CCNA Study Guide Chapter 10 Summary

Chapter 10 began with a look at the boot process of a Cisco router, including an overview of the different environments into which a Cisco router can be booted – ROM Monitor mode, the boot image stored in ROM, or a normal IOS image stored in Flash memory or on a TFTP server. The break sequences to access ROM Monitor mode for different applications were also discussed, as were the boot system commands that can be added to a router’s startup configuration file to control the startup environment.

This was followed by a look at a router’s configuration register value, and the impact that this value has on how a router behaves during the boot process. A variety of different elements were looked at in this section, including how to enable or disable the break sequence, bypass the startup configuration file and, most importantly, the values associated with the boot field.

The act of changing a router’s configuration register was looked at next. This included a look at the commands to change the register value from the regular IOS image, as well as from ROM Monitor mode, on both Cisco 2500 and 2600 routers. While both routers accomplish the same goal in two steps, the commands used in ROM Monitor mode are different.

The chapter ended with a look at troubleshooting, both for the purpose of password recovery and restoring a missing or corrupted IOS image. The configuration registers played a key role in both processes, allowing the startup configuration file to be bypassed in the case of changing a password, while the boot image was used to download a new IOS image from a TFTP server.

Restoring a Missing or Corrupt IOS Image

There may also come a time where you router doesn’t have a valid IOS image in Flash memory – perhaps because you have accidentally erased Flash, upgraded your router’s Flash memory, or the image contained in Flash has become corrupted. This leaves you with a couple of options, one of which is to use ROM Monitor mode to download a new IOS image to the router over its console port. Unfortunately, at a speed of 9600 bps, this will take a fairly long time. A more common way to restore an IOS image to Flash is to use the boot image (RxBoot) to download a new image to the router from a TFTP server.

This means that you’ll need a properly configured TFTP server that contains a valid IOS file to begin with. The next step involves booting the router into the boot image, which may mean that you will need to first change the router’s configuration register via ROM Monitor mode. After booting into the boot image, you can then download an IOS image to your router via TFTP.

For the purpose of this illustration, we’ll assume that our router is a Cisco 2500. Our goal is to install a new IOS image on a system that currently has no IOS image in Flash. We’ll start by accessing ROM Monitor mode to change the router’s configuration register. Recall that the configuration register value to boot the system from the boot image in ROM ends with the hex digit 1. As such, we’ll change the register to 0x2101.

19:44:26: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory
Abort at 0x10EA880 (PC)
>o/r 0x2101
>i

After issuing the i command, the router will reset and boot from the boot image, as specified by the new configuration register value. Once it finishes booting, you should find yourself at the Router(boot)> prompt.

The first step is entering enable mode. Although the router doesn’t have a valid IOS image in Flash, it may still have a valid startup configuration file in NVRAM. As such, you may still be prompted for a password. To avoid the startup configuration file as well, you would need to set the configuration register to 0x2141.

It is also worth testing whether or not the router can ping the TFTP server you intend to download the new IOS image from. If it can’t, you may need to change (or add) an IP address of a router interface.

Router (boot)>en
Password:
Router(boot)#ping 192.168.1.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 192.168.1.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/200/1000 ms

In this case, the ping was successful, meaning that the router is capable of communicating with the TFTP server. The next step is issuing the copy tftp flash command. This prompts us for the IP address of the TFTP server, as well as the name of the IOS image that we wish to download to Flash. If Flash memory already contains IOS images, they may need to be erased as well.

Router (boot)#copy tftp flash
Address or name of remote host [255.255.255.255]? 192.168.1.21
Source file name? d2500.bin
Destination file name [d2500.bin]?
Erase flash device before writing? [confirm] yes/no yes

I’ve saved some space by not showing the output of the command – those exclamation points that you usually see when copying files to or from the router. Once the copy operation is complete, there is still an additional step to undertake – changing the configuration register back to our original value, 0x2102. Follow this up with the reload command, being sure to think carefully about whether you want to save any changes that you have made to the running configuration file. If your startup configuration file already contains correct settings, make a point of not saving any changes when prompted.

