Understanding Configuration Registers

When it comes time to troubleshoot or initiate password recovery procedures on a router, one element that you’ll definitely need to be familiar with is the software configuration register. The configuration register is a 16-bit number, represented in hexadecimal, which controls everything from the way in which a router boots to whether or not it will process the contents of the startup configuration file. By default, the configuration register on a router is set to a value of 0x2102. The “0x” portion represents the value as hexadecimal, while the “2102” portion is the hexadecimal representation of the 16-bit value.

In order to appreciate what the configuration register value does, you’ll need to know a little more about how the number is defined. The configuration register is made up of 16 bits, numbered 15 through 0 moving from left to right, as shown below. Recall that each hexadecimal digit is made up of 4 bits. The figure below shows the default configuration register, 0x2102, represented in hexadecimal and binary, with the associated bit numbers labeled.

Figure: Configuration register values in hexadecimal and binary, including bit numbers.

Each bit, or group of bits, provides special instructions that control certain properties of the router. For example, bits 0 through 3 control how the router boots. By manipulating these values, you can configure the router to boot from Flash, ROM, or into ROM Monitor mode. Bit 6 controls whether or not the startup-config file is processed when the router boots. As you’ll see later in the chapter, this bit serves an important purpose if you’ve forgotten (or don’t know) the enable secret password.

The list below outlines the purpose of the bits in the configuration register. Changing some of these values is much more common than others – I will show some examples shortly. For now, it’s important to understand the purpose of each bit. Remember that a bit can have only two possible values – 0 or 1. “Setting” a bit involves making its value 1 rather than 0. The list below describes what happens when individual bits are changed. Hexadecimal values will be looked at shortly.

0 through 3 These four bits form what is known as the boot field. Depending on their value, they tell the router boot using the commands found in the startup configuration file, or into the boot image or ROM Monitor

6 This bit is used to control whether or not the startup-configuration file stored in NVRAM should be ignored when the router boots.

7 This bit is used for OEM testing.

8 This bit controls whether the break sequence is enabled or disabled.

10 When this bit is set, the IP broadcast address uses all 0s instead of all 1s.

11-12 These two bits control the speed of console connections. Recall that the default console speed in 9600 bps.

13 Bit 13 is used to control whether the router will boot from ROM (the boot image) if a network boot fails.

14 When this bit is set, IP broadcasts do not include network numbers.

15 When bit 15 is set, the router displays diagnostic messages, and the startup configuration file stored in NVRAM is ignored.

I’m the first to admit that looking at configuration register settings can be a little confusing, so let’s take a closer look. The best place to start is with the default configuration register value of 0x2102.

Take a look at the boot field alone (bits 0 through 3), as shown in the figure below. Since the field is made up of 4 bits, it can hold any hexadecimal value from 0 to F. Remember how hexadecimal values are converted – each group of 4 binary digits is converted to a single hex digit. For example, if the bits are set to 1010, that equals 10 in decimal, or A in hex. If you’ve forgotten how to convert binary to decimal, recall that 1010 is the equivalent to saying 8+0+2+0, which equals 10. In hex, the letter A represents the number 10.

Figure: Bits 0 through 3 form the boot field of the configuration register.

Bits 0 through 3 form the last hex digit of a configuration register, as shown in the figure above. The value found in this hex digit controls where the router will boot from. The list below outlines the values associated with booting from different locations.

0 When the boot field is set to a hex value of 0, the router will boot into ROM Monitor mode. An example would be a configuration register of 0x2100.

1 When the boot field is set to a hex value of 1, the router will boot using the boot image stored in ROM (RxBoot). An example would be a configuration register of 0x2101.

2-F When the boot field is set to any value between 2 and F, the router will boot using the boot system commands found in the startup configuration file stored in NVRAM.

Examples would be a configuration register of 0x2102, 0x2108, 0x210F, and so forth.
The next important bit to consider is bit number 6, as shown in the figure below. Bit 6 controls whether or not the router will ignore the contents of the startup configuration file stored in NVRAM during the boot process. By default, bit 6 is not set, meaning that the router will indeed process the contents of NVRAM.

Figure: When bit 6 is set to binary 1 the contents of NVRAM are not processed.

In the figure above you also see the change that takes place in the configuration register value when bit 6 is set. This changes the configuration register value to 0x2142, which tells the router to ignore the contents of NVRAM when booting. If you do this, the router won’t have a startup configuration, and you’ll be presented with the System Configuration Dialog that we looked at in Chapter 6. By ignoring the startup configuration file, you then have the opportunity to set a new router password. We’ll walk through the procedure a little later in the chapter.

Going back to the default configuration register of 0x2102, take a look at bit 8, as shown in the figure below. Bit 8 is used to control whether the break sequence for a router is enabled or disabled while the router is running. By default, the break sequence is disabled, because that bit 8 is set to binary 1. What that means is that you cannot issue the break command during normal router operation. Recall that the break sequence is used to enter ROM Monitor mode.

Figure: When bit 8 is set to binary 1 the break command is disabled.

Although the break sequence is turned off by default, this still doesn’t stop you from entering the break sequence when a router is rebooting. As a general rule, you have anywhere between the first 15 and 60 seconds of a reload to issue the break command and enter ROM Monitor mode. Bit 8 only controls whether the break sequence can be entered during normal router operation. If the configuration register were set to 0x2002, the break command could be issued from the console at any time.

Bits 11 and 12 are used to control the console port line speed.

The last critical bit to be familiar with is bit number 13, as shown in the figure below. When bit 13 is set, a router will boot into the image stored in ROM (RxBoot) after netboot fails. Recall that when boot system commands are not stored in a router’s startup configuration file, the router will first try booting from Flash, then a TFTP server, and finally the boot image stored in ROM. If bit 13 is set to 0, the router will continue to attempt to load a configuration file from a TFTP server indefinitely.

Figure: When bit 13 is set to binary 1 a router will attempt to boot from ROM if an image cannot be located on a TFTP server.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.