Imagine building a complex LEGO castle, only to have no way to save your design or revert a mistake. That's the reality of managing a network device without a solid configuration management strategy. The CCNA 200-301 exam tests your ability to save, back up, restore, and reset IOS device configurations—a fundamental skill for any network engineer. This chapter covers the essential commands and concepts for managing configuration files, including startup-config, running-config, and the all-important 'write memory' command. Master these, and you'll never lose a configuration again.
Jump to a section
Think of a network device's configuration like the plans for a building. The running-config is the actual building as it stands right now—every wall, wire, and switch position is exactly as it is in real time. The startup-config is the architect's blueprint stored in a fireproof safe. When the building is first constructed, the blueprint and the building match perfectly. But as the building is used, changes are made: a wall is moved, a new outlet is added. The building (running-config) changes, but the blueprint (startup-config) stays the same unless you deliberately update it. If a disaster (power outage, crash) occurs, you can rebuild exactly from the blueprint. However, if you forget to update the blueprint after making changes, the rebuilt building will be the old version—potentially causing network outages or security holes. Network engineers use 'copy running-config startup-config' (or 'write memory') to update the blueprint. They also make additional copies of the blueprint (backup configs on a TFTP server) to protect against the safe being destroyed. The 'reload' command is like demolishing the building and rebuilding from the blueprint. The 'erase startup-config' command is like throwing the blueprint in the trash—next time you rebuild, you start with an empty lot. Understanding this analogy helps you remember that the running-config is volatile and must be saved, and that the startup-config is the fallback. Cisco exams love to test your knowledge of when and how to save configurations, and the consequences of not doing so.
What is IOS Configuration Management?
Cisco IOS devices maintain two primary configuration files: the running-config and the startup-config. The running-config is the active configuration that the device is currently using. It is stored in volatile RAM—if the device loses power or is reloaded, the running-config is lost. The startup-config is stored in non-volatile RAM (NVRAM) and is loaded into the running-config when the device boots. Configuration management involves saving changes, backing up configurations, restoring from backups, and resetting devices to factory defaults.
The exam objective for this topic falls under "Network Fundamentals" and "Network Access" in the 200-301 blueprint, specifically focusing on device management and configuration. You need to know the exact IOS commands and their effects.
How Configuration Files Work
When you enter configuration mode and make changes (e.g., interface GigabitEthernet0/0 then ip address 192.168.1.1 255.255.255.0), you are modifying the running-config. The change takes effect immediately. However, if the device reloads, that change is lost unless you save the running-config to the startup-config.
Key commands:
- show running-config – displays the current active configuration.
- show startup-config – displays the configuration that will be used on next reload.
- copy running-config startup-config – saves the running-config to NVRAM (same as write memory).
- copy startup-config running-config – merges the startup-config into the running-config (not a full restore; it adds or overwrites commands, but does not remove commands not in the startup-config).
- reload – reboots the device; if changes were not saved, they are lost.
- erase startup-config – deletes the startup-config from NVRAM; on next reload, the device boots with factory defaults (prompts for initial configuration).
Step-by-Step Mechanism
Boot Sequence: When a Cisco device boots, it loads the IOS from flash memory, then looks for a startup-config in NVRAM. If found, it loads it into the running-config. If not, the device enters initial configuration dialog (Setup mode).
Configuration Changes: Any changes made via CLI (configure terminal) are applied to the running-config immediately. No confirmation is required.
Saving: The copy running-config startup-config command writes the entire running-config to NVRAM, overwriting the previous startup-config. This ensures the current configuration persists across reloads.
Backup/Restore: For backup, you can copy the running-config or startup-config to a remote TFTP, FTP, or SCP server. For example: copy running-config tftp: (you will be prompted for server IP and filename). To restore, use copy tftp: running-config or copy tftp: startup-config.
Password Recovery: If you lose access, you can perform password recovery by physically accessing the device, interrupting the boot process, and setting the configuration register to ignore the startup-config (0x2142). The device boots with an empty configuration, allowing you to view and restore the startup-config from NVRAM.
Key Timers and Defaults
Configuration register default: 0x2102 – boots from flash, loads startup-config, enables console break.
NVRAM size: Varies by platform; typically 256KB to 8MB.
Auto-save: There is no automatic save; you must explicitly save changes.
Setup mode: Triggers on first boot or when startup-config is missing.
IOS CLI Verification Commands
Router# show running-config
Building configuration...
Current configuration : 1234 bytes
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
!
endRouter# show startup-config
Using 1234 bytes
!
version 16.9
...Router# dir nvram:
Directory of nvram:/
1 -rw- 1234 <no date> startup-config
2 -rw- 0 <no date> private-config
3 -rw- 0 <no date> persistent-data
4 -rw- 0 <no date> ifIndex-table
62914560 bytes total (62914560 bytes free)Interaction with Related Protocols
TFTP: Used for backup/restore; unreliable (UDP), best for local network.
FTP/SCP: More secure; used for remote backups.
SNMP: Can be used to monitor configuration changes (SNMP traps).
NetConf/YANG: Modern programmatic configuration management (not on CCNA).
Understanding configuration management is critical for the exam. You'll see questions about what happens after a reload if changes weren't saved, the difference between startup-config and running-config, and the correct sequence of commands for backup and restore.
Enter Privileged EXEC Mode
To make configuration changes, you must first be in privileged EXEC mode (enable mode). From user EXEC mode (Router>), type `enable` and enter the enable password or secret. The prompt changes to `Router#`. This mode allows you to view configurations and enter global configuration mode. Without this step, you cannot save or modify configurations. Commands like `show running-config` require privileged EXEC mode.
Enter Global Configuration Mode
From privileged EXEC mode, type `configure terminal` (or `conf t`). The prompt changes to `Router(config)#`. This mode allows you to make global changes to the device, such as setting the hostname, enabling services, or entering interface configuration mode. All changes made here affect the running-config immediately. For example: `Router(config)# hostname R1` changes the hostname instantly.
Make Configuration Changes
Now make the desired changes. For instance, to configure an interface: `Router(config)# interface GigabitEthernet0/0` (enters interface config mode, prompt becomes `Router(config-if)#`). Then set an IP address: `ip address 192.168.1.1 255.255.255.0`. Enable the interface: `no shutdown`. Exit back to global config with `exit`. Each command is applied immediately. You can also set global parameters like `ip routing` or `ip domain-lookup`.
Verify Running Configuration
Before saving, verify that the running-config contains the correct changes. Use `do show running-config` (the `do` command allows privileged EXEC commands from config mode) or exit to privileged EXEC and type `show running-config | section interface`. Look for the interface configuration block. This step catches mistakes early. For example, if you forgot `no shutdown`, the interface would be administratively down.
Save Running-Config to Startup-Config
To make changes persistent across reboots, save the running-config to NVRAM. From privileged EXEC mode, use `copy running-config startup-config` or the shortcut `write memory` (or `wr mem`). The device confirms: `Destination filename [startup-config]?` Press Enter. The file is written. Alternatively, `copy run start` works. This step is critical—forgetting it is a common exam trap. After a reload, unsaved changes are lost.
Backup Configuration to TFTP Server
For disaster recovery, back up the configuration to a remote server. From privileged EXEC mode, use `copy running-config tftp:` (or `copy startup-config tftp:`). The device prompts for the TFTP server IP address and filename. Example: `Router# copy running-config tftp:` then `Address or name of remote host []? 192.168.1.100` then `Destination filename [Router-confg]? R1-config.txt`. The file is transferred via TFTP (UDP port 69). Ensure the TFTP server is running and reachable.
Restore Configuration from TFTP Server
To restore a configuration from backup, use `copy tftp: running-config` (merges into current running-config) or `copy tftp: startup-config` (replaces startup-config). Example: `Router# copy tftp: running-config` then provide server IP and source filename. The configuration is loaded and applied. Note: `copy tftp: running-config` does NOT clear existing commands—it only adds/overwrites. To fully restore, it's safer to copy to startup-config and reload, or erase startup-config first and then copy.
Reset Device to Factory Defaults
To reset a device to factory defaults, first erase the startup-config: `erase startup-config` (or `write erase`). Confirm: `Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]` Press Enter. Then reload the device: `reload`. The device will boot without a startup-config and enter Setup mode. Alternatively, you can set the configuration register to 0x2142 to bypass startup-config (for password recovery). This step is useful for repurposing devices or troubleshooting.
In enterprise networks, configuration management is not just about saving files—it's about change control, auditing, and disaster recovery. Here are three real-world scenarios:
Change Management in a Data Center: A network engineer needs to add a new VLAN to a core switch. After entering configuration mode and making the changes, the engineer must follow the change management process: save the running-config, then copy it to a centralized TFTP server with a timestamped filename (e.g., core-switch-config-2025-03-15.txt). This allows the team to revert to any previous version if the change causes issues. In production, forgetting to save before making further changes can lead to hours of troubleshooting. Engineers often use scripts to automate backups every hour.
Disaster Recovery: A branch office router fails and is replaced with a spare. The spare has no configuration. The engineer restores the backup configuration from the TFTP server using copy tftp: startup-config and then reloads the router. Within minutes, the branch is back online. Without a backup, the engineer would have to reconfigure everything from scratch, risking errors and prolonged downtime. Many enterprises use a configuration management tool like Cisco Prime or Ansible to automate this process.
Password Recovery: An administrator forgets the enable password on a remote router. Physical access is required. The engineer performs a password recovery: power cycles the router, sends a break signal during boot, sets the configuration register to 0x2142, boots, views the startup-config (which contains the password hash), resets the password, saves, and sets the config register back to 0x2102. This procedure is documented in Cisco's official guides and is a common exam scenario.
Common pitfalls: Saving a partial configuration (e.g., after a failed change) can overwrite a good startup-config. Always verify the running-config before saving. Also, ensure the TFTP server is reachable and has write permissions; otherwise, the backup command fails silently. In large networks, configuration management is often integrated with version control systems like Git to track changes over time.
The CCNA 200-301 exam tests your understanding of configuration management in several ways. Here's exactly what you need to know:
Exam Objectives: The topic falls under "Network Fundamentals" (1.0) and "Network Access" (2.0), specifically device management. You must know the difference between running-config and startup-config, how to save, backup, restore, and erase configurations, and the consequences of each action.
Common Wrong Answers and Why Candidates Choose Them:
1. "After making changes, the device automatically saves to startup-config." – Wrong. Candidates assume changes are persistent. In reality, you must explicitly save. The exam will present a scenario where an engineer makes changes and then reloads; the changes are lost.
2. "Copy startup-config running-config fully restores the device to a previous state." – Wrong. This command merges configurations; it does not remove commands that are in running-config but not in startup-config. To fully restore, you should erase the running-config (by reloading) or use copy tftp: startup-config and reload.
3. "The write memory command is equivalent to copy running-config tftp:" – Wrong. write memory saves to NVRAM (startup-config), not to a remote server. Candidates confuse local save with backup.
4. "Erase startup-config immediately resets the device." – Wrong. Erasing startup-config deletes the file from NVRAM, but the device continues running with the current running-config. Only after a reload does the device boot without a configuration.
Specific Values and Commands:
- Default config register: 0x2102. For password recovery: 0x2142.
- copy run start is the same as copy running-config startup-config.
- write erase is the same as erase startup-config.
- The reload command asks for confirmation and warns about unsaved changes.
Decision Rule for Scenario Questions: If the question asks what happens after a reload, remember that the startup-config is applied. If changes were saved, they persist; if not, they are lost. If the question involves restoring a backup, determine whether the goal is to merge or replace. For a full restore, always reload after copying to startup-config.
Running-config is volatile RAM; startup-config is NVRAM.
Use 'copy running-config startup-config' or 'write memory' to save changes.
