Imagine your router's brain has a filing cabinet (Flash) and a notepad (NVRAM). Without understanding how Cisco IOS stores and retrieves its operating system, configuration files, and backups, you'll be helpless when a device needs a software upgrade, a password recovery, or a config restore. This chapter covers the Cisco IOS File System, which is tested on the CCNA 200-301 exam under the 'Network Fundamentals' objective (1.6). Mastering Flash and NVRAM is essential for real-world network operations—from disaster recovery to routine maintenance.
Jump to a section
Think of a Cisco router as an office. The router's Flash memory is like a large filing cabinet where you store all the important reference books (IOS images), backup files, and other large documents. The filing cabinet is non-volatile—even if the power goes out, the books stay there. You can open the cabinet, take out a book (load an IOS image), or add a new book (copy a new IOS). The drawer can hold multiple books, but it has limited space (Flash size). NVRAM, on the other hand, is like a small notepad that sits on the desk. It contains only the current configuration file (startup-config). The notepad is also non-volatile, so it survives power loss. When the router boots, it reads the notepad and applies the configuration. If you need to change the config, you edit the running-config (the active working copy on the desk), and then you can save it to the notepad (copy running-config startup-config). The filing cabinet also has a special drawer for the boot system variables (boot loader), which tells the router which book to read first. If the notepad is lost or corrupted, the router boots into a default setup mode (like a blank desk). Understanding this analogy helps you remember: Flash stores images (large, permanent), NVRAM stores config (small, permanent), and RAM stores running-config (volatile, active).
What is the Cisco IOS File System?
The Cisco IOS File System (IFS) is the framework that allows you to manage files on your Cisco device. It provides a unified set of commands to view, copy, move, delete, and manage files stored in various memory locations, primarily Flash, NVRAM, and sometimes external storage like USB or TFTP servers. The IFS is integral to upgrading IOS, backing up configurations, and troubleshooting.
Memory Types in a Cisco Router
Cisco devices use several types of memory, each with a specific role: - ROM: Read-Only Memory. Contains the bootstrap program (ROMMON) that initializes the hardware and loads the IOS. It is non-volatile and generally not user-modifiable. - RAM: Random Access Memory. Stores the running-configuration, routing tables, ARP cache, and packet buffers. RAM is volatile—all data is lost when power is removed. - Flash: Electronically Erasable Programmable Read-Only Memory (EEPROM). Stores the IOS image(s) and other files. Flash is non-volatile and can be read from and written to. It is the primary storage for the operating system. - NVRAM: Non-Volatile RAM. Stores the startup-configuration file. NVRAM is non-volatile and retains its contents after a reboot.
The File System Hierarchy
Cisco IOS uses a directory-like structure. Common locations include:
- flash: or flash0: – The main Flash memory.
- nvram: – NVRAM.
- system: – Contains the running-configuration (volatile, exists only in RAM).
- tftp: – A TFTP server (remote).
- usbflash0: – USB flash drive (if present).
- bootflash: – On some platforms, the boot partition.
Key Commands for File Management
#### Viewing Files (dir)
To list the contents of a file system, use the dir command:
Router# dir flash:
Directory of flash:/
1 -rw- 33591720 <no date> c2900-universalk9-mz.SPA.154-3.M8.bin
2 -rw- 1692 <no date> startup-config.bak
83886080 bytes total (50313968 bytes free)#### Copying Files (copy)
The copy command is used to duplicate files between file systems. Common scenarios:
Backup running-config to TFTP: copy running-config tftp:
Restore startup-config from TFTP: copy tftp: startup-config
Upgrade IOS: copy tftp: flash:
Save running-config to startup-config: copy running-config startup-config
#### Deleting Files (delete)
To remove a file from Flash:
Router# delete flash:c2900-universalk9-mz.SPA.154-3.M8.bin#### Verifying File Integrity (verify)
After copying an IOS image, use verify to check its MD5 hash:
Router# verify flash:c2900-universalk9-mz.SPA.154-3.M8.binThe Boot Process and File System Interaction
When a Cisco router boots, it follows these steps:
1. POST: Power-On Self Test (hardware checks).
2. Bootstrap: The bootstrap code in ROM loads and looks for the IOS image.
3. IOS Location: The bootstrap checks the configuration register value (e.g., 0x2102) and the boot system commands in the startup-config to determine where to find the IOS. Typically, it loads from Flash.
4. Load IOS: The IOS image is decompressed and loaded into RAM.
5. Load Configuration: The IOS reads the startup-config from NVRAM and applies it, becoming the running-config.
If no valid IOS is found, the router enters ROMMON mode (a minimal CLI for recovery).
Configuration Register
The configuration register is a 16-bit software register that controls boot behavior. Common values:
- 0x2102: Normal boot (default).
- 0x2142: Ignores startup-config (used for password recovery).
- 0x2100: Boots into ROMMON.
To view and change the configuration register:
Router# show version
...
