TABLE 8.1 The configuration register bit numbers Configuration Register 2

can be used to ignore the NVRAM contents. This bit is used for password

recovery—something I’ll go over with you soon in the section “Recovering

Passwords,” later in this chapter.

Remember that in hex, the scheme is 0–9 and A–F (A = 10, B

= 11, C = 12, D = 13, E = 14, and F = 15). This means that a 210F

setting for the configuration register is actually 210(15), or 1111 in

binary.

TABLE 8.2

Software configuration meanings

Bit

Hex

Description

0–3

0x0000–

0x000F

Boot field (see

Table 8.3

).

6

0x0040

Ignore NVRAM contents.

7

0x0080

OEM bit enabled.

8

0x101

Break disabled.

10

0x0400

IP broadcast with all zeros.

5, 11–

12

0x0800–

0x1000

Console line speed.

13

0x2000

Boot default ROM software if network boot fails.

14

0x4000

IP broadcasts do not have net numbers.

15

0x8000

Enable diagnostic messages and ignore NVRAM

contents.

The boot field, which consists of bits 0–3 in the configuration register

(the last 4 bits), controls the router boot sequence and locates the Cisco

IOS.

Table 8.3

describes the boot field bits.

TABLE 8.3

The boot field (configuration register bits 00–03)

Boot

Field

Meaning Use

00

ROM

monitor

mode

To boot to ROM monitor mode, set the configuration

register to 2100. You must manually boot the router

with the

b

command. The router will show the

rommon>

prompt.

01

Boot

image

from

ROM

To boot the mini-IOS image stored in ROM, set the

configuration register to 2101. The router will show the

Router(boot)>

prompt. The mini-IOS is not available

in all routers and is also referred to as RXBOOT.

02–F Specifies

a default

boot

filename

Any value from 2102 through 210F tells the router to

use the

boot

commands specified in NVRAM.

Checking the Current Configuration Register Value

You can see the current value of the configuration register by using the

show version

command (

sh version

or

show ver

for short), as

demonstrated here:

Router>

sh version

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M),

Version 15.1(4)M6, RELEASE SOFTWARE (fc2)

[output cut]

Configuration register is 0x2102

The last information given from this command is the value of the

configuration register. In this example, the value is 0x2102—the default

setting. The configuration register setting of 0x2102 tells the router to

look in NVRAM for the boot sequence.

Notice that the

show version

command also provides the IOS version, and

in the preceding example, it shows the IOS version as 15.1(4)M6.

The

show version

command will display system hardware

configuration information, system serial number, the software

verision, and the names of the boot images on a router.

To change the configuration register, use the

config-register

command

from global configuration mode:

Router(config)

#config-register 0x2142

Router(config)

#do sh ver

[output cut]

Configuration register is 0x2102 (will be 0x2142 at next reload)

It’s important that you are careful when you set the configuration

register!

If you save your configuration and reload the router and it

comes up in setup mode, the configuration register setting is probably

incorrect.

Boot System Commands

Did you know that you can configure your router to boot another IOS if

the flash is corrupted? Well, you can. You can boot all of your routers

from a TFTP server, but it’s old school, and people just don’t do it

anymore; it’s just for backup in case of failure.

There are some

boot

commands you can play with that will help you

manage the way your router boots the Cisco IOS—but please remember,

we’re talking about the router’s IOS here, not the router’s configuration!

Router>

en

Router#

config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

boot ?

bootstrap Bootstrap image file

config Configuration file

host Router-specific config file

network Network-wide config file

system System image file

The

boot

command truly gives you a wealth of options, but first, I’ll show

you the typical settings that Cisco recommends. So let’s get started—the

boot system

command will allow you to tell the router which system IOS

file to boot from flash memory. Remember that the router, by default,

boots the first system IOS file found in flash. You can change that with

the following commands, as shown in the output:

Router(config)#

boot system ?