Use 'copy running-config tftp:' to back up to a remote server.
Use 'copy tftp: startup-config' followed by 'reload' for a full restore.
Erasing startup-config (write erase) does not affect the current running-config until reload.
Default configuration register is 0x2102; use 0x2142 for password recovery.
Changes made in configuration mode take effect immediately and are not automatically saved.
These come up on the exam all the time. Here's how to tell them apart.
Running-Config
Stored in RAM (volatile)
Active configuration currently in use
Changes made here take effect immediately
Lost on reload if not saved
Viewed with 'show running-config'
Startup-Config
Stored in NVRAM (non-volatile)
Configuration loaded on boot
Only changed when explicitly saved
Persists across reloads
Viewed with 'show startup-config'
Mistake
Configuration changes are automatically saved to startup-config.
Correct
Changes are only applied to running-config. You must explicitly save with 'copy running-config startup-config' or 'write memory'.
Candidates often assume persistence because many operating systems auto-save settings.
Mistake
Copying startup-config to running-config fully restores the device to the startup-config state.
Correct
This command merges the startup-config into the running-config. It does not remove commands that exist only in the running-config. To fully restore, reload after copying to startup-config.
The word 'copy' implies replacement, but this is a merge operation.
Mistake
Erasing startup-config immediately resets the device configuration.
Correct
Erasing startup-config deletes the file from NVRAM, but the device continues running with the current running-config. Only after a reload does the device boot without a configuration.
Candidates think 'erase' means immediate reset, but the running-config is unaffected.
Mistake
The 'write memory' command backs up the configuration to a TFTP server.
Correct
'write memory' saves the running-config to NVRAM (startup-config). For TFTP backup, use 'copy running-config tftp:'.
The word 'memory' is ambiguous; candidates think it means remote storage.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The running-config is the current configuration stored in RAM that the device is actively using. It is volatile—lost on power loss or reload. The startup-config is stored in NVRAM and is loaded into running-config during boot. To make changes persistent, you must copy running-config to startup-config. Exam tip: If a question says 'after a reload', always think startup-config.
From privileged EXEC mode, use 'copy running-config startup-config' or the shortcut 'write memory' (or 'wr mem'). This overwrites the startup-config with the current running-config. You can also use 'copy run start'. The device will confirm the destination filename; press Enter to accept. Always save after making changes to avoid losing them on reboot.
The router will reboot and load the startup-config from NVRAM. Any changes made to the running-config that were not saved are lost. The device returns to the state of the last save. This is a common exam scenario. To avoid this, always save before reloading. The reload command warns you if there are unsaved changes.
Use 'copy running-config tftp:' or 'copy startup-config tftp:'. You will be prompted for the TFTP server IP address and the destination filename. Ensure the TFTP server is running and reachable. The file is transferred via UDP port 69. For example: 'copy run tftp:' then enter 192.168.1.10 and R1-config.txt. This creates a backup that can be restored later.
Use 'copy tftp: running-config' to merge the backup into the current running-config, or 'copy tftp: startup-config' to replace the startup-config. For a full restore, copy to startup-config and reload. If you copy to running-config, it only adds/overwrites commands; it does not remove commands not in the backup. To clear the running-config first, reload without saving or erase startup-config and reload.
First, erase the startup-config with 'erase startup-config' (or 'write erase'). Then reload the router with 'reload'. The router will boot without a startup-config and enter initial configuration dialog (Setup mode). Alternatively, you can set the configuration register to 0x2142 to bypass the startup-config (used for password recovery). To fully reset, also delete the VLAN database if present.
The configuration register is a 16-bit software register that controls boot behavior. The default value is 0x2102, which tells the router to boot from flash and load the startup-config. Setting it to 0x2142 causes the router to ignore the startup-config during boot, allowing password recovery. The command 'config-register 0x2102' sets it. The change takes effect after reload. Exam tip: Know the two values: 0x2102 (normal) and 0x2142 (bypass config).
You've just covered IOS Configuration Management — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?