Managing CISCO device

Cisco device Switch uses four forwarding method:-

  • Store and forward switching (data store in buffer and check error, so it is slow but it is very reliable).
  • Cut through switching (No error checking so it is fastest).
  • Fragment free switching (error checked of frame’s first 64 byte).
  • Adaptive switching (Automatic select one of the above three switching method).

Today bandwidth is more and switch uses digital concept, so mostly switch uses store and forward switching.

LLC – The LLC sublayer, short for Logical Link Control, can provide optional services to an application developer. One option is to provide flow control to the Network layer by using stop/ start codes. The LLC can also provide error correction.

BootP – It is a protocol which is used to boot diskless workstations connected to the network. It is a short form for Boot Protocol. Diskless workstations use BootP in order to determine its own IP address as well as the IP address of the server PC.


Bootstrap Stored in the microcode of the ROM, the bootstrap is used to bring a router up during initialization. It will boot the router and then load the IOS.
POST Stored in the microcode of the ROM, the POST is used to check the basic functionality of the router hardware and determines which interfaces are present.
ROM monitor Stored in the microcode of the ROM, the ROM monitor is used for manufacturing, testing, and troubleshooting.
Mini-IOS Called the RXBOOT or bootloader by Cisco, the mini-IOS is a small IOS in ROM that can be used to bring up an interface and load a Cisco IOS into flash memory. The mini-IOS can also perform a few other maintenance operations.
RAM Used to hold packet buffers, ARP cache, routing tables, and also the software and data structures that allow the router to function. Running-config is stored in RAM, and most routers expand the IOS from flash into RAM upon boot.
ROM Used to start and maintain the router. Holds the POST and the bootstrap program as well as the mini-IOS.
Flash memory Stores the Cisco IOS by default. Flash memory is not erased when the router is reloaded. It is EEPROM (electronically erasable programmable read-only memory).
NVRAM Used to hold the router and switch configuration. NVRAM is not erased when the router or switch is reloaded. Does not store an IOS. The configuration register is stored in NVRAM.
Configuration register Used to control how the router boots up. This value can be found as the last line of the show version command output and by default is set to 0x2102, which tells the router to load the IOS from flash memory as well as to load the configuration from NVRAM.

RAMARP cache, Routing table, Packet buffer

ROM Bootstrap, POST, mini IOS, ROM monitor

The boot sequence consists of the following steps:

  • The router performs a POST. The POST tests the hardware to verify that all components of the device are operational and present. For example, the POST checks for the different interfaces on the router. The POST is stored in and run from ROM (read-only memory).
  • The bootstrap then looks for and loads the Cisco IOS software. The bootstrap is a program in ROM that is used to execute programs. The bootstrap program is responsible for finding where each IOS program is located and then loading the file. By default, the IOS software is loaded from flash memory in all Cisco routers.
  • The IOS software looks for a valid configuration file stored in NVRAM. This file is called startup-config and is only there if an administrator copies the running-config file into NVRAM. (As you already know, the new ISR routers have a small startup-config file preloaded.)
  • If a startup-config file is in NVRAM, the router will copy this file and place it in RAM. The router will use this file to run the router. The router should now be operational. If a startup-config file is not in NVRAM, the router will broadcast out any interface that detects carrier detect (CD) for a TFTP host looking for a configuration, and when that fails (typically it will fail—most people won’t even realize the router has attempted this process), it will start the setup mode configuration process.
  • The default order of an IOS loading from a router is flash, TFTP server, then ROM.

Managing configuration register –

  • All Cisco routers have a 16-bit software register that’s written into NVRAM.

Table 1. Configuration register bit no.

Configuration register   2      
Bit no. 15 14 1312 11 10 9 8 7 6 5 4 3 2 1 0
Binary 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

Table 2. Software configuration meanings

Bit Hex Description
0-3 0x0000–0x000F Boot field (see Table 3).
6 0x0040 Ignore NVRAM contents.
7 0x0080 OEM bit enabled.
8 0x101 Break disabled.
10 0x0400 IP broadcast with all zeros.
5, 11-12 0x0800–0x1000 Console line speed.
13 0x2000 Boot default ROM software if network boot fails.
14 0x4000 IP broadcasts do not have net numbers.
15 0x8000 Enable diagnostic messages and ignore NVRAM contents.