Configuration register is 0x2102
Router(config)# config-register 0x2142File System Security and Management
Secure Copy (SCP): An encrypted alternative to TFTP for file transfer.
File System Integrity: Use verify to ensure IOS images are not corrupted.
Space Management: Flash has limited space. Always check free space before copying a new image.
Interaction with Related Protocols
TFTP: Trivial File Transfer Protocol (UDP port 69) is commonly used to copy files to/from a TFTP server. It has no authentication or encryption.
FTP/SCP: More secure options but require additional configuration.
BOOTP/DHCP: Can provide the IOS image via network boot (less common).
View Flash Contents
Use the `dir flash:` command to list all files in Flash memory. This shows the file size, date, and name. For example, you'll see the IOS image file (e.g., c2900-universalk9-mz.SPA.154-3.M8.bin) and possibly backup config files. The output also shows total and free space. This step is crucial before upgrading IOS to ensure enough space exists. If space is insufficient, you must delete unnecessary files first.
Backup Running Config to TFTP
Use the command `copy running-config tftp:` to back up the current configuration to a TFTP server. The router will prompt for the TFTP server IP address and the destination filename. Example: ``` Router# copy running-config tftp: Address or name of remote host []? 192.168.1.100 Destination filename [router-confg]? myrouter-config !! [OK - 1682 bytes] ``` This creates a backup that can be restored later. Always verify the transfer completed without errors.
Upgrade IOS Image
First, check free space in Flash with `dir flash:`. Then copy the new IOS from a TFTP server: `copy tftp: flash:`. The router will ask for the TFTP server IP, source filename, and destination filename. Example: ``` Router# copy tftp: flash: Address or name of remote host []? 192.168.1.100 Source filename []? c2960-lanbasek9-mz.150-2.SE11.bin Destination filename [c2960-lanbasek9-mz.150-2.SE11.bin]? Accessing tftp://192.168.1.100/c2960-lanbasek9-mz.150-2.SE11.bin... Loading c2960-lanbasek9-mz.150-2.SE11.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 12345678 bytes] ``` After the copy, verify the image with `verify flash:filename`. Then set the boot system command: `boot system flash:filename`. Save the config and reload.
Change Configuration Register for Password Recovery
If you forget the enable password, you can bypass the startup-config by changing the configuration register to 0x2142. Boot the router, press Break during startup to enter ROMMON, then set the register: `confreg 0x2142`. Reboot, the router loads with an empty config. Copy the startup-config to running-config: `copy startup-config running-config`. Change the password, then reset the register to 0x2102 and save.
Restore Startup Config from TFTP
If the startup-config is lost or corrupted, you can restore it from a TFTP backup. Use the command `copy tftp: startup-config`. Provide the TFTP server IP and filename. Example: ``` Router# copy tftp: startup-config Address or name of remote host []? 192.168.1.100 Source filename []? myrouter-config Destination filename [startup-config]? Accessing tftp://192.168.1.100/myrouter-config... Loading myrouter-config from 192.168.1.100 (via GigabitEthernet0/0): ! [OK - 1682 bytes] ``` Then reload the router to apply the restored config.
Delete Unnecessary Files from Flash
To free up space, delete old IOS images or backup files using `delete flash:filename`. Use `dir flash:` to identify files. Be careful not to delete the currently running IOS. After deletion, use `squeeze flash:` to permanently erase the file and reclaim space (on some platforms). Example: ``` Router# delete flash:old-ios.bin Router# squeeze flash: ``` Verify free space again.
In enterprise networks, the Cisco IOS File System is used daily for software upgrades, configuration backups, and disaster recovery. For example, a network engineer might schedule a maintenance window to upgrade the IOS on all access switches. The engineer first copies the new IOS image to a TFTP server, then uses the copy tftp: flash: command on each switch. Before upgrading, they back up the current running-config to TFTP. If the upgrade fails, they can revert by booting the old image. Another common scenario is password recovery: when an administrator forgets the enable secret, they physically access the router, change the configuration register to 0x2142, load the router without the startup-config, reset the password, and restore the config from NVRAM. A third scenario involves restoring a corrupted configuration. If the startup-config becomes unreadable (e.g., due to a power failure during a save), the router boots to the setup dialog. The engineer can then copy a backup config from a TFTP server to NVRAM using copy tftp: startup-config and reload. Performance considerations include Flash write endurance—frequent writes can wear out Flash memory, so avoid unnecessary copies. Also, TFTP transfers are unencrypted, so in production, use SCP or FTP with authentication for sensitive files. Misconfiguration can lead to boot failures: if the boot system command points to a nonexistent file, the router may enter ROMMON. Always verify the file exists and is intact with verify.
The CCNA 200-301 exam tests your understanding of the Cisco IOS File System under the 'Network Fundamentals' objective (1.6). You must know the functions of Flash, NVRAM, RAM, and ROM, and be able to use commands like dir, copy, delete, verify, and show version. Common exam traps include: 1) Confusing Flash and NVRAM—Flash stores IOS images, NVRAM stores the startup-config. 2) Thinking copy running-config startup-config writes to Flash—it writes to NVRAM. 3) Forgetting the verify command after an IOS copy—the exam expects you to know it checks file integrity. 4) Misunderstanding the configuration register—0x2102 boots normally, 0x2142 bypasses startup-config. 5) Assuming delete removes the file permanently—on some platforms, it only marks it as deleted; squeeze reclaims space. Specific values to memorize: default configuration register is 0x2102, NVRAM is typically 128KB to 2MB, Flash varies from 64MB to several GB. For scenario questions, decide based on the operation: if the question involves upgrading IOS, think Flash and copy tftp: flash:; if backing up config, think NVRAM and copy running-config tftp:; if password recovery, think configuration register 0x2142. Elimination strategy: any answer that suggests saving a config to Flash (unless specifically a backup file) is wrong. The running-config is in RAM, not Flash or NVRAM.
Flash stores IOS images and is non-volatile; NVRAM stores startup-config and is non-volatile.
The running-config is stored in RAM and is volatile.
Use `dir flash:` to list Flash contents; `copy running-config startup-config` saves to NVRAM.
The default configuration register is 0x2102; 0x2142 ignores startup-config for password recovery.
After copying an IOS image, always use `verify flash:filename` to check integrity.
The `delete` command removes files from Flash; `squeeze` reclaims space on some platforms.
TFTP is unencrypted; SCP or FTP is preferred for secure transfers.
These come up on the exam all the time. Here's how to tell them apart.
Flash
Stores IOS images and other files (e.g., backup configs).
Typically larger (64 MB to several GB).
Accessed via `flash:` or `flash0:`.
Used for software upgrades and file storage.
Non-volatile; retains data after power loss.
NVRAM
Stores the startup-configuration file.
Typically small (128 KB to 2 MB).
Accessed via `nvram:`.
Used for configuration persistence.
Non-volatile; retains data after power loss.
Mistake
The startup-config is stored in Flash.
Correct
The startup-config is stored in NVRAM, not Flash. Flash stores IOS images and other files.
Candidates often assume all non-volatile storage is Flash, but NVRAM is a separate, smaller memory for configuration.
Mistake
The running-config is automatically saved to NVRAM when you exit configuration mode.
Correct
The running-config is only saved to NVRAM when you execute `copy running-config startup-config` or `write memory`. It is not automatic.
Many beginners think 'exit' or 'end' saves changes, but Cisco requires an explicit save command.
Mistake
Deleting a file in Flash permanently removes it and frees space immediately.
Correct
The `delete` command marks the file as deleted, but the space is not reclaimed until you use `squeeze flash:` on some platforms. On others, it may be permanent.
The term 'delete' implies immediate removal, but Cisco's implementation often requires an extra step.
Mistake
The configuration register 0x2142 allows password recovery by loading the router with a default configuration.
Correct
0x2142 tells the router to ignore the startup-config during boot, so it loads with an empty configuration. You then copy the startup-config to running-config and change the password.
Candidates think it erases the config, but it only bypasses it temporarily.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Flash is used to store the IOS image(s) and other large files. It is like a hard drive for the router. NVRAM is a smaller, specialized memory that stores the startup-configuration file. Both are non-volatile, but they serve different purposes. Flash is typically much larger (e.g., 256 MB) than NVRAM (e.g., 256 KB). On the exam, remember that the startup-config lives in NVRAM, not Flash.
Use the command `copy running-config startup-config` or the shortcut `write memory`. This copies the current active configuration from RAM to NVRAM, ensuring it is loaded on the next reboot. There is no automatic save—you must explicitly issue this command.
Setting the configuration register to 0x2142 tells the router to ignore the startup-config during the boot process. This is used for password recovery: the router boots with an empty configuration, allowing you to access the enable mode without a password. After resetting the password, you should change the register back to 0x2102 and save the config.
Use the `dir flash:` command. The output shows total bytes, used bytes, and free bytes. For example: '83886080 bytes total (50313968 bytes free)'. Always check free space before copying a new IOS image to ensure there is enough room.
The `verify` command calculates and displays the MD5 hash of the file, allowing you to compare it with the known hash from Cisco. This ensures the file was copied without corruption. A mismatch indicates the file is bad and should not be used.
Yes, Flash can hold multiple IOS images, as long as there is sufficient space. You can choose which image to boot using the `boot system flash:filename` command. This is useful for testing new versions while keeping the old one as a fallback.
If you delete the only IOS image in Flash and reload the router, it will not find a valid IOS and will enter ROMMON mode. From ROMMON, you can recover by loading a new IOS via TFTP or Xmodem. To avoid this, always ensure a backup image is available before deleting.
You've just covered Cisco IOS File System (Flash, NVRAM) — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?