Monday, December 7, 2009

Internal components + Boot sequence + Recovering Password

The Internal Components of a Cisco Router


Bootstrap Stored in the microcode of the ROM, the bootstrap is used to bring a router up during initialization. It will boot the router and then load the IOS.
POST (power-on self-test) Stored in the microcode of the ROM, the POST is used to check the basic functionality of the router hardware and determines which interfaces are present.
ROM monitor Stored in the microcode of the ROM, the ROM monitor is used for manufacturing, testing, and troubleshooting.
Mini-IOS Called the RXBOOT or bootloader by Cisco, the mini-IOS is a small IOS in ROM that can be used to bring up an interface and load a Cisco IOS into flash memory. The mini-IOS can also perform a few other maintenance operations.
RAM (random access memory) Used to hold packet buffers, ARP cache, routing tables, and also the software and data structures that allow the router to function.
Running-config is stored in RAM, and most routers expand the IOS from flash into RAM upon boot.
ROM (read-only memory) Used to start and maintain the router. Holds the POST and the bootstrap program, as well as the mini-IOS.
Flash memory Stores the Cisco IOS by default. Flash memory is not erased when the router is reloaded. It is EEPROM (electronically erasable programmable read-only memory) created by Intel.
NVRAM (nonvolatile RAM) Used to hold the router and switch configuration. NVRAM is not erased when the router or switch is reloaded. Does not store an IOS. The configuration register is stored in NVRAM.
Configuration register Used to control how the router boots up. This value can be found as the last line of the show version command output and by default is set to 0x2102, which tells the router to load the IOS from flash memory as well as to load the configuration from NVRAM.

The default order of an IOS loading from a router is Flash, TFTP server, then ROM.

The Router Boot Sequence


1. The router performs a POST. The POST is stored in and run from ROM (read-only memory).
2. The bootstrap then looks for and loads the Cisco IOS software. The bootstrap is a program in ROM that is used to execute programs. The bootstrap program is responsible for finding where each IOS program is located and then loading the file. By default, the IOS software is loaded from flash memory in all Cisco routers.
3. The IOS software looks for a valid configuration file stored in NVRAM. This file is called startup-config and is only there if an administrator copies the running-config file into NVRAM. (As you already know, the new ISR routers have a small startupconfig file preloaded.)
4. If a startup-config file is in NVRAM, the router will copy this file and place it in RAM and call the file running-config. The router will use this file to run the router. The router should now be operational. If a startup-config file is not in NVRAM, the router will broadcast out any interface that detects carrier detect (CD) for a TFTP host looking for a configuration, and when that fails (typically it will fail—most people won’t even realize the router has attempted this process), it will start the setup mode configuration process.

Recovering Passwords
  1. Boot the router and interrupt the boot sequence by performing a break, which will take the router into ROM monitor mode.
  2. Change the configuration register to turn on bit 6 (with the value 0x2142).
  3. Reload the router.
  4. Enter privileged mode.
  5. Copy the startup-config file to running-config.
  6. Change the password.
  7. Reset the configuration register to the default value.
  8. Save the router configuration.
  9. Reload the router (optional).

No comments:

Post a Comment