The boot field, which consists of bits 0–3 in the configuration register, controls the router boot sequence.

Boot field Meaning Use
00 ROM monitor mode You must manually boot the router with the b command. The router will show the rommon> prompt.
01 Boot image from ROM To boot the mini-IOS image stored in ROM, set the configuration register to 2101. The router will show the Router(boot)> prompt.
02-F Specifies default boot filename Any value from 2102 through 210F tells the router to use the boot commands specified in NVRAM.
  • If you save a configuration and reload the router and it comes up either in setup mode or as a blank configuration, chances are you have the configuration register setting incorrect.
  • Erasing the configuration – R1# erase startup-configR1# reload
  • R1# sh version Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version12.4(12), RELEASE SOFTWARE (fc1)[output cut]Configuration register is 0x2102.

This is default setting. The configuration register setting of 0x2102 tells the router to look in NVRAM for the boot sequence.

  • You can change the configuration register by using the config-register command.

Router(config)#config-register 0x2101


Router#sh ver

(output cut)

Configuration register is 0x2102 (will be 0x2101 at next reload)

  • boot system command will allow you to tell the router which file to boot from flash memory.

Router(config)#boot system ?

WORD  TFTP filename or URL

flash    Boot from flash memory

ftp        Boot from a server via ftp

mop     Boot from a Decnet MOP server

rcp       Boot from a server via rcp

rom     Boot from rom

tftp      Boot from a tftp server

Router(config)#boot system flash c2800nm-advsecurityk9-mz.124-12.bin

Router(config)#boot system tftp c2800nm-advsecurityk9-mz.124-12.bin

  • If the IOS in flash doesn’t load and the TFTP host does not produce the IOS—load the mini-IOS from ROM like this:

Router(config)#boot system rom

Router(config)#do show run | include boot system

boot system flash c2800nm-advsecurityk9-mz.124-12.bin

boot system tftp c2800nm-advsecurityk9-mz.124-12.bin

boot system rom

Mini-IOS will load after six unsuccessful attempts of trying to locate TFTP server.

Recovering Passwords –

Bit 6 in the configuration register is used to tell the router whether to use the contents of NVRAM to load a router configuration. The default configuration register value is 0x2102, meaning that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6. Doing this will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142.

Here are the main steps to password recovery:-

  • Boot the router and interrupt the boot sequence by performing a break, which will take the router into ROMMON.
  • Change the configuration register to turn on bit 6 (with the value 0x2142).
  • Reload the router.
  • Enter privileged mode.
  • Copy the startup-config file to running-config.
  • Change the password.
  • Reset the configuration register to the default value.
  • Save the router configuration.
  • Reload the router (optional)

I’ll also show you the commands to restore access to ISR, 2600, and even 2500 series routers. You can enter ROM monitor mode by pressing Ctrl+Break or Ctrl+Shift+6 then b, during router bootup. But if the IOS is corrupt or missing, if there’s no network connectivity available to find a TFTP host, or if the mini-IOS from ROM doesn’t load (meaning the default router fallback failed), the router will enter ROM monitor mode by default.

Your first step is to boot the router and perform a break. This is usually done by pressing the Ctrl+Break key combination when using HyperTerminal (personally, I use SecureCRT or Putty) while the router first reboots.

rommon 1 >confreg 0x2142 

You must reset or power cycle for new config to take effect

rommon 2 >reset

The router will reload and ask if you want to use setup mode (because no startup-config is used). Answer no to entering setup mode, press Enter to go into user mode, and then type enable to go into privileged mode.

  • copy start
  • config t
  • enable secret cisco
  • config-register 0x2102
  • copy running-config startup-config
  • reload
Backing Up and restoring cisco IOS –

-#-     –length–         —–date/time—                         —path

21710744     Jan 2 2007 22:41:14 +00:00   c2800nm-advsecurityk9-mz.124-12.bin [output cut]

32989184 bytes available (31027200 bytes used)

The router above has 64MB of RAM, and roughly half of the memory is in use.

