 29 05:16:29.648: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Nov 29 05:16:29.648: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Nov 29 05:16:21.218: %CMLIB-6-THROUGHPUT_VALUE: SIP1: cmand:  Throughput license found, throughput set to 100000 kbps
*Nov 29 05:16:30.959: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Nov 29 05:16:30.959: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Nov 29 05:16:30.963: %SPA_OIR-6-OFFLINECARD: SPA (ISR4331-3x1GE) offline in subslot 0/0
*Nov 29 05:16:30.964: %SPA_OIR-6-OFFLINECARD: SPA (NIM-2FXS) offline in subslot 0/1
*Nov 29 05:16:30.968: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Nov 29 05:16:30.968: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Nov 29 05:16:30.969: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Nov 29 05:16:30.969: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Nov 29 05:16:30.973: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 1
*Nov 29 05:16:31.003: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Nov 29 05:16:31.007: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/1
*Nov 29 05:16:31.043: %SPA-3-ENVMON_NOT_MONITORED: SIP1: iomd:  Environmental monitoring is not enabled for ISR4331-3x1GE[0/0]
*Nov 29 05:16:36.423: %SPA_OIR-6-ONLINECARD: SPA (ISR4331-3x1GE) online in subslot 0/0
*Nov 29 05:16:38.370: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Nov 29 05:16:38.415: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Nov 29 05:16:38.419: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/2, changed state to down
*Nov 29 05:17:00.882: new extended attributes received from iomd(slot 0 bay 1 board 0)
*Nov 29 05:17:01.371: %SPA_OIR-6-ONLINECARD: SPA (NIM-2FXS) online in subslot 0/1
*Nov 29 05:17:01.372: %IOSXE_OIR-6-SOFT_RELOADSPA: SPA(NIM-2FXS) reloaded on subslot 0/1
*Nov 29 05:17:01.373: %SPA_OIR-6-OFFLINECARD: SPA (NIM-2FXS) offline in subslot 0/1
*Nov 29 05:17:35.853: %SPA_OIR-6-ONLINECARD: SPA (NIM-2FXS) online in subslot 0/1
*Nov 29 05:17:39.700: %LINK-3-UPDOWN: Interface Service-Engine0/1/0, changed state to up
*Nov 29 05:17:40.700: %LINEPROTO-5-UPDOWN: Line protocol on Interface Service-Engine0/1/0, changed state to up
*Nov 29 05:23:13.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to administratively down
*Nov 29 05:23:13.896: %LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to administratively down
*Nov 29 05:23:13.896: %LINK-5-CHANGED: Interface GigabitEthernet0/0/2, changed state to administratively down
*Nov 29 05:23:13.897: %LINK-5-CHANGED: Interface GigabitEthernet0, changed state to administratively down
*Nov 29 05:23:13.933: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
*Nov 29 05:23:20.117: %SYS-5-RESTART: System restarted --
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 11-Feb-16 08:58 by mcpre
Router>enable
Router#
Router#show version
Cisco IOS XE Software, Version 03.16.02.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Thu 11-Feb-16 08:58 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2016 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON

Router uptime is 7 minutes
Uptime for this control processor is 8 minutes
System returned to ROM by reload at 03:53:06 UTC Thu Mar 24 2016
System image file is "bootflash:/isr4300-universalk9.03.16.02.S.155-3.S2-ext.SPA.bin"
Last reload reason: PowerOn


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

     
Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite                 Suite Current         Type           Suite Next reboot   
--------------------------------------------------------------------------------
FoundationSuiteK9     None                  None           None                
securityk9
appxk9
AdvUCSuiteK9          None                  None           None                
uck9
cme-srst
cube


Technology Package License Information:

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
 Current         Type           Next reboot
------------------------------------------------------------------
appxk9           None             None             None
uck9             None             None             None
securityk9       None             None             None
ipbase           ipbasek9         Permanent        ipbasek9

cisco ISR4331/K9 (1RU) processor with 1655569K/6147K bytes of memory.
Processor board ID FDO2012A123
3 Gigabit Ethernet interfaces
2 Voice FXS interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3223551K bytes of flash memory at bootflash:.

Configuration register is 0x2102


Router#show run
Building configuration...


Current configuration : 1293 bytes
!
! Last configuration change at 05:23:22 UTC Tue Nov 29 2016
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4331/K9 sn FDO20090ABC
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface Service-Engine0/1/0
 no ip address
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
!
!
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
 line aux 0
 stopbits 1
line vty 0 4
 login
!
!
end


These are the pictures of the front and back panels.



There's a dedicated out-of-band management port GE0 in front. It uses the default forwarding VRF Mgmt-intf, that can't be changed.


The serial number pull-out label is found at the back which is a bit long and foldable.


The Cisco 4000 uses a fourth generation Network Interface Module (NIM) cards, which is long and NOT supported on ISR G2 routers (such as 2900 and 3900). Below is a NIM-2FXS card that I've installed.


To install a PVDM4-64 module, you'll need to remove 6 small screws: 4 on top and 2 on the sides.



The Cisco 4331 router has only 1 PVDM slot which is found between the 3 heat sinks on the left of the picture.



Router#show inventory
NAME: "Chassis", DESCR: "Cisco ISR4331 Chassis"
PID: ISR4331/K9        , VID: V02, SN: FDO2012AABC

NAME: "Power Supply Module 0", DESCR: "250W AC Power Supply for Cisco ISR 4330"
PID: PWR-4330-AC       , VID: V01, SN: DCA19501DEF

NAME: "Fan Tray", DESCR: "Cisco ISR4330 Fan Assembly"
PID: ACS-4330-FANASSY  , VID:    , SN:           

NAME: "module 0", DESCR: "Cisco ISR4331 Built-In NIM controller"
PID: ISR4331/K9        , VID:    , SN:           

NAME: "NIM subslot 0/1", DESCR: "NIM-2FXS Voice Analog Module"
PID: NIM-2FXS          , VID: V01, SN: FOC19494GHI
  

NAME: "PVDM subslot 0/4", DESCR: "PVDM4-64 Voice DSP Module"
PID: PVDM4-64          , VID: V02, SN: FOC20028JKL
 

NAME: "NIM subslot 0/0", DESCR: "Front Panel 3 ports Gigabitethernet Module"
PID: ISR4331-3x1GE     , VID: V01, SN: JAB09270MNO

NAME: "module 1", DESCR: "Cisco ISR4331 Built-In SM controller"
PID: ISR4331/K9        , VID:    , SN:           
         
NAME: "module R0", DESCR: "Cisco ISR4331 Route Processor"
PID: ISR4331/K9        , VID: V02, SN: FDO20090PQR

NAME: "module F0", DESCR: "Cisco ISR4331 Forwarding Processor"
PID: ISR4331/K9        , VID:    , SN: