Cisco Device Management

The Boot Up Process

Cisco Devices have 4 built-in memory locations:

• ROM - Read Only Memory
• Flash - old devices have it built it, newer ones use removable CompactFlash
• NVRAM - Non Volatile RAM
• RAM - Random Access Memory

They also support the use of external USB devices.

ROM

When a Cisco device is powered on it will first load from ROM, and will then perform two main functions:

1. Power-On Self Test (POST)
2. Load bootstrap

The bootstrap is responsible for looking in Flash memory for an IOS image to load. If the bootstrap process cannot find an IOS image the device will show the ROMMON prompt. ROM Monitor can be used to recover a missing or corrupted image. When this occurs, we can boot from a USB device or from an external TFTP server.

Note

The ROMMON recovery process is somewhat device dependent, so search the internet for “Cisco ROMMON Recovery” for the specific device model.

Flash

Once the boostrap function from ROM begins, it will load the first IOS image found in Flash by default. This can be overridden with the boot system command (which can be used to use additional IOS system images that have been copied to Flash via TFTP or USB).

Note

The boot system command is a global configuration command.

NVRAM

Once the IOS system image has been loaded from Flash, the device will load the startup-config configuration file from NVRAM. Once this is done, the saved startup config becomes the active running config in RAM (this is why we need to use copy run start to ensure our active configuration is saved for next reboot).

However, if not startup-config file is found, the device will load directly into the Setup Wizard.

RAM

Both the IOS system image and the startup-config are loaded from Flash and NVRAM into RAM during the bootup process. Once running, RAM becomes the normal working memory of the device - although of course RAM is volatile and its contents will be lost when the device is powered off.

VLAN database

On Switches, the VLAN database is saved either in Flash or NVRAM, depending on the specific switch model.

Note

The VLAN database file is has a .dat extension, and is thus known as vlan.dat

Booting from TFTP

Cisco devices are able to load system images and/or startup-configs from an external TFTP server instead of Flash/NVRAM. This is not recommended because the device can become unable to boot should connectivity to the TFTP serve be lost. The main use-case for this is where the device does not have enough capacity in Flash to save system images.

Factory Reset

To factory reset a router or switch, use write erase. This removes the startup-config, but because the running-config and OS image are stored in ROM we then have to reload and reboot the device.

Password Recovery

Config Register

We can use the configuration register to modify how the router boots. Using the config-register command in global config or confreg at the ROMMON prompt. For example:

config-register 0x2142

The start up register will define what configuration will be loaded:

Register	Option
0x2102	boot normally (default)
0x2120	boot into ROMMON
0x2142	ignore contents of NVRAM (startup-config)

Password recovery procedure

1. Use the break sequence at power on to break into the rommon prompt (this is usually accomplished with Ctrl-Break, but Google device specific option)
2. confreg 0x2142 to ignore startup-config on boot
   1. Note that this means the startup-config still exists, with the enable password still stored, but the config is simply ignored
3. reset to reload → this causes the device to bootup with no configuration
4. Type no to bypass setup wizard
5. Enter enable mode (there is no enable secret because there isn’t one in the running config)
6. copy start run
   1. We copy the start-up config to the running config (including the secret password), but since we are already in enable mode we don’t need to know what the password is.
   2. This step is critical to maintain the current configuration if all we want to do is reset the password. Else the device will be factory reset
7. Enter a new enable secret in global config mode to overwrite the old one
8. config-register 0x2102 to allow the device to boot normally on next restart
   1. If we forget to do this, every time the device boots up it will always ignore the startup-config
9. copy run start to save the new configuration (including the new enable password).

Note

The instructions above are for a Router. Switches have a similar process but may require physically pressing the Mode button to break into the switch loader. Search for ‘Cisco password recovery’ for specific model to find full instructions.

Note

There are two commands available on IOS for password/secret management: enable password and enable secret. The former is a legacy option that stores a password in plaintext inside the config file, while enable secret stores a hashed version of the password.

The enable secret will override an enable password if we have set both.