Router#show version

Cisco 2811 (revision 49.46) with 249856K/12288K bytes of memory.

Processor board ID FTX1049A1AB

2 FastEthernet interfaces

4 Serial(sync/async) interfaces

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

62720K bytes of ATA CompactFlash (Read/Write)

You can see that the amount of flash shows up on the last line. By averaging up, we get the amount of flash to 64MB. The main difference in the output of the show flash and show version commands is that the show flash command displays all files in flash and the show version command shows the actual name of the file that the router is using to run the router.

Check this by pinging the TFTP device from the router console prompt like this:


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds: !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Router#copy flash tftp

Source filename []?c2800nm-advsecurityk9-mz.124-12.bin

Address or name of remote host []?

Destination filename [c2800nm-advsecurityk9-mz.124-12.bin]?[enter] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

21710744 bytes copied in 60.724 secs (357532 bytes/sec)

Router#copy tftp flash

Address or name of remote host []?

Source filename []?c2800nm-advsecurityk9-mz.124-12.bin

Destination filename [c2800nm-advsecurityk9-mz.124-12.bin]?[enter]

%Warning: There is a file already existing with this name

Do you want to over write? [confirm][enter]

Accessing tftp://…

Loading c2800nm-advsecurityk9-mz.124-12.bin from (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK – 21710744 bytes]

21710744 bytes copied in 82.880 secs (261954 bytes/sec)

If I had just corrupted my file by overwriting it, I won’t know until I reboot the router. Be careful with this command! If the file is corrupted, you’ll need to do an IOS restore from ROM monitor mode.

Using the Cisco IOS File System (Cisco IFS):-
  • dir- Same as with Windows, this command lets you view files in a directory. Type dir, hit Enter, and by default you get the contents of the flash:/ directory output.
  • copy- This is one popular command, often used to upgrade, restore, or back up an IOS. But as I said, when you use it, it’s really important to focus on the details—what you’re copying, where it’s coming from, and where it’s going to land.
  • more- Same as with Unix, this will take a text file and let you look at it on a card. You can use it to check out your configuration file or your backup configuration file. I’ll go over it more when we get into actual configuration.
  • show file- This command will give you the skinny on a specified file or file system, but it’s kind of obscure because people don’t use it a lot.
  • delete- it deletes stuff. But with some types of routers, not as well as you’d think. That’s because even though it whacks the file, it doesn’t always free up the space it was using. To actually get the space back, you have to use something called the squeeze command too.
  • erase/format- Use these with care—make sure that when you’re copying files, you say no to the dialog that asks you if you want to erase the file system! The type of memory you’re using determines if you can nix the flash drive or not.
  • cd/pwd- Same as with Unix and DOS, cd is the command you use to change directories. Use the pwd command to print (show) the working directory.
  • mkdir/rmdir- Use these commands on certain routers and switches to create and delete directories — the mkdir command for creation and the rmdir command for deletion. Use the cd and pwd commands to change into these directories.




Directory of flash:/

1  -rw-  13937472   Dec 20 2006   19:58:18  +00:00   c1841-ipbase-mz.124-1c.bin

2  -rw-  1821            Dec 20 2006   20:10:54  +00:00  sdmconfig-18xx.cfg

3  -rw-  4734464     Dec 20 2006   20:11:50  +00:00  sdm.tar

4  -rw-  833024       Dec 20 2006   20:12:04  +00:00  es.tar

5  -rw-  1052160     Dec 20 2006   20:12:40  +00:00  common.tar

6  -rw-  1038            Dec 20 2006   20:13:09  +00:00  home.shtml

7  -rw-  102400       Dec 20 2006   20:13:50  +00:00  home.tar

8  -rw-  491213       Dec 20 2006   20:14:06  +00:00  128MB.sdf

9  -rw-  1684577     Dec 20 2006   20:15:24  +00:00  securedesktop-ios-

10 -rw-  398305       Dec 20 2006   20:16:00  +00:00  sslclient-win-

32071680 bytes total (8818688 bytes free)