WORD TFTP filename or URL

flash Boot from flash memory

ftp Boot from a server via ftp

mop Boot from a Decnet MOP server

rcp Boot from a server via rcp

rom Boot from rom

tftp Boot from a tftp server

Router(config)#

boot system flash c2800nm-advsecurityk9-mz.151-

4.M6.bin

Notice I could boot from FLASH, FTP, ROM, TFTP, or another useless

options. The command I used configures the router to boot the IOS listed

in it. This is a helpful command for when you load a new IOS into flash

and want to test it, or even when you want to totally change which IOS is

loading by default.

The next command is considered a fallback routine, but as I said, you can

make it a permanent way to have your routers boot from a TFTP host.

Personally, I wouldn’t necessarily recommend doing this (single point of

failure); I’m just showing you that it’s possible:

Router(config)#

boot system tftp ?

WORD System image filename

Router(config)#

boot system tftp c2800nm-advsecurityk9-mz.151-

4.M6.bin?

Hostname or A.B.C.D Address from which to download the file

Router(config)#

boot system tftp c2800nm-advsecurityk9-mz.151-

4.M6.bin 1.1.1.2

Router(config)#

As your last recommended fallback option—the one to go to if the IOS in

flash doesn’t load and the TFTP host does not produce the IOS—load the

mini-IOS from ROM like this:

Router(config)#

boot system rom

Router(config)#

do show run | include boot system

boot system flash c2800nm-advsecurityk9-mz.151-4.M6.bin

boot system tftp c2800nm-advsecurityk9-mz.151-4.M6.bin 1.1.1.2

boot system rom

Router(config)#

If the preceding configuration is set, the router will try to boot from the

TFTP server if flash fails, and if the TFTP boot fails, the mini-IOS will

load after six unsuccessful attempts of trying to locate the TFTP server.

In the next section, I’ll show you how to load the router into ROM

monitor mode so you can perform password recovery.

Recovering Passwords

If you’re locked out of a router because you forgot the password, you can

change the ​configuration register to help you get back on your feet. As I

said earlier, bit 6 in the ​configuration register is used to tell the router

whether to use the contents of NVRAM to load a router configuration.

The default configuration register value is 0x2102, meaning that bit 6 is

off. With the default setting, the router will look for and load a router

configuration stored in NVRAM (startup-config). To recover a password,

you need to turn on bit 6. Doing this will tell the router to ignore the

NVRAM contents. The configuration register value to turn on bit 6 is

0x2142.

Here are the main steps to password recovery:

1.  Boot the router and interrupt the boot sequence by performing a

break, which will take the router into ROM monitor mode.

2.  Change the configuration register to turn on bit 6 (with the value

0x2142).

3.  Reload the router.

4.  Say “no” to entering setup mode, then enter privileged mode.

5.  Copy the startup-config file to running-config, and don’t forget to

verify that your interfaces are re-enabled.

6.  Change the password.

7.  Reset the configuration register to the default value.

8.  Save the router configuration.

9.  Reload the router (optional).

I’m going to cover these steps in more detail in the following sections. I’ll

also show you the commands to restore access to ISR series routers.

You can enter ROM monitor mode by pressing Ctrl+Break or

Ctrl+Shift+6, then b, ​during router bootup. But if the IOS is corrupt or

missing, if there’s no network ​connectivity available to find a TFTP host,

or if the mini-IOS from ROM doesn’t load (meaning the default router

fallback failed), the router will enter ROM monitor mode by default.

Interrupting the Router Boot Sequence

Your first step is to boot the router and perform a break. This is usually

done by pressing the Ctrl+Break key combination when using

HyperTerminal (personally, I use SecureCRT or PuTTY) while the router

first reboots.

System Bootstrap, Version 15.1(4)M6, RELEASE SOFTWARE (fc2)

Copyright (c) 1999 by cisco Systems, Inc.

TAC:Home:SW:IOS:Specials for info

PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0

C2800 platform with 32768 Kbytes of main memory

PC = 0xfff0a530, Vector = 0x500, SP = 0x80004374

monitor: command “boot” aborted due to user interrupt

rommon 1 >

Notice the line

monitor: command “boot” aborted due to user interrupt

.

At this point, you will be at the

rommon 1>

prompt, which is called the

ROM monitor mode.

