It's not enough to understand where everything is located on Cisco devices. To troubleshoot a device, it is critical to understand the boot process. There is a normal boot process and then there are actions you can take to alter the process. It is important to understand how to do that and in what situation doing so would be beneficial.
This section covers the boot process in detail. The output that you can expect to see at certain points in the boot process is described. This section also explains how to copy a Cisco IOS from a TFTP server, how to set a Cisco device to boot to a Cisco IOS located in a network location, and, finally, how to manage the startup and running configuration files referred to earlier in this chapter.
The boot process can be broken down into the following steps:
System Bootstrap, Version 11.0(10c), SOFTWARE Copyright (c) 1986-1996 by Cisco Systems 2500 processor with 6144 Kbytes of main memory F3: 5593060+79544+421160 at 0×3000060
Both ROMmon and the ROM mini IOS are located on the ROM chip.
Looking for a startup configuration in NVRAM is an alternate way to manage the boot process rather than using the configuration register.
Cisco Internetwork Operating System Software IOS ™ 2500 Software (C2500-I-L), Version 12.0(5) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 15-Jun-99 19:49 by phanguye Image text-base: 0x0302EC70, data-base: 0×0000100
00:00:22: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:22: %LINK-3-UPDOWN: Interface Seria10, changed state to up 00:00:22: %LINK-3-UPDOWN: Interface Seria11, changed state to up 00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to up 00:03:13: %LINK-5-CHANGED: Interface Seria10, changed state to administratively down 00:03:13: %LINK-5-CHANGED: Interface Seria11, changed state to administratively down
--- System Configuration Dialog --- At any point you may enter a question mark ‘?’ for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets ‘[]’. Continue with configuration dialog? [yes]:
Press RETURN to get started!
THE BOOT DECISION PROCESS
Here is a more visual representation of the boot decision process.
The Cisco IOS image file can be loaded from flash, which is the most common location, but it can also be loaded to the device from a TFTP server. This is a much slower way to load the IOS, but it does offer the benefit of maintaining the image for multiple routers in one location. Operations such as updates and image patches can then be managed in a central location and can help to maintain IOS image consistency across multiple devices.
To set the device to boot from an image located on a TFTP server, a command must be executed (boot system tftp://ip_address/fi1ename) and saved to the startup configuration file. When that file is read as indicated in step 3 of the boot process (as shown in the previous section), it will instruct the device to skip looking for the image in flash and proceed to load the image from a TFTP server. Because the command will also include the IP address of the TFTP server and the name of the image file on the server, it will greatly speed the process as the default TFTP location method will be broadcast for the TFTP server.
A more common use of a TFTP server is as a platform to transfer IOS images to the router and to store images for backup and maintenance. The TFTP server can be used to store startup configuration files as well. This offers the same benefits as does centrally locating IOS images, that is, the files can be managed and edited offline in a central location and then loaded to the devices when desired.
To load an image from a TFTP server to a router, conceptually the steps are as follows:
File Length Name/status 1 10218508 /c2500-js-1_120-8.bin [10316471 bytes used, 6460745 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY)
Accessing file ‘c2500-js-1_113-3.bin’ on 171.71.93.192… Loading c2500-js-1_113-3.bin from 171.71.93.192 (via Ethernet0): ! [OK] Erasing device…eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ee …erased Loading c2500-js-1_113-3.exe from 171.71.93.192 (via Ethernet0): !!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!! [OK - 8900924/16777216 bytes] Verifying checksum… OK (0×8ABE) F1ash copy took 0:04:57 [hh:mm:ss] %FLH: Re-booting system after down1oad
During our discussion of router storage locations and of the boot process, I have made numerous references to two configuration files. It is important that these files, their contents, and their relationship to each other are approached in an organized manner. These files contain all the settings of a router or switch and are applied to the device every time the device is started or restarted. In this section, the characteristics of both the startup and the running configuration files are explored.
The startup configuration file can be created either by using the menu-based setup program or at the CLI. The benefit of using the setup menu, especially for those new to Cisco devices, is that it will prompt you for important settings that may not occur to you otherwise. Having said that, most administrators use the CLI to create the startup configuration file.
This file is consulted briefly at the beginning of the boot process to determine whether it contains boot commands. Then after the IOS is located, the file is loaded into RAM and applied to the device. Applied means that if an interface needs to be enabled, it is, that if an IP address needs to be applied, it is, that if a routing protocol needs to be enabled and its settings applied, it is, and so forth.
After the file is copied into RAM, the version that is located in RAM is renamed. It becomes the running configuration, which is covered in the next section. It is important to note that the startup configuration file is copied into RAM, not moved. The startup configuration file is still in NVRAM after the copy process is complete.
After the startup configuration file is copied, it is renamed the running configuration file. When you use the CLI on a live router to make changes to the router, you are editing the running configuration. The running configuration contains the settings that the device is using right now. There is no need to save this file to make the settings effective. They will be effective immediately. However, if you want these changes to remain in effect at the next restart, you must copy these changes to the startup configuration file located in NVRAM. This is done by executing the copy running-config startup-config (copy run start for short) command.
