NET 224: Advanced Routers and Routing
Chapter 9: Managing a Cisco Internetwork
This chapter introduces concepts about managing a Cisco environment:
- Managing system image and configuration files
- Using the OSI model for troubleshooting
- LAN and VLAN troubleshooting
- Troubleshooting IP addressing and host configuration
- Troubleshooting network devices
The chapter begins with a list of the major components of a Cisco
- Bootstrap - a startup program that is stored in ROM.
It is loaded at boot, and it loads the operating system
- POST - most computer equipment runs a Power On Self
Test. The POST program is stored in ROM, and it runs
first in the boot sequence. When it loads, it checks
the router to determine what interfaces are installed,
and it tests the router at a basic hardware level.
- ROM monitor - a troubleshooting
and testing program stored in ROM. This is a small
code version of the command line interface.
- Mini-IOS - also called RXBOOT and
bootloader. A minimal version of the
operating system. It is stored in ROM. Can be used
to load the operating system, and/or bring up an interface.
- RAM - Random Access Memory is the operational
memory of the router. It holds buffers, software,
data, routing tables, ARP
tables, and a copy of the running-config file
while the router is running. Some routers load and
run the operating system in RAM.
- ROM - as noted above, many things are stored
in Read Only Memory.
- Flash memory - This memory, like ROM is not
volatile. The Cisco operating system (IOS)
is stored here, and loaded from here by default.
- NVRAM - Like ROM and Flash memory, this memory is
not volatile. Configuration files
are typically stored here.
register - The hexadecimal value stored
in this register tells the router where to load the the IOS
from, whether to load the configuration
file, and what transmission rate to use. (see link to Cisco site)
The text describes the sequence of events that happen when you boot
up a Cisco router. It breaks the events into four steps:
- POST tests the hardware, and determines
what interfaces it has.
- Bootstrap loads, then it loads the IOS.
- The IOS looks for and loads the configuration file.
(Unless you have told it not to do so, or unless there
is no such file.)
- If a configuration file was loaded into NVRAM, the
router applies it. If not, the router
drops into setup mode.
The discussion of the configuration register in the text is confusing.
Please read this (meant to be humorous) version at Router
God, then come back for a few thoughts.
The Router God article is not perfect either. Like the text, it uses
- rommon - also called ROMmon, the ROM Monitor, and
the bootstrap program (see item 2 in the boot sequence above). If you
do not load the IOS in step 2, you will be running the ROM Monitor,
and the prompt you get may say "rommon".
- password recovery - The text and most web sites tell
us that there is a method to recover passwords for
a Cisco router. There is not. The procedure they describe
tells you how to reset the passwords. What's the difference?
There is no stealth to a reset: I cannot do a reset
and leave no trace of my having been there. Recovery would mean a way
to read the existing passwords. What you can to is recover access
to administrative modes by changing the passwords.
The text discusses the configuration register in horrible, confusing
detail. Changing the value of this system variable will cause the router
to boot in several different ways. The note in the text is valid: before
changing the value of the configuration register, use the show version
command to check the current value, and write it down.
The usual value of the configuration register on a Cisco router is 2102.
This is a hex value, so each digit represents four bits in a sixteen bit
binary number. The text suffers from a spacing problem that I can correct
In the top row, you see the four hex digits. In the second row, you see
the numbers associated with each of the sixteen bits of the configuration
register, color-coded to show which bits each hex digit represents. In
the third row, you see the binary value of of each of the hex digits (2102).
I have also called attention to the bit numbered 6 (red square
- When this bit is turned off, the router loads the configuration
file from NVRAM at bootup.
- When the bit is turned on, the configuration file is not
loaded at bootup. Why do we care? We care because it gives us
a way to break into the system without passwords.
To turn this bit on, you should change the value of the third
hex character from 0 to 4. (It would also be turned on if the value
of that hex digit were 5, 6, 7, C, D, E, or F. Using 4 as the value leaves
the other bits off.)
The text offers a series of steps to reset a router's passwords:
- Boot the router and interrupt the boot sequence by sending
a break, which will dump you into ROM monitor. You can
do this with the Hyperterminal
program, and several other programs (follow link to a list on the Cisco
You may note that the bit numbered 8 is on by the default
register setting. Turning bit 8 on tells the router not
to pay attention to a break. This does not matter if you can send a
break signal in the first minute of the boot process, at which
time the router will respond to the break anyway. So, what's
the point to turning that bit on? It keeps the router
from responding to a break signal after it boots.
- Use ROM monitor to change the configuration register: turn
on bit 6 with the value 0x2142.
This is done differently on different models.
On a 2600 series router, use the command confreg 0x2142.
On a 2500 series router, use the command o, to enter the
options menu. Then, use the command o/r 0x2142 to change the
- Reload the router.
Again, this is done differently on different models.
On a 2600 series router, use the command reset.
On a 2500 series router, use the command I. That is the
letter I (sounds like 'aye') which means "Initialize the router".
The operating system loads, but the configuration file does not.
The router should ask if you want to enter setup mode, and you
should answer No. Why? We only want to change the passwords for
the router. We will keep its other settings, as you will see below.
- Enter user mode (by pressing enter), then enter privileged
mode with the enable command. (There are no passwords in effect
at this time.)
- Copy the startup-config file to running-config. The command is copy
start run. This copies all the startup settings into the working
- Now, you can change the enable password. You are in
privileged mode, and you set passwords as you would during setup.
Use the command config t to enter configuration mode.
Use the command enable secret password.
Note that this is three words on the command line, the third one being
the new password. Now the running configuration file has the same settings
as before, but the password has been changed.
- Reset the configuration register to the default value.
If you are not in configuration mode, enter it with the command config
Change the register value with the command config-register 0x2102
- Use the command copy run start to save the router configuration.
- Reboot the router. Test the passwords. The text notes that
if you make a mistake about the configuration register value, you will
see the router come up in setup mode.
The text moves on to describe working with the Cisco IOS
as a file. Remember that this file is stored in flash memory on the router.
The text tells us that we can store a copy of it on a network server that
is running TFTP (Trivial File Transfer Protocol). Notes about flash and
- Use the command show flash to see the name of the file
stored in flash memory, the file's size, how much space is free
in flash memory, and how much total space you have in flash memory.
- The name of the IOS file will include the model number
of the router it is for. It may contain several letter flags
to indicate features: f (eff) means the file runs in flash, m
(em) means the file runs from RAM, r (arr) means the file runs
from ROM, l (ell) means the file is relocatable.
link will take you to a related discussion of the topic on Tech
Placing a copy of the IOS file on your TFTP
server is simple, but the text recommends a few steps:
- Ping the IP address of the server from the router:
- Copy the file(s) in flash to the server:
copy flash tftp
No variables this time, but several lines of output as the router gets
around to doing it.
First the router displays the files stored in flash
memory, including their names and sizes.
- The router asks for the name of the file to copy
(source). You can enter it from the
keyboard, or, if your interface supports it, copy and paste
it from the output in step 2.
- The router asks what filename to use for the destination
copy. By default, it will use the same name you entered in step 3 if
you just press Enter.
- Irritatingly, the router asks you to confirm that
you want to make the copy as you have requested. Pressing y
will lead to the copy being made.
The text warns us that this command does not allow us
to specify a target folder on the TFTP server. Whatever
folder is its default will be used.
Reversing the logic above, you can copy an IOS file from the
TFTP server to the flash memory of a router. As noted above,
this command only copies from the default folder of the TFTP server. If
you use this command, it will:
- Warn you in odd language that the router will have
- Ask for the name or IP address of the TFTP
server (remote host)
- Ask for the name of the IOS file
(on the server)
- Ask you several times to confirm that you will be
erasing the files already in flash
- Tell you that the system configuration has been modified, and ask
to save it. Poor wording. Tell it yes,
otherwise you will lose your configuration file.
- Ask you again to confirm that you
are copying destructively from the TFTP server to flash
- Dump the IOS from working memory, and load
the bootstrap IOS from ROM.
- Erase flash memory.
- Finally, complete the copy command.
- Reboot the router.
The copy command can also be used to put a safety copy
of a router's configuration file on the TFTP server
The text kindly explains that we can verify what is in each file (before
making a copy of it) with the show command:
The command to copy each version of the configuration file is:
copy running-config tftp
copy startup-config tftp
The difference between the two commands above is which configuration file
you want to make a copy of. We are also told that this command has an
odd behavior. We will be asked for the destination filename to use, and
the default is the name of the router, plus five characters:
You can, of course, use the copy command to copy from the TFTP server
to either the startup or running config file by reversing the arguments
in the two commands above.
copy tftp run
When the system asks for the name of the remote host,
it actually wants the IP address of the TFTP server,
It will also ask the name of the source file and the
destination file, even though you used the name of the
destination file in as the second argument to the command. Just when you
thought this was easy, the text throws in another wrinkle: using this
command will shut down all interfaces on the router. Great...
The erase command may be of use if you do not trust the setting in your
configuration files. The command erase startup-config
will erase all files in NVRAM, once you confirm that
you want to do so. With no stored configuration file, the router will
go into setup mode at its next reboot.
The text turns to Cisco Discovery Protocol, which was mentioned
in an earlier chapter. The author seems to believe that you can save lives
with this protocol. No, you can't. You can help save lives by giving reliable
tools to people who need them to save lives. There are times when
a network provides vital services to people who provide emergency services.
A system admin can be part of the big picture that helps people, but one
protocol will not save the world.
CDP protocol can be used to take a census of your Cisco equipment. When
you are connected in privileged mode to a Cisco router or switch, you
can use the command show cdp neighbor to get a list of the devices
directly connected to your device. This device list will give you several
facts about each connected device:
- Device ID - the name of the neighbor device
- Local Intrfce - the port the device is attached to
- Holdtme - CDP information is discarded when the Holdtime
for CDP packets expires. This keeps the CDP information current.
- Capability - This is one or more code letters that tell
us what kind of device each device is: R, router; T, transparent
bridge; B, source routing bridge; S, switch; H,
host; I, igmp; and r, repeater.
- Platform - the Cisco model number (remember, this protocol
only works on Cisco devices)
- Port ID - the port on the neighbor device that
is used to broadcast CDP packets
If you use the command show cdp neighbor detail, you will also
get the IP address of each neighbor device, and information about the
operating systems on them.
The text moves on to discuss the use of the Telnet program, which
we are told can be run from the DOS and the Cisco command
lines. If you wish to use the Telnet program to manage your Cisco devices,
you must set a VTY password for those devices first. The enable
or enable secret password must be set for the devices as well.
You can make a Telnet connection to a Cisco router two ways:
- telnet ip_address
The text tells us that you can end the Telnet program with the
exit command. This does not work on my Windows XP computer: I must
use the quit command instead.
The concept of host name resolution is discussed, as it must be in all
network texts. The same two solutions are offered:
- host table - You can build a host table with a series of commands
on each router.
command: ip host host_name IP_address
You can remove a line from the host table with the no modifier, and
the same command, leaving off the IP address.
Command: no ip host host_name
- DNS resolution - three commands may be used to enable your
router to use DNS service. They depend on your actually having a DNS
- ip domain-lookup - this enables your router to use DNS
service. It is enabled by default.
- ip name-server ip_address - this tells your router
the address of the DNS server to use for name
- ip domain-name subdomain.domain - this provides
completion information. When you only supply a partial domain name
for resolution, this establishes your subdomain and domain,
so objects can be searched for as members of your domain.
The text turns to two troubleshooting tools: ping and traceroute.
Neither is discussed any clarity.
- PING - can be issued on a command line, and has an extensive
list of options. Usually, the options are unnecessary. The text offers
the fact that you can ping the address 127.0.0.1, which stands for the
IP stack on the machine you are using. You may also want to ping the
IP address you think you have, with your network cable unplugged. Pinging
the local loopback proves you have a working IP stack. Pinging your
actual address, when unplugged, proves you have that address.
Be aware that you can ping an address or a domain name.
- TRACERT (Trace Route) - This command will show how long each
link in a route takes, as well as showing links that fail to pass packets
to the next link. Successful transfers of data will report the total
time to the destination. You can limit the trace to a specific number
of hops with the command
tracert -h hop_limit
where hop_limit is a number.