NET 224: Advanced Routers and Routing

Chapter 9: Managing a Cisco Internetwork


This chapter introduces concepts about managing a Cisco environment:

  1. Managing system image and configuration files
  2. Using the OSI model for troubleshooting
  3. LAN and VLAN troubleshooting
  4. Troubleshooting IP addressing and host configuration
  5. Troubleshooting network devices

The chapter begins with a list of the major components of a Cisco router:

  • Bootstrap - a startup program that is stored in ROM. It is loaded at boot, and it loads the operating system
  • POST - most computer equipment runs a Power On Self Test. The POST program is stored in ROM, and it runs first in the boot sequence. When it loads, it checks the router to determine what interfaces are installed, and it tests the router at a basic hardware level.
  • ROM monitor - a troubleshooting and testing program stored in ROM. This is a small code version of the command line interface.
  • Mini-IOS - also called RXBOOT and bootloader. A minimal version of the operating system. It is stored in ROM. Can be used to load the operating system, and/or bring up an interface.
  • RAM - Random Access Memory is the operational memory of the router. It holds buffers, software, data, routing tables, ARP tables, and a copy of the running-config file while the router is running. Some routers load and run the operating system in RAM.
  • ROM - as noted above, many things are stored in Read Only Memory.
  • Flash memory - This memory, like ROM is not volatile. The Cisco operating system (IOS) is stored here, and loaded from here by default.
  • NVRAM - Like ROM and Flash memory, this memory is not volatile. Configuration files are typically stored here.
  • Configuration register - The hexadecimal value stored in this register tells the router where to load the the IOS from, whether to load the configuration file, and what transmission rate to use. (see link to Cisco site)

The text describes the sequence of events that happen when you boot up a Cisco router. It breaks the events into four steps:

  1. POST tests the hardware, and determines what interfaces it has.
  2. Bootstrap loads, then it loads the IOS.
  3. The IOS looks for and loads the configuration file. (Unless you have told it not to do so, or unless there is no such file.)
  4. If a configuration file was loaded into NVRAM, the router applies it. If not, the router drops into setup mode.

The discussion of the configuration register in the text is confusing. Please read this (meant to be humorous) version at Router God, then come back for a few thoughts.

The Router God article is not perfect either. Like the text, it uses jargon:

  • rommon - also called ROMmon, the ROM Monitor, and the bootstrap program (see item 2 in the boot sequence above). If you do not load the IOS in step 2, you will be running the ROM Monitor, and the prompt you get may say "rommon".
  • password recovery - The text and most web sites tell us that there is a method to recover passwords for a Cisco router. There is not. The procedure they describe tells you how to reset the passwords. What's the difference? There is no stealth to a reset: I cannot do a reset and leave no trace of my having been there. Recovery would mean a way to read the existing passwords. What you can to is recover access to administrative modes by changing the passwords.

The text discusses the configuration register in horrible, confusing detail. Changing the value of this system variable will cause the router to boot in several different ways. The note in the text is valid: before changing the value of the configuration register, use the show version command to check the current value, and write it down.

The usual value of the configuration register on a Cisco router is 2102. This is a hex value, so each digit represents four bits in a sixteen bit binary number. The text suffers from a spacing problem that I can correct here:

Hex value
Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Bit value 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

In the top row, you see the four hex digits. In the second row, you see the numbers associated with each of the sixteen bits of the configuration register, color-coded to show which bits each hex digit represents. In the third row, you see the binary value of of each of the hex digits (2102). I have also called attention to the bit numbered 6 (red square above).

  • When this bit is turned off, the router loads the configuration file from NVRAM at bootup.
  • When the bit is turned on, the configuration file is not loaded at bootup. Why do we care? We care because it gives us a way to break into the system without passwords.

To turn this bit on, you should change the value of the third hex character from 0 to 4. (It would also be turned on if the value of that hex digit were 5, 6, 7, C, D, E, or F. Using 4 as the value leaves the other bits off.)

The text offers a series of steps to reset a router's passwords:

  1. Boot the router and interrupt the boot sequence by sending a break, which will dump you into ROM monitor. You can do this with the Hyperterminal program, and several other programs (follow link to a list on the Cisco web site).
    You may note that the bit numbered 8 is on by the default register setting. Turning bit 8 on tells the router not to pay attention to a break. This does not matter if you can send a break signal in the first minute of the boot process, at which time the router will respond to the break anyway. So, what's the point to turning that bit on? It keeps the router from responding to a break signal after it boots.
  2. Use ROM monitor to change the configuration register: turn on bit 6 with the value 0x2142.
    This is done differently on different models.
    On a 2600 series router, use the command confreg 0x2142.
    On a 2500 series router, use the command o, to enter the options menu. Then, use the command o/r 0x2142 to change the register value.
  3. Reload the router.
    Again, this is done differently on different models.
    On a 2600 series router, use the command reset.
    On a 2500 series router, use the command I. That is the letter I (sounds like 'aye') which means "Initialize the router".
    The operating system loads, but the configuration file does not.
    The router should ask if you want to enter setup mode, and you should answer No. Why? We only want to change the passwords for the router. We will keep its other settings, as you will see below.
  4. Enter user mode (by pressing enter), then enter privileged mode with the enable command. (There are no passwords in effect at this time.)
  5. Copy the startup-config file to running-config. The command is copy start run. This copies all the startup settings into the working RAM.
  6. Now, you can change the enable password. You are in privileged mode, and you set passwords as you would during setup.
    Use the command config t to enter configuration mode.
    Use the command enable secret password.
    Note that this is three words on the command line, the third one being the new password. Now the running configuration file has the same settings as before, but the password has been changed.
  7. Reset the configuration register to the default value.
    If you are not in configuration mode, enter it with the command config t.
    Change the register value with the command config-register 0x2102
  8. Use the command copy run start to save the router configuration.
  9. Reboot the router. Test the passwords. The text notes that if you make a mistake about the configuration register value, you will see the router come up in setup mode.

The text moves on to describe working with the Cisco IOS as a file. Remember that this file is stored in flash memory on the router. The text tells us that we can store a copy of it on a network server that is running TFTP (Trivial File Transfer Protocol). Notes about flash and the IOS:

  • Use the command show flash to see the name of the file stored in flash memory, the file's size, how much space is free in flash memory, and how much total space you have in flash memory.
  • The name of the IOS file will include the model number of the router it is for. It may contain several letter flags to indicate features: f (eff) means the file runs in flash, m (em) means the file runs from RAM, r (arr) means the file runs from ROM, l (ell) means the file is relocatable.
  • This link will take you to a related discussion of the topic on Tech Republic.

Placing a copy of the IOS file on your TFTP server is simple, but the text recommends a few steps:

  1. Ping the IP address of the server from the router:
    ping ip_address
  2. Copy the file(s) in flash to the server:
    copy flash tftp
    No variables this time, but several lines of output as the router gets around to doing it.
    First the router displays the files stored in flash memory, including their names and sizes.
  3. The router asks for the name of the file to copy (source). You can enter it from the keyboard, or, if your interface supports it, copy and paste it from the output in step 2.
  4. The router asks what filename to use for the destination copy. By default, it will use the same name you entered in step 3 if you just press Enter.
  5. Irritatingly, the router asks you to confirm that you want to make the copy as you have requested. Pressing y will lead to the copy being made.

The text warns us that this command does not allow us to specify a target folder on the TFTP server. Whatever folder is its default will be used.

Reversing the logic above, you can copy an IOS file from the TFTP server to the flash memory of a router. As noted above, this command only copies from the default folder of the TFTP server. If you use this command, it will:

  1. Warn you in odd language that the router will have to reboot
  2. Ask for the name or IP address of the TFTP server (remote host)
  3. Ask for the name of the IOS file (on the server)
  4. Ask you several times to confirm that you will be erasing the files already in flash memory.
  5. Tell you that the system configuration has been modified, and ask to save it. Poor wording. Tell it yes, otherwise you will lose your configuration file.
  6. Ask you again to confirm that you are copying destructively from the TFTP server to flash memory.
  7. Dump the IOS from working memory, and load the bootstrap IOS from ROM.
  8. Erase flash memory.
  9. Finally, complete the copy command.
  10. Reboot the router.