Changing the Configuration Register

As I explained earlier, you can change the configuration register from

within the IOS by using the

config-register

command. To turn on bit 6,

use the configuration register value 0x2142.

Remember that if you change the configuration register to

0x2142, the startup-config will be bypassed and the router will load

into setup mode.

To change the bit value on a Cisco ISR series router, you just enter the

following command at the

rommon 1>

prompt:

rommon 1 >

confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 >

reset

Reloading the Router and Entering Privileged Mode

At this point, you need to reset the router like this:

From the ISR series router, type

I

(for initialize) or

reset

.

From an older series router, type

I

.

The router will reload and ask if you want to use setup mode (because no

startup-config is used). Answer no to entering setup mode, press Enter to

go into user mode, and then type

enable

to go into privileged mode.

Viewing and Changing the Configuration

Now you’re past the point where you would need to enter the user-mode

and privileged-mode passwords in a router. Copy the startup-config file

to the running-config file:

copy startup-config running-config

Or use the shortcut:

copy start run

The configuration is now running in random access memory (RAM), and

you’re in privileged mode, meaning that you can now view and change the

configuration. But you can’t view the enable secret setting for the

password since it is encrypted. To change the password, do this:

config t

enable secret todd

Resetting the Configuration Register and Reloading the Router

After you’re finished changing passwords, set the configuration register

back to the default value with the

config-register

command:

config t

config-register 0x2102

It’s important to remember to enable your interfaces after copying the

configuration from NVRAM to RAM.

Finally, save the new configuration with a

copy running-config startup-

config

and use

reload

to reload the router.

If you save your configuration and reload the router and it

comes up in setup mode, the configuration register setting is probably

incorrect.

To sum this up, we now have Cisco’s suggested IOS backup routine

configured on our router: flash, TFTP host, ROM.

Backing Up and Restoring the Cisco IOS

Before you upgrade or restore a Cisco IOS, you really should copy the

existing file to a TFTP host as a backup just in case the new image crashes

and burns.

And you can use any TFTP host to accomplish this. By default, the flash

memory in a router is used to store the Cisco IOS. In the following

sections, I’ll describe how to check the amount of flash memory, how to

copy the Cisco IOS from flash memory to a TFTP host, and how to copy

the IOS from a TFTP host to flash memory.

But before you back up an IOS image to a network server on your

intranet, you’ve got to do these three things:

Make sure you can access the network server.

Ensure that the network server has adequate space for the code image.

Verify the file naming and path requirements.

You can connect your laptop or workstation’s Ethernet port directly to a

router’s Ethernet interface, as shown in

Figure 8.1

.

FIGURE 8.1

Copying an IOS from a router to a TFTP host

You need to verify the following before attempting to copy the image to or

from the router:

TFTP server software must be running on the laptop or workstation.

The Ethernet connection between the router and the workstation

must be made with a crossover cable.

The workstation must be on the same subnet as the router’s Ethernet

interface.

The

copy flash tftp

command must be supplied the IP address of the

workstation if you are copying from the router flash.

And if you’re copying “into” flash, you need to verify that there’s

enough room in flash memory to accommodate the file to be copied.

Verifying Flash Memory

Before you attempt to upgrade the Cisco IOS on your router with a new

IOS file, it’s a good idea to verify that your flash memory has enough

room to hold the new image. You verify the amount of flash memory and

the file or files being stored in flash memory by using the

show flash

command (

sh flash

for short):

Router#

sh flash

-#- --length-- -----date/time------ path

1 45392400 Apr 14 2013 05:31:44 +00:00 c2800nm-advsecurityk9-

mz.151-4.M6.bin

18620416 bytes available (45395968 bytes used)

There are about 45 MB of flash used, but there are still about 18 MB

available. If you want to copy a file into flash that is more than 18 MB in

size, the router will ask you if you want to erase flash. Be careful here!

The

show flash

command will display the amount of memory

consumed by the current IOS image as well as tell you if there's

enough room available to hold both current and new images. You

should know that if there's not enough room for both the old and new

image you want to load, the old image will be erased!