If you make changes to the running configuration that you decide you do not want to keep and you have not saved them to the startup configuration file, you can remove them in one of two ways:
Besides containing the startup configuration, NVRAM contains the configuration register. This is a 16-bit field in hexadecimal that contains information about the boot process. Each of the 16 bits can be set either to 1 (on) or 0 (off). When you make changes to the configuration register, it is done in hexadecimal, and the value you enter is preceded by the characters 0x, which will simply communicate to the device that what follows is in hex.
To make the relationship between the hex and binary clearer, look at Figure 12.9. You can see that there are four sets of 4 bits. The bottom line indicates the current setting in binary. The top line (2 1 0 2) indicates the hex version and is what you would enter at the CLI to make a change to the setting.
The two fields that are important for this discussion are the two on the right side (bits 7-0). The far-right field (bits 3-0) is called the boot field and controls where the device looks for an IOS during boot. If this last field is set to 2 or higher (in hex), the device will use the settings found in NVRAM. This could mean one of two things:
Because the default setting of the field is 2 (in hex), then if no boot commands have been added to the startup configuration file, the normal operating procedure is as stated in option 2.
The field that contains bits 7-4 doesn't have a name, but it can be used to control whether the device reads or uses the startup configuration file when the device is restarted. This procedure is (most) commonly used when you need to perform a password recovery.
Passwords that are required to enter privileged and global configuration modes of the device are contained in the startup configuration file. By instructing the device to ignore that file, it becomes possible to boot the device, edit the password in the file, or erase the file.
Changing the configuration register to perform a password recovery could be used to break into a Cisco device. That's why this procedure can be performed only when physically attached with a console cable.
The default setting for the configuration register is 0x2102. The third number (0, which is the setting for the bits 7–4 described earlier) is the number of interest when controlling the use of the startup configuration file. The relevant settings with respect to the startup configuration file are as follows:
The configuration register can be edited in two ways. If you have access to global configuration mode (meaning you can provide the privilege mode password if required), it can be done from the CLI. In that case, you can use the config-regfster command along with the proper setting in hex preceded by the required 0x. After executing the command, save the changes to the startup configuration file by executing the copy run start command. When the device reboots, it will use the settings you have just applied to the register.
If you are performing a password recovery (meaning the password is unavailable), this approach will not be an option. This operation will have to be performed while booted into ROMmon mode. The default for the device is to not boot into ROMmon mode, but rather to look in NVRAM for any boot commands in the startup configuration file, and then if there are none (which is usually the case), to load the IOS from flash and then apply the startup configuration file.
Therefore, this default procedure must be interrupted by executing what is called a break sequence while the system is booting up, before it has a chance to get to the NVRAM portion of the process. A break sequence is a combination of keys to strike on the keyboard within a certain period of time after restarting the device. What constitutes a break sequence depends on factors such as the operating system of the computer you are using to connect to the Cisco device and the type of HyperTerminal software.
A comprehensive list of break sequences for common operating systems and versions of terminal software can be found at www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml.
When you have determined the break sequence, follow this procedure to erase or reset the password:
You are not prompted for a password when you request access to privileged mode because you are in ROMmon mode, where the configurations file containing the password is not read or used.
router#config terminal router(config)#enab1e <new password> router(config)# enable secret <new password> router(config)# c#^Z (this means you hit ctrl+Z on the keyboard) router#copy run start
router# config terminal router(config)# config-register 0x2102 router(config)# c#^Z router#copy run start
(The c#^Z part means you press Ctrl+Z on the keyboard.)
A Cisco router or switch uses an operating system called the IOS and startup configuration and running configuration files to perform its tasks. Cisco devices also contain four storage locations: RAM, NVRAM, ROM, and flash memory. RAM is an area where the running configuration and the IOS tables are kept, and it is volatile. NVRAM is nonvolatile and is where the startup configuration file is kept. ROM contains the boot code and a mini version of the IOS. Flash memory is used to store the IOS image file.
The startup and running configuration files contain all the settings of a router or switch. The startup configuration file is applied to the device every time the device is started or restarted and resides in NVRAM. After it is copied into RAM at startup, it is renamed the running configuration.
There are two ways to make a connection to a Cisco router or switch: the HyperTerminal program installed on a computer or over the network using Telnet. There are two levels of access to the IOS: user and privileged. The default boot process of a Cisco device is to access the bootstrap code from ROM, locate the IOS in flash, and load and apply the startup configuration file from NVRAM.
Follow these steps:
Location | Contents |
Flash | Startup config/config register |
RAM | Bootstrap code |
ROM | Running configuration |
NVRAM | Cisco IOS |
REVIEW QUESTIONS
00:00:22: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:22: %LINK-3-UPDOWN: Interface Seria10, changed state to up