R1#show file info flash:c1841-ipbase-mz.124-1c.bin


type is image (elf) []

file size is 13937472 bytes, run size is 14103140 bytes

Runnable image, entry point 0x8000F000, run from ram

R1#delete flash:c1841-ipbase-mz.124-1c.bin

Delete filename [c1841-ipbase-mz.124-1c.bin]?[enter]

Delete flash:c1841-ipbase-mz.124-1c.bin? [confirm][enter]

R1#sh flash

-#-  –length– —–date/time—                                — path

1   1821        Dec 20 2006   20:10:54  +00:00   sdmconfig-18xx.cfg

2   4734464 Dec 20 2006   20:11:50  +00:00   sdm.tar

3   833024   Dec 20 2006   20:12:04  +00:00   es.tar

4   1052160 Dec 20 2006   20:12:40  +00:00   common.tar

5   1038        Dec 20 2006   20:13:09  +00:00   home.shtml

6   102400   Dec 20 2006   20:13:50  +00:00   home.tar

7   491213   Dec 20 2006   20:14:06  +00:00   128MB.sdf

8   1684577 Dec 20 2006   20:15:24  +00:00   securedesktop-ios-

9   398305   Dec 20 2006   20:16:00  +00:00   sslclient-win– 22757376 bytes available (9314304 bytes used)

R1#sh file info flash:c1841-ipbase-mz.124-1c.bin

%Error opening flash:c1841-ipbase-mz.124-1c.bin (File not found)

R1#copy tftp:// flash:/c1841-advipservicesk9-mz.124-12.bin

Source filename [/c1841-advipservicesk9-mz.124-12.bin/]?[enter]

Destination filename [c1841-advipservicesk9-mz.124-12.bin]?[enter]

Loading /c1841-advipservicesk9-mz.124-12.bin/ from (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK – 22103052 bytes] 22103052 bytes copied in 72.008 secs (306953 bytes/sec)

R1#sh flash

-#-  –length–     —–date/time—                                — path

1   1821           Dec 20 2006   20:10:54   +00:00   sdmconfig-18xx.cfg

2   4734464    Dec 20 2006   20:11:50   +00:00   sdm.tar

3   833024      Dec 20 2006   20:12:04   +00:00   es.tar

4   1052160    Dec 20 2006   20:12:40   +00:00   common.tar

5   1038           Dec 20 2006   20:13:09   +00:00   home.shtml

6   102400       Dec 20 2006   20:13:50   +00:00   home.tar

7   491213       Dec 20 2006   20:14:06   +00:00   128MB.sdf

8   1684577     Dec 20 2006   20:15:24   +00:00   securedesktop-ios-

9   398305       Dec 20 2006   20:16:00   +00:00   sslclient-win-

10 22103052  Mar 10 2007   19:40:48   +00:00   c1841-advipservicesk9-mz.124-12.bin 651264 bytes available (31420416 bytes used)

R1#sh file information flash:c1841-advipservicesk9-mz.124-12.bin


type is image (elf) []

file size is 22103052 bytes, run size is 22268736 bytes

Runnable image, entry point 0x8000F000, run from ram


Cisco discovery protocol (CDP)

DEL#sh cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 180 seconds

Sending CDPv2 advertisements is   enabled

DEL (config) #cdp ?

advertise-v2          CDP sends version-2 advertisements

holdtime               Specify the holdtime (in sec) to be sent in packets

log                         Log messages generated by CDP

run                        Enable CDP

source-interface   Insert the interface’s IP in all CDP packets

timer                       Specify rate (in sec) at which CDP packets are sent  run

DEL (config) #cdp holdtime ?

<10-255>              Length of time (in sec) that receiver must keep this packet

DEL (config) #cdp timer ?