The copy command can also be used to put a safety copy of a router's configuration file on the TFTP server

The text kindly explains that we can verify what is in each file (before making a copy of it) with the show command:
show run
show start

The command to copy each version of the configuration file is:
copy running-config tftp
copy startup-config tftp

The difference between the two commands above is which configuration file you want to make a copy of. We are also told that this command has an odd behavior. We will be asked for the destination filename to use, and the default is the name of the router, plus five characters: -cnfg.

You can, of course, use the copy command to copy from the TFTP server to either the startup or running config file by reversing the arguments in the two commands above.
copy tftp run

When the system asks for the name of the remote host, it actually wants the IP address of the TFTP server, It will also ask the name of the source file and the destination file, even though you used the name of the destination file in as the second argument to the command. Just when you thought this was easy, the text throws in another wrinkle: using this command will shut down all interfaces on the router. Great...

The erase command may be of use if you do not trust the setting in your configuration files. The command erase startup-config will erase all files in NVRAM, once you confirm that you want to do so. With no stored configuration file, the router will go into setup mode at its next reboot.

The text turns to Cisco Discovery Protocol, which was mentioned in an earlier chapter. The author seems to believe that you can save lives with this protocol. No, you can't. You can help save lives by giving reliable tools to people who need them to save lives. There are times when a network provides vital services to people who provide emergency services. A system admin can be part of the big picture that helps people, but one protocol will not save the world.

CDP protocol can be used to take a census of your Cisco equipment. When you are connected in privileged mode to a Cisco router or switch, you can use the command show cdp neighbor to get a list of the devices directly connected to your device. This device list will give you several facts about each connected device:

  • Device ID - the name of the neighbor device
  • Local Intrfce - the port the device is attached to
  • Holdtme - CDP information is discarded when the Holdtime for CDP packets expires. This keeps the CDP information current.
  • Capability - This is one or more code letters that tell us what kind of device each device is: R, router; T, transparent bridge; B, source routing bridge; S, switch; H, host; I, igmp; and r, repeater.
  • Platform - the Cisco model number (remember, this protocol only works on Cisco devices)
  • Port ID - the port on the neighbor device that is used to broadcast CDP packets

If you use the command show cdp neighbor detail, you will also get the IP address of each neighbor device, and information about the operating systems on them.

The text moves on to discuss the use of the Telnet program, which we are told can be run from the DOS and the Cisco command lines. If you wish to use the Telnet program to manage your Cisco devices, you must set a VTY password for those devices first. The enable or enable secret password must be set for the devices as well.

You can make a Telnet connection to a Cisco router two ways:

  • telnet ip_address
  • ip_address

The text tells us that you can end the Telnet program with the exit command. This does not work on my Windows XP computer: I must use the quit command instead.

The concept of host name resolution is discussed, as it must be in all network texts. The same two solutions are offered:

  • host table - You can build a host table with a series of commands on each router.
    command: ip host host_name IP_address
    You can remove a line from the host table with the no modifier, and the same command, leaving off the IP address.
    Command: no ip host host_name
  • DNS resolution - three commands may be used to enable your router to use DNS service. They depend on your actually having a DNS server.
    • ip domain-lookup - this enables your router to use DNS service. It is enabled by default.
    • ip name-server ip_address - this tells your router the address of the DNS server to use for name resolution
    • ip domain-name subdomain.domain - this provides completion information. When you only supply a partial domain name for resolution, this establishes your subdomain and domain, so objects can be searched for as members of your domain.

The text turns to two troubleshooting tools: ping and traceroute. Neither is discussed any clarity.

  • PING - can be issued on a command line, and has an extensive list of options. Usually, the options are unnecessary. The text offers the fact that you can ping the address, which stands for the IP stack on the machine you are using. You may also want to ping the IP address you think you have, with your network cable unplugged. Pinging the local loopback proves you have a working IP stack. Pinging your actual address, when unplugged, proves you have that address.
    Be aware that you can ping an address or a domain name.
  • TRACERT (Trace Route) - This command will show how long each link in a route takes, as well as showing links that fail to pass packets to the next link. Successful transfers of data will report the total time to the destination. You can limit the trace to a specific number of hops with the command
    tracert -h hop_limit
    where hop_limit is a number.