Router(boot)#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(boot)(config)#config-register 0x2102
Router(boot)(config)#^Z
Router(boot)#reload
System configuration has been modified. Save? [yes/no]

With the router configuration register changed back to 0x2102, the router should boot into the recovered IOS image normally, using the startup configuration file stored in NVRAM.

Cisco Router Password Recovery

If one thing is for certain, it’s that at some point you’ll forget the password that you assigned to a router, or be asked to configure a router whose password you cannot be provided with. The good news is that with physical access to the console port, you’re in luck. Now that you know about configuration register settings, you know that you can change its setting to ignore the startup configuration file on a router, thus allowing you to bypass any passwords. Once you reboot the router, you can then change (and save) new passwords.

For the purpose of this example, let’s assume that we’re using a Cisco 2600 router. The steps on a Cisco 2500 are similar, with the exception of the ROM Monitor mode commands.

The first step is to access ROM Monitor mode and changing the configuration register setting to 0x2142, such that the router will ignore the contents of the startup configuration file. After rebooting the router, issue the break sequence, and then enter the confreg and reset commands.

rommon 1>confreg 0x2142
rommon 2>reset

The router should now reload, ignoring the contents of the startup configuration file. Press Enter to access user mode, and then enter privileged mode using the enable command. Notice that no password is required.

Press RETURN to get started.
Router>enable
Router#

Now that we’ve accessed privileged mode, the next step is to overwrite the current running configuration with the information stored in the startup configuration. Loading this configuration into RAM will allow us to change the password, as well as to save it.

Router#copy star run

Be very careful not to mistakenly issue the copy run start command – that would cause you to lose all configuration settings stored in the startup configuration file.

Even though we’ve copied the startup configuration into RAM, all of the interfaces are still shutdown. To verify this, use the show run command. As such, your last steps will be to access all interfaces and issue the no shutdown command. Our main goal is still to change the enable secret password, so that’s our next step.

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret cisco

After setting our new enable secret password (and any other passwords that we may need changed), issue the no shutdown command for all interfaces, and then change the configuration register back to the default value (or whichever value you require) using the config-register command. In this case, we’ll set the register back to 0x2102, and then issue the all-important copy run star command to save our changes.

Router(config)#config-register 0x2102
Router(config)#^Z
Router#copy run star>/code>

And there you have it. You don’t even require a reboot at this point (assuming that you remembered to issue the no shutdown command for all necessary interfaces). The next time the router does reboot, its configuration register will be set to 0x2102. This means that it will not ignore the startup configuration file, allowing you complete and normal access using our newly configured password.

Changing Configuration Register Settings

Now that you understand a little more about configuration register settings, let’s take a look at how current register settings can be identified, and then changed.
The easiest way to determine a router’s current configuration register setting is by using the show version command. The configuration register setting will appear at the end of the command’s output, as shown below.

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(5), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 15-Jun-99 20:08 by phanguye
Image text-base: 0x0000144C, data-base: 0x00637308
ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTW
ARE (fc1)
Router uptime is 2 hours, 50 minutes
System restarted by power-on
System image file is "flash:d1205.bin"
cisco 2500 (68030) processor (revision A) with 16384K/2048K bytes of memory.
Processor board ID 02265778, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
1 PCbus interface(s)
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102

A router’s configuration register settings can be changed from global configuration mode using the config-register command, followed by the new value. For example, let’s say that we wanted to configure our router such that the break command is enabled at any time. That would involve setting the configuration register value to 0x2002, changing the value of bit 8 from a 1 to a 0.

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register ?
<0x0-0xFFFFFFFF> Config register number
Router(config)#config-register 0x2002
Router(config)#^Z
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(5), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 15-Jun-99 20:08 by phanguye
Image text-base: 0x0000144C, data-base: 0x00637308
Configuration register is 0x2142 (will be 0x2002 at next reload)

The output of the show version command has been truncated. Notice that the configuration register value is still 0x2102, but will be 0x2002 at the next reload. It is not necessary to issue the copy run star command in order to save changes to the configuration register value.

In cases where you cannot access a router because a valid IOS image cannot be found (or you’ve forgotten the router’s password), you will need to change the configuration register value from ROM Monitor mode. Recall that to access ROM Monitor mode, you’ll need to be connected to the router via the console port to issue the break sequence. The sequence of commands to change the configuration register will differ, depending upon whether your ROM Monitor prompt is > (like on a 2500) or rommon 1> (like on a 2600).
To change the configuration register value from ROM Monitor mode on a Cisco 2500, reboot the router and issue the break sequence (Ctrl+Break if using HyperTerminal). This will provide you with the > prompt, as shown below.

19:44:26: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory
Abort at 0x10EA880 (PC)
>

In the Cisco 2500’s ROM Monitor mode, the command o shows the current configuration register settings, as well as the purpose of the various bits.

>o
Configuration register = 0x2002 at the last boot
Bit# Configuration register option settings
15 Diagnostic mode disabled
14 IP broadcasts do not have network numbers
13 Boot default ROM software if network boot fails
12-11 Console speed is 9600 baud
10 IP broadcast with ones
08 Break disabled
07 OEM disabled
06 Ignore configuration disabled
03-00 Boot file is cisco2-2500 (or ‘boot system’ command)
>

The command to modify the configuration register value is o/r, followed by the new register value. After pressing enter, use the command i to initialize the router. The i command reloads the router, using the new configuration register setting. In this case, a configuration register value of 0x2102 ensures that the router will boot as per the factory default settings.

>o/r 0x2102
>i

If you issue the break sequence on a Cisco 2600 router, you’ll be presented with the rommon> prompt. Although the commands from this prompt are a little different, they achieve the same result. In the example below, we’re setting the configuration register to 0x2142, which tells the router to ignore the contents of the startup configuration file, since bit 6 has been set. The command to change the configuration register from the rommon> prompt is confreg, followed by the new register value. To reload the router, issue the reset command.

rommon 1>confreg 0x2142
rommon 2>reset

After issuing the reset command, the router will reboot using the new configuration register value of 0x2142.

Common configuration register settings and their meanings:

0x2102 The default configuration register setting. The break command is disabled, the contents of NVRAM are processed, and the router will boot according to the commands stored in NVRAM

0x2101 The break command is disabled. The router will process the contents of NVRAM, but will boot into the RxBoot image stored in ROM.

0x2100 The break command is disabled, and the router will boot into ROM Monitor mode.

0x2142 The break command is disabled, and the router will ignore the contents of NVRAM during the boot process.

0x2002 The break command is enabled, but otherwise the router will boot normally.

Understanding Configuration Registers

When it comes time to troubleshoot or initiate password recovery procedures on a router, one element that you’ll definitely need to be familiar with is the software configuration register. The configuration register is a 16-bit number, represented in hexadecimal, which controls everything from the way in which a router boots to whether or not it will process the contents of the startup configuration file. By default, the configuration register on a router is set to a value of 0x2102. The “0x” portion represents the value as hexadecimal, while the “2102” portion is the hexadecimal representation of the 16-bit value.

In order to appreciate what the configuration register value does, you’ll need to know a little more about how the number is defined. The configuration register is made up of 16 bits, numbered 15 through 0 moving from left to right, as shown below. Recall that each hexadecimal digit is made up of 4 bits. The figure below shows the default configuration register, 0x2102, represented in hexadecimal and binary, with the associated bit numbers labeled.

Figure: Configuration register values in hexadecimal and binary, including bit numbers.