<5-254>                Rate at which CDP packets are sent (in sec)

You can turn off CDP completely with the no cdp run command from the global configuration mode of a router. To turn CDP off or on for an interface, use the no cdp enable and cdp enable commands.

The show cdp neighbor command (sh cdp nei for short) delivers information about directly connected devices. It’s important to remember that CDP packets aren’t passed through a Cisco switch and that you only see what’s directly attached. So this means that if your router is connected to a switch, you won’t see any of the devices hooked up to that switch.

The following output shows the show cdp neighbor command used on my Corp 2811 router:

DEL#sh cdp neighbors

Capability Codes:   R – Router,  T – Trans Bridge,  B – Source Route Bridge,  S – Switch,  H – Host,  I – IGMP,  r – Repeater

Device ID    Local Intrfce    Holdtime    Capability    Plateform    Port ID

ap                Fas 0/1            165                   T I             AIR-API24    Fas 0

R2               Ser 0/1/0         140               R  S  I            2801             Ser 0/2/0

R3               Ser 0/0/1         157               R  S  I            1841             Ser 0/0/1

R1               Ser 0/2/0         154               R  S  I            1841             Ser 0/0/1

R1               Ser 0/0/0         154               R  S  I            1841             Ser 0/0/0

Port ID – The neighbor device’s port or interface on which the CDP packets are multicast.

Link Layer Discovery Protocol (LLDP) –

It is nonproprietary discovery protocol that provides pretty much the same information as CDP but works in multivendor networks. LLDP defines basic discovery capabilities, but it was also enhanced to specifically address the voice application, and this version is called LLDP-MED (Media Endpoint Discovery). LLDP and LLDP-MED are not compatible.


If you find you can’t telnet into a device, it could be that the password on the remote device hasn’t been set. It’s also possible that an access control list is filtering the Telnet session.

To keep open one or more Telnet sessions, use the Ctrl+Shift+6 and then X keystroke combination.

If you telnet to a router or switch, you can end the connection by typing exit at any time. But what if you want to keep your connection to a remote device but still come back to your original router console? To do that, you can press the Ctrl+Shift+6 key combination, release it, and then press X.


Trying … Open

User Access Verification



DEL#sh sessions

Conn      Host                       Address              Bytes     Idle     Conn Name

1                      0            0

* 2                      0            0 

See that asterisk (*) next to connection 2? It means that session 2 was your last session. You can return to your last session by pressing Enter twice.

You can list all active consoles and VTY ports in use on your router with the show users command:

DEL#sh users

Line          User                Host                         Idle                   Location

*  0 con 0                                     00:00:02                    00:01:10

You can end Telnet sessions a few different ways—typing exit or disconnect is probably the easiest and quickest.

To end a session from a remote device, use the exit command:


[Connection to closed by foreign host]

DEL#sh session

Conn      Host                       Address              Bytes     Idle     Conn Name

*  2                      0            0

DEL#disconnect 2

Closing connection to [confirm] [enter]

Resolving Hostnames –

There are two ways to resolve hostnames to IP addresses: building a host table on each router or building a Domain Name System (DNS) server.

DEL(config)#ip host R1

DEL(config)#ip host ap


Trying R1 (… Open

User Access Verification




Trying UP (… Open

User Access Verification




Using DNS to resolve Names –

Any time a Cisco device receives a command it doesn’t understand, it will try to resolve it through DNS by default.


Translating “todd”…domain server (

Translating “todd”…domain server (

Translating “todd”…domain server (

Unknown command or computer name, or unable to find computer address

DEL#config t

DEL(config)#ip domain-lookup

DEL(config)#ip name-server ?

A.B.C.D Domain server IP address (maximum of 6)

DEL(config)#ip name-server

DEL(config)#ip domain-name


DEL#ping R1

Translating “R1″…domain server ( [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms

After a name is resolved using DNS, use the show hosts command to see that the device cached this information in the host table.

Debugging –

You don’t just use debug as a monitoring tool—it’s meant to be used for a short period of time and only as a troubleshooting tool.

