Asr1000-rommon.173-1r.spa.pkg Upd Jun 2026
| Scenario | Why Upgrade to 17.3(1r) | |----------|--------------------------| | | Newer supervisor or RP modules ship with older ROMMON. Upgrade ensures feature parity. | | IOS-XE upgrade beyond 17.9 | Newer bootloaders need improved memory initialization and SHA-512 image verification. | | Security vulnerabilities | Fixes for ROM-based attacks (e.g., ROMMON-1 bypass). | | USB boot support | Later ROMMON versions fix USB enumeration and file system read/write issues. | | TPM (Trusted Platform Module) | Required for secure boot and hardware anchoring. |
This procedure uses the option to upgrade all components (RP, ESP, SIPs), which is recommended. Step 1: Upgrade the ROMMON Execute the following command in privileged EXEC mode:
On a live ASR1000, run:
Apply the upgrade to all components or a specific slot. It is generally recommended to upgrade all components collectively. : asr1000-rommon.173-1r.spa.pkg
If you manage a Cisco ASR 1000 Series router, you are likely familiar with the routine of upgrading IOS-XE. However, nestled within the directory listing of your bootflash or inside a software bundle, you may have stumbled across a file with a name like asr1000-rommon.173-1r.spa.pkg .
Note: Do not power cycle or interrupt the router during this operation. The process takes several minutes to write the image to the ROMMON clean flash chip. Step 4: Activating the New ROMMON
Without this upgrade, you may see the following failure when booting a new IOS-XE: | Scenario | Why Upgrade to 17
The asr1000-rommon.173-1r.spa.pkg updates the code. It does not update the FPGA bitstreams on the SIP (Shared Port Adapter) or ESP cards. Those are usually handled by other .pkg or .bin files found in the main IOS-XE bundle.
In this post, we will dissect the asr1000-rommon.173-1r.spa.pkg file, explain what it does, why version 17.3.1r matters, and how to handle it safely.
Use the following command to check your current ROMMON version: show rom-monitor | | Security vulnerabilities | Fixes for ROM-based
This writes the new ROMMON to the protected ROMMON storage region.
After the upgrade completes, the new ROMMON version will not be active until the router is reloaded.