Each bit, or group of bits, provides special instructions that control certain properties of the router. For example, bits 0 through 3 control how the router boots. By manipulating these values, you can configure the router to boot from Flash, ROM, or into ROM Monitor mode. Bit 6 controls whether or not the startup-config file is processed when the router boots. As you’ll see later in the chapter, this bit serves an important purpose if you’ve forgotten (or don’t know) the enable secret password.

The list below outlines the purpose of the bits in the configuration register. Changing some of these values is much more common than others – I will show some examples shortly. For now, it’s important to understand the purpose of each bit. Remember that a bit can have only two possible values – 0 or 1. “Setting” a bit involves making its value 1 rather than 0. The list below describes what happens when individual bits are changed. Hexadecimal values will be looked at shortly.

0 through 3 These four bits form what is known as the boot field. Depending on their value, they tell the router boot using the commands found in the startup configuration file, or into the boot image or ROM Monitor

6 This bit is used to control whether or not the startup-configuration file stored in NVRAM should be ignored when the router boots.

7 This bit is used for OEM testing.

8 This bit controls whether the break sequence is enabled or disabled.

10 When this bit is set, the IP broadcast address uses all 0s instead of all 1s.

11-12 These two bits control the speed of console connections. Recall that the default console speed in 9600 bps.

13 Bit 13 is used to control whether the router will boot from ROM (the boot image) if a network boot fails.

14 When this bit is set, IP broadcasts do not include network numbers.

15 When bit 15 is set, the router displays diagnostic messages, and the startup configuration file stored in NVRAM is ignored.

I’m the first to admit that looking at configuration register settings can be a little confusing, so let’s take a closer look. The best place to start is with the default configuration register value of 0x2102.

Take a look at the boot field alone (bits 0 through 3), as shown in the figure below. Since the field is made up of 4 bits, it can hold any hexadecimal value from 0 to F. Remember how hexadecimal values are converted – each group of 4 binary digits is converted to a single hex digit. For example, if the bits are set to 1010, that equals 10 in decimal, or A in hex. If you’ve forgotten how to convert binary to decimal, recall that 1010 is the equivalent to saying 8+0+2+0, which equals 10. In hex, the letter A represents the number 10.

Figure: Bits 0 through 3 form the boot field of the configuration register.

Bits 0 through 3 form the last hex digit of a configuration register, as shown in the figure above. The value found in this hex digit controls where the router will boot from. The list below outlines the values associated with booting from different locations.

0 When the boot field is set to a hex value of 0, the router will boot into ROM Monitor mode. An example would be a configuration register of 0x2100.

1 When the boot field is set to a hex value of 1, the router will boot using the boot image stored in ROM (RxBoot). An example would be a configuration register of 0x2101.

2-F When the boot field is set to any value between 2 and F, the router will boot using the boot system commands found in the startup configuration file stored in NVRAM.

Examples would be a configuration register of 0x2102, 0x2108, 0x210F, and so forth.
The next important bit to consider is bit number 6, as shown in the figure below. Bit 6 controls whether or not the router will ignore the contents of the startup configuration file stored in NVRAM during the boot process. By default, bit 6 is not set, meaning that the router will indeed process the contents of NVRAM.

Figure: When bit 6 is set to binary 1 the contents of NVRAM are not processed.

In the figure above you also see the change that takes place in the configuration register value when bit 6 is set. This changes the configuration register value to 0x2142, which tells the router to ignore the contents of NVRAM when booting. If you do this, the router won’t have a startup configuration, and you’ll be presented with the System Configuration Dialog that we looked at in Chapter 6. By ignoring the startup configuration file, you then have the opportunity to set a new router password. We’ll walk through the procedure a little later in the chapter.

Going back to the default configuration register of 0x2102, take a look at bit 8, as shown in the figure below. Bit 8 is used to control whether the break sequence for a router is enabled or disabled while the router is running. By default, the break sequence is disabled, because that bit 8 is set to binary 1. What that means is that you cannot issue the break command during normal router operation. Recall that the break sequence is used to enter ROM Monitor mode.

Figure: When bit 8 is set to binary 1 the break command is disabled.

Although the break sequence is turned off by default, this still doesn’t stop you from entering the break sequence when a router is rebooting. As a general rule, you have anywhere between the first 15 and 60 seconds of a reload to issue the break command and enter ROM Monitor mode. Bit 8 only controls whether the break sequence can be entered during normal router operation. If the configuration register were set to 0x2002, the break command could be issued from the console at any time.

Bits 11 and 12 are used to control the console port line speed.

The last critical bit to be familiar with is bit number 13, as shown in the figure below. When bit 13 is set, a router will boot into the image stored in ROM (RxBoot) after netboot fails. Recall that when boot system commands are not stored in a router’s startup configuration file, the router will first try booting from Flash, then a TFTP server, and finally the boot image stored in ROM. If bit 13 is set to 0, the router will continue to attempt to load a configuration file from a TFTP server indefinitely.

Figure: When bit 13 is set to binary 1 a router will attempt to boot from ROM if an image cannot be located on a TFTP server.

Cisco Router Boot Options

By default, a Cisco router uses a configuration register setting that tells it to boot using the first IOS image stored in Flash memory. If a valid IOS image isn’t found in Flash, it will then attempt to “netboot” using an IOS image stored on a TFTP server. If even this fails, the default configuration register tells the router to boot using the image stored in ROM. This default behavior of the router can also be changed by specifying boot system commands in a router’s startup configuration file.

For example, it’s quite possible that your system has enough Flash memory to store multiple IOS images. If this is the case, you can specify the image that should be loaded when the router boots by using the boot system command, followed by the IOS filename of the image you wish the router to load. The boot system commands also allow you to configure your router for fault-tolerant booting. For example, you can specify multiple boot system commands that will form the order in which your router will attempt to load an IOS image.

The following example shows a router configured to boot from an image in Flash, followed by an image stored on a TFTP server, and if neither is available, into the boot image stored in ROM.

Router(config)#boot system flash c2500-js-l.120-7.T
Router(config)#boot system tftp c2500-js-l.120-7.T 192.168.1.100
Router(config)#boot system rom

After issuing the boot system commands, they can be viewed using show run. Don’t forget that changes need to be saved using copy run star.

Router#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash d2500.bin
boot system tftp d2500.bin 192.168.1.100
boot system rom
enable secret 5 $1$.vqP$WjeX3EZhdUnY80YHXbeNh0

The Router Boot Image

Recall from Chapter 6 that the read-only memory (ROM) on a Cisco router also includes a limited IOS version that can be used to boot the router in cases where an IOS image is not present. This limited IOS version is commonly referred to as the boot image (or RxBoot) and provides an environment from which you can access a TFTP server to install a new IOS image to your router. If you ever accidentally erase the contents of flash, you’ll definitely need to be familiar with the boot image.

There are two common methods of purposely accessing a router’s boot image stored in ROM. The first is to add the boot system rom command to a router’s startup configuration. However, it’s much more common to access RxBoot by changing the value of the router’s configuration register, as we’ll explore shortly. If your router automatically loads the boot image, that usually indicates that you need to change the configuration register on your router, or that a valid IOS image could not be found in Flash memory or on a network TFTP server. In all cases, accessing the boot image will require that you reboot the router.

You can recognize that the router has loaded the boot image according to the prompt displayed. The prompt when the boot image is loaded will be:

Router(boot)>

No matter how badly you have misconfigured a router, you should always be able to access the boot image since it is stored in ROM. If you can’t, that likely indicates a hardware-related issue.

ROM Monitor Mode

As its name suggests, ROM Monitor is stored in ROM and is implemented in firmware. ROM Monitor mode is actually the bootstrap program that we talked about in previous chapters. The bootstrap program is responsible for initializing hardware and loading the Cisco IOS. As such, it is the first thing loaded by the router at power up.