DEL#debug ip rip

RIP protocol debugging is on


1w4d: RIP: sending v2 update to via Serial0/0 (

1w4d: RIP: build update entries

1w4d: via, metric 2, tag 0

1w4d: via, metric 1, tag 0

1w4d: RIP: sending v2 update to via Serial0/2 (

1w4d: RIP: build update entries

1w4d: via, metric 1, tag 0

1w4d: RIP: received v2 update from on Serial0/0

1w4d: via in 1 hops

Corp#un all

Remember, when you telnet into a remote device, you will not see console messages by default! For example, you will not see debugging output. To allow console messages to be sent to your Telnet session, use the terminal monitor command.

show processes Command –  If your router’s CPU utilization is consistently at 50 percent or more, it’s probably not a good idea of debug command because show process command takes CPU utilization of above 50 percent.

Corp#sh processes

CPU utilization for five seconds: 2%/0%; one minute: 0%; five minutes: 0%

PID   QTy      PC    Runtime (ms)       Invoked  uSecs   stacks           TTY       Process

1       Cwe      8034539C   0           1                 0             5802/6000         0            Chunk Manager

2       Csp      80367A90   4        1858            2             2618/3000         0            Load Meter

3       M*        0                  112         14               8000       100658/12000  0            Exec

5       Lst   8034FD9C  268248     52102        5146        5146/6000        0     Check heaps

6       Cwe      8034E35C   20        3                 6666       5702/6000        0       Pool Manager

7       Mst       8034AC9C   0          2                 0              5572/6000        0            Timers

Questions and Answer related to this topic –

Q.1 . You copy a configuration from a network host to a router’s RAM. The configuration looks correct, yet it is not working at all. What could the problem be?

Ans. The copy did not override the shutdown command in running-config.

Q.2 . What information is displayed by the show hosts command? (Choose two.)

  • (a) Temporary DNS entries
  • (b) The names of the routers created using the hostname command
  • (c) The IP addresses of workstations allowed to access the router
  • (d) Permanent name-to-address mappings created using the ip host command
  • (e) The length of time a host has been connected to the router via Telnet

Ans. (a) and (d)

Q.3. You telnet to a router and make your necessary changes; now you want to end the Telnet session. What command do you type in?

Ans. Since the question never mentioned anything about a suspended session, you can assume that the Telnet session is still open, and you would just type exit to close the session.

Q.4. You telnet into a remote device and type debug ip rip, but no output from the debug command is seen. What could the problem be?

Ans. To see console messages through your Telnet session, you must enter the terminal monitor command.

Q.5. Which command displays the configuration register setting?

  • show ip route
  • show boot version
  • show version
  • show flash

Ans. (c)

Q.6. You have your laptop directly connected into a router’s Ethernet port. Which of the following are among the requirements for the copy flash tftp command to be successful? (Choose three.)

(a) TFTP server software must be running on the router.

(b) TFTP server software must be running on your laptop.

(c) The Ethernet cable connecting the laptop directly into the router’s Ethernet port must be a straight-through cable.

(d) The laptop must be on the same subnet as the router’s Ethernet interface.

(e) The copy flash tftp command must be supplied the IP address of the laptop.

Ans. (b), (d), (e)  Before you back up an IOS image to a laptop directly connected to a router’s Ethernet port, make sure the TFTP server software is running on your laptop, that the Ethernet cable is a “crossover,” and that the laptop is in the same subnet as the router’s Ethernet port, and then you can use the copy flash tftp command from your laptop.

Q.7. The configuration register setting of 0x2102 provides what function to a router?

  • (a) Tells the router to boot into ROM monitor mode
  • (b) Provides password recovery
  • (c) Tells the router to look in NVRAM for the boot sequence
  • (d) Boots the IOS from a TFTP server
  • (e) Boots an IOS image stored in ROM

Ans. (c)

Q.8. What command enables your switch or router to receive clock and date information and synchronize with NTP server?

Ans. Ntp server ip_address version 4

Q.9. Which NTP verification command will show reference master fot client?

Ans. Show ntp status

Leave a Reply

Your email address will not be published. Required fields are marked *