Asr1000-rommon.173-1r.spa.pkg -

If you manage Cisco ASR1000 series routers (1001, 1002, 1004, 1006, etc.), you’ve likely come across the file:
asr1000-rommon.173-1r.spa.pkg

At first glance, it looks like just another package. But this file is ROMMON (ROM Monitor) – the low-level boot firmware that initializes the hardware before the IOS-XE image loads. Upgrading it is rare but sometimes critical. asr1000-rommon.173-1r.spa.pkg

A standard reload may not be enough. On most ASR1000 chassis: If you manage Cisco ASR1000 series routers (1001,

reload location all force-download

Or power cycle the chassis entirely (turn off/on). The ROMMON version is read very early in POST. Or power cycle the chassis entirely (turn off/on)

Production routers often run for years without a ROMMON update. However, specific scenarios demand it:

| Scenario | Why Upgrade to 17.3(1r) | |----------|--------------------------| | Hardware replacement | Newer supervisor or RP modules ship with older ROMMON. Upgrade ensures feature parity. | | IOS-XE upgrade beyond 17.9 | Newer bootloaders need improved memory initialization and SHA-512 image verification. | | Security vulnerabilities | Fixes for ROM-based attacks (e.g., ROMMON-1 bypass). | | USB boot support | Later ROMMON versions fix USB enumeration and file system read/write issues. | | TPM (Trusted Platform Module) | Required for secure boot and hardware anchoring. |

Without this upgrade, you may see the following failure when booting a new IOS-XE:

%ROMMON-IMG-INVALID: Image checksum failed
%ROMMON-BOOT-FAIL: No valid boot image, falling back to rommon