The bootstrap program isn’t limited to just these tasks. It is also capable of providing a command-line environment that can be used to perform certain configuration tasks, such as downloading software over the console port, recovering a lost password, or changing the configuration registers that control the way in which a router will boot. ROM Monitor mode is accessed by issuing what is known as a break sequence, either when the router is booting, or potentially during normal operation.

In order to access ROM Monitor mode using a break sequence, you need to be physically connected to the console port. This is for security purposes, since we’ll see that this mode can be used to change the configuration register of the router. Issuing the break sequence on a router involves pressing a certain key combination, which differs depending on the terminal emulation program that you are using to access the router via the console port. Table 10-1 outlines the break sequences for common terminal emulation software.
Common break sequences for terminal emulation programs:

HyperTerminal Ctrl+Break (Windows 2000)Ctrl+6+Break (Windows 95)

Minicom (Linux) Ctrl+a, f

ProComm Plus Alt-b

The information above is provided mainly for references purposes – you certainly won’t need to remember the break sequences for all software. Since most users will use the version of HyperTerminal included with Windows, it is worth noting that the break sequence may not work with the version included with Windows NT.

To access ROM Monitor mode, issue the break sequence in the first 60 seconds of the router boot process. In other words, power-cycle (reboot) the router, and while connected to the console port in HyperTerminal, press Ctrl+Break. Issuing the break sequence and accessing ROM Monitor mode will generally provide output similar to what is shown below.

19:44:26: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory

Abort at 0x10EA880 (PC)
>

After issuing the break sequence, you are presented with the abort message, followed by a prompt. The prompt will differ depending on the type of router you are working with. On a Cisco 2500, the ROM Monitor prompt is simply a flex bracket, as shown in the output above. On a Cisco 1600 or 2600, the ROM Monitor prompt is a little easier to recognize:

rommon 1>

There’s no need to worry about the number following the rommon> prompt. It will simply increment by 1 each time you press enter. The syntax of commands issued from ROM Monitor mode differs depending on whether you’re working from the > or rommon> prompt, as we’ll see a little later in the chapter. For now, it’s enough to know how to access ROM Monitor mode and be able to recognize the associated prompts.

Cisco Router Boot Process

Way back in Chapter 6, we took an introductory look at how a Cisco router boots by default, according to factory-configured settings. However, you will also need to know how to alter settings such that a router can boot into different environments, if necessary. For example, if a router password is lost or misplaced and you can’t log into the router, you will need to alter the boot process such that settings stored in the startup configuration file are ignored. Doing so requires that you change the configuration register settings on your router. This presents a problem – if you can’t log on to the router, how you change its configuration? The answer involves understanding a little bit more about two different operating environments – ROM Monitor and RxBoot (Boot Image) mode.

Router Troubleshooting and Password Recovery

It’s a fact of life that no matter how carefully you manage your equipment, something is bound to go wrong at some point. While Cisco has a great track record of providing stable equipment with a solid operating system, there are still times when something will go wrong. When problems do occur, fixes are usually issued by Cisco as an updated IOS release.
On a day-to-day basis, especially while studying, many of the problems that you will come across will be related to managing the IOS image and passwords. For example, it’s important to be familiar with how to gain access to a router when you’ve forgotten (or perhaps were never told) one of the required passwords. Along the same lines, you will need to know what to do in cases where your router’s IOS image is corrupted or missing.

Troubleshooting and password recovery of a Cisco router requires an understanding of the different working environments provided by the router, and how to reach them. In order to successfully access these environments, you’ll need to be familiar with what is known as the configuration register and how it impacts the operation of your router. Not only does this setting control how a router boots, but also the ability to issue break sequences, configure console port speeds, and so forth.

The topics that we’ll cover in this chapter include:

  • The Cisco router boot process
  • Router environments
  • Understanding configuration register values
  • Changing configuration register values from different environments
  • Password recovery on Cisco routers
  • Restoring missing or corrupted IOS images