RouterGod Guest Lecture Series

Darva Conger on the Configuration Register

Most people know that when a Cisco router boots up it checks the Configuration Register for instructions on where to find the Cisco IOS software.  The Configuration register is 16 bits in length and does more than just point to the IOS, it has other important functions as well.  Knowing what the Configuration Register is and how to modify it will definitely save your bacon one day.  Modifying the Config Register is the basis for defeating password protection on a Cisco router, a skill no one should be without.  Here to teach us about the Configuration Register is Darva Conger.  At first Darva would not return our calls, but when we told her she would meet a CCIE and we told her how much money CCIE's make, she was here the next day!  Ladies and Gentlemen, Darva Conger:


Welcome, today's little talk is about the Configuration Register.  I'll do my best to explain it to you but please keep in mind that I'm just a simple girl and I don't have a technical background.  I'd also like to say that even though I like to marry rich strangers on TV and pose naked for pornographic magazines, I am an old fashioned, God fearing gal who just wants my life back. 

You know, sometimes a Cisco router is a lot like me, beautiful on the outside but completely screwed up on the inside.  When a Cisco router screws up, it is usually because a well meaning person configured it improperly.  Often improperly modifying the Configuration Register will cause your router to act like a dizzy blonde!

Did you know that the Cisco router was invented by a sweet married couple from San Francisco?  I think that's special.  They're not married anymore but they are millionaires so who cares, right?  Anyway, they used to build these routers on the kitchen table using salvaged hard drives and scrapped automobiles from the local junk yard.  Back then the Configuration Register was a series of 16 dip switches that you could configure by removing the oil pan and sliding the switches with a screwdriver.  These switches were subject to vibration, especially when the router was pulling a trailer or climbing one of those steep hills in San Francisco.  They soon determined that if the Configuration Register setting were stored on a chip, the router would be more reliable.

Cisco routers have come a long way since the days when you needed a spark plug wrench and a timing light to configure them, but they still operate in a similar fashion.  When you fire up a Cisco router, you will no longer hear the powerful throb of a Chevy rat motor, instead you will hear the quiet hum of the cooling fan.  When the router starts, it first does a POST or Power On Self Test, then it looks at the Configuration Register for where to locate the IOS, then it loads the IOS and the loads the Config from NVRAM. 

"You can meet many affluent men at the gym"

The Configuration Register is a 16 bit field that is converted into a hexadecimal value for convenience.  As you know each hexadecimal character represents 4 bits.  Hexadecimal numbers go from 0 to F and represent decimal numbers from 0 to 15.  Hexadecimal numbers generally are preceded by a 0x to clue us in on the fact that we are looking at a hexadecimal number.  By default a Cisco router has a Configuration Register setting of 0x0101 so the actual 16 bits would look like 0000000100000001 so now you see that finally there is a use for the hexadecimal numbering system!  The bits in the Configuration Register are numbered 0 to 15 and you start from the far right:

15

14

13

12

11

10

9

8

7

6

5

4

3

2

1

0

So for every 4 bits we translate that into hex, observe the following typical Configuration Register:

2

1

0

2

0

0

1

0

0

0

0

1

0

0

0

0

0

0

1

0

Each bit position serves a function with the exception of bits 4, 5 and 9 which were used in the early days when Cisco routers used a gas engine, but are not currently used.  Here is what each bit position is used for:

0

Boot Field

Set to ON by default

1

Boot Field

2

Boot Field

 

3

Boot Field

 

4

Headlight Relay

No longer used

5

Horn Relay

No longer used

6

Ignore NVRAM

Very cool

7

OEM

No practical function

8

Ignore Console Break

Set to ON by default

9

Starter Solenoid

No longer used

10

IP Broadcast

Works with bit 14

11

Console Connection Speed

 

12

Console Connection Speed

 

13

Boot to flash if Netboot fails

Not a bad idea

14

IP Broadcast

Works with bit 10

15

Ignore NVRAM

Diagnostic messages

The fields in gray you can ignore, the fields in green are that you will typically be interested in.  The boot field if set to 0 will boot into ROMMON mode and not load any IOS.  If the boot field is set to 1 then the first IOS image found in flash will be loaded.  If the boot field is set from 2 to F then the router loads the system image specified by boot system commands in the startup configuration file. When the startup configuration file does not contain boot system commands, the router tries to load a default system image stored on a network server.

If the number 6 bit is switched on, the router will not load the configuration file stored in NVRAM and will load IOS without any configuration.  This is a how you do password recovery, you boot up the router and hit the break key, this will dump you into ROMMON mode, from here you use the confreg utility to alter the Configuration Register so that when you boot the machine it doesn't pull the config from NVRAM, then you can edit the password in the config, then don't forget to change the Configuration-Register while you are in IOS so that when you reload it will load the contents of NVRAM and you're in like Flint! 

The Configuration Register can be set in ROMMON or in IOS.  In IOS the command is: config-register 0x2101 of course substitute the value you want.  If the third hex digit from the left is 4 that means skip whatever's in NVRAM.  Bits 11 and 12 set the console connection speed, 9600 is as fast as it will go and you get that speed by leaving those bits set to 0.  Bits 10 and 14 control if IP broadcasts are sent using all zeros or all ones, leave these bits set to 0, the factory default.  Bit 8 controls the break key, leave it set ON this way if your router has been up for 30 days and you accidentally send a break to the router, it won't suddenly drop everything and go into ROMMON mode.  The router will always respond to a break key sent right away when booting up.  Although you will never need to dick around with the bits 8,10,11 and 12 pay attention to your Config Register because even though you know better, your workmates will change these values every couple of days for reasons unknown.  Check the value of your Configuration Register by using the show version command.

"Look, no wedding ring"

 

"Darva's OK, I should know, I was married to her!"

    Back to main page.

Copyright 2000 - 2005 RouterGod Online Magazine