The amount of RAM and flash is actually easy to tally using the

show

version

command on routers:

Router#

show version

[output cut]

System returned to ROM by power-on

System image file is "

flash:c2800nm-advsecurityk9-mz.151-4.M6.bin"

[output cut]

Cisco 2811 (revision 1.0) with 249856K/12288K bytes of memory.

Processor board ID FTX1049A1AB

2 FastEthernet interfaces

2 Serial(sync/async) interfaces

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

62720K bytes of ATA CompactFlash (Read/Write)

The second highlighted line shows us that this router has about 256 MB

of RAM, and you can see that the amount of flash shows up on the last

line. By estimating up, we get the amount of flash to 64 MB.

Notice in the first highlighted line that the filename in this example is

c2800nm-advsecurity k9-mz.151-4.M6.bin

. The main difference in the

output of the

show flash

and

show version

commands is that the

show

flash

command displays all files in flash memory and the

show version

command shows the actual name of the file used to run the router and the

location from which it was loaded, which is flash memory.

Backing Up the Cisco IOS

To back up the Cisco IOS to a TFTP server, you use the

copy flash tftp

command. It’s a straightforward command that requires only the source

filename and the IP address of the TFTP server.

The key to success in this backup routine is to make sure you’ve got good,

solid connectivity to the TFTP server. Check this by pinging the TFTP

device from the router console prompt like this:

Router#

ping 1.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout

is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max

= 4/4/8 ms

After you ping the TFTP server to make sure that IP is working, you can

use the

copy flash tftp

command to copy the IOS to the TFTP server as

shown next:

Router#

copy flash tftp

Source filename []?

c2800nm-advsecurityk9-mz.151-4.M6.bin

Address or name of remote host []?

1.1.1.2

Destination filename [c2800nm-advsecurityk9-mz.151-4.M6.bin]?

[enter]

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

45395968 bytes copied in 123.724 secs (357532 bytes/sec)

Router#

Just copy the IOS filename from either the

show flash

or

show version

command and then paste it when prompted for the source filename.

In the preceding example, the contents of flash memory were copied

successfully to the TFTP server. The address of the remote host is the IP

address of the TFTP host, and the source filename is the file in flash

memory.

Many newer Cisco routers have removable memory. You may

see names for this memory such as

flash0:

, in which case the

command in the ​preceding example would be

copy flash0: tftp:

.

Alternately, you may see it as

usbflash0:

.

Restoring or Upgrading the Cisco Router IOS

What happens if you need to restore the Cisco IOS to flash memory to

replace an original file that has been damaged or if you want to upgrade

the IOS? You can download the file from a TFTP server to flash memory

by using the

copy tftp flash

command. This command requires the IP

address of the TFTP host and the name of the file you want to download.

However, since IOS’s can be very large today, we may want to use

something other than tftp, which is unreliable and can only transfer

smaller files. Check this out:

Corp#

copy ?

/erase Erase destination file system.

/error Allow to copy error file.

/noverify Don’t verify image signature before reload.

/verify Verify image signature before reload.

archive: Copy from archive: file system

cns: Copy from cns: file system

flash: Copy from flash: file system

ftp: Copy from ftp: file system

http: Copy from http: file system

https: Copy from https: file system

null: Copy from null: file system

nvram: Copy from nvram: file system

rcp: Copy from rcp: file system

running-config Copy from current system configuration

scp: Copy from scp: file system

startup-config Copy from startup configuration

system: Copy from system: file system

tar: Copy from tar: file system

tftp: Copy from tftp: file system

tmpsys: Copy from tmpsys: file system

xmodem: Copy from xmodem: file system

ymodem: Copy from ymodem: file system

You can see from the output above that we have many options, and for

the larger files we’ll use

ftp

: or

scp

: to copy our IOS into or from routers

and switches, and you can even perform an MD5 verification with the

/

verify

at the end of a command.

Let’s just use tftp for our examples in the chapter because it’s easiest. But

before you begin, make sure the file you want to place in flash memory is

in the default TFTP directory on your host. When you issue the

command, TFTP won’t ask you where the file is, so if the file you want to

use isn’t in the default directory of the TFTP host, this just won’t work.

Router#

Yüklə 22,5 Mb.

Dostları ilə paylaş: