Skip to main content
Your first session is free. Claim mine
PacketMentor logo
Open menu
Home
Training
Cisco Mentorship
CCNACCNP
Short Courses
Python for Network EngineersAI for Network OperationsDevNet Associate PrepInterview Sprint
Custom Training
Corporate Training
All training →
CCNA Library (74)
Browse all CCNA topics →
Network (13)
OSI Model & TCP/IPIPv4 AddressingTCP vs UDPSubnettingIPv6 BasicsARP — Address Resolution ProtocolICMP — Internet Control Message ProtocolTCP 3-Way HandshakeCabling & Media StandardsMTU & FragmentationWAN Connection TypesHierarchical Network DesignNetwork Virtualization & Containers
Device Operations (5)
Cisco IOS Device ManagementPower over Ethernet (PoE)Cisco IOS File SystemPassword Recovery & Configuration RegisterNetwork Troubleshooting Methodology
Network Access (12)
MAC Address TableVLANsTrunks & 802.1Q TaggingSpanning Tree Protocol (STP)EtherChannel (Link Aggregation)Switching OperationCDP & LLDP — Neighbor DiscoveryBPDU Guard & Root GuardCatalyst Boot ProcessVTP — VLAN Trunking ProtocolRapid STP & MSTPPrivate VLANs (PVLAN)
Wireless (6)
Wireless LAN BasicsWLAN Architectures — Autonomous, Centralized (WLC), Cloud, EmbeddedWi-Fi Security — WEP, WPA, WPA2, WPA3Wi-Fi 6, 6E, and 7 FeaturesWireless RF FundamentalsAccess Point Operating Modes
IP Connectivity (10)
Inter-VLAN RoutingStatic RoutingDefault RoutingRouting Decision ProcessFHRP — HSRP, VRRP & GLBPLayer-3 Switch & SVI RoutingOSPF Single-AreaRoute SummarizationIPv6 SLAAC & DHCPv6IPv6 Transition Mechanisms
IP Services (11)
HSRP vs VRRP vs GLBP — FHRP ComparedDHCP — Dynamic Host Configuration ProtocolNAT & PATDNS — Domain Name SystemNTP — Network Time ProtocolSyslogQoS BasicsSNMP — Simple Network Management ProtocolIGMP & IGMP SnoopingNTP Authentication & SecurityDHCP Relay & IP Helper
Security (10)
Access Control Lists (ACLs)Port SecurityDHCP SnoopingAAA · RADIUS & TACACS+802.1X — Port-Based Network Access ControlVPN Basics — IPsec & SSLDynamic ARP Inspection (DAI)IP Source Guard (IPSG)Encryption FundamentalsCybersecurity Threats & Mitigation
Automation (7)
REST APIs for Network EngineersAnsible for Network EngineersJSON, YAML & XML for Network EngineersNETCONF & YANGPython for Network EngineersSDN & Controller-Based NetworkingAI & ML in Network Operations
CCNP Library (15)
Browse all CCNP topics → SPAN, RSPAN & ERSPAN — Port MirroringGRE TunnelsEIGRPOSPF Multi-AreaIPv6 Routing — Static & OSPFv3BGP BasicsTCP Connection StatesCisco AnyConnect / Remote Access VPNCisco ISE BasicsNetFlow & Flow-Based MonitoringgRPC & gNMI — Streaming TelemetrySD-WAN ConceptsMPLS BasicsCisco DNA Center / Catalyst CenterVRF Basics — Virtual Routing and Forwarding
LabsPricing
Contact 📞 +1 (860) 556-3010 Book a Call
← All topics
Network Access Foundational

Catalyst Boot Process

What happens between powering on a Cisco device and the prompt appearing. Covers POST, ROMMON, IOS image selection, config register, boot variables, and password recovery.

TL;DR
  • Five stages: POST (self-test) → ROMMON (bootloader) → IOS image load (from flash) → config load (from NVRAM) → operational.
  • The config register controls boot behavior. 0x2102 (default) means 'boot normally.' 0x2142 means 'skip the startup config' — used for password recovery.
  • Boot variables (`boot system flash:...`) tell IOS which image file to load. Multiple `boot system` lines = ordered fallback list.

Mental model

Every Cisco device boots through the same sequence:

  1. Power on — hardware spins up.
  2. POST (Power-On Self-Test) — checks RAM, CPU, ports, ASICs.
  3. ROMMON (ROM Monitor) — minimal bootloader, locates IOS image.
  4. IOS load — image copied from flash into RAM, decompressed, started.
  5. Config load — startup-config copied from NVRAM into RAM as running-config.
  6. Operational — CLI prompt appears.

If any step fails, the boot stops there. Knowing the stages tells you where to look when a device won’t come up.

The four storage locations

StorageWhat lives therePersists on reload?
ROMROMMON bootloader + diagnostic imageYes (firmware)
FlashIOS image file(s) — e.g. c2960x-universalk9-mz.152-7.E3.binYes
NVRAMstartup-configYes
RAMrunning-config + IOS process stateNo — lost on power off

The bootflash on modern Catalyst switches is large enough to hold multiple IOS images. Older devices had just enough flash for one image + a bit of headroom for upgrades.

The config register — boot behavior in one hex value

The config register is a 16-bit value (shown in hex) that controls boot behavior. Default on most modern Cisco IOS:

R1# show version
...
Configuration register is 0x2102

Two bits matter for CCNA:

  • Bits 0–3 (boot field) — where to load IOS from:
    • 0x0 → stay in ROMMON
    • 0x1 → load mini-IOS from ROM
    • 0x2–0xF → check boot system commands, fall back to first valid image in flash
  • Bit 6skip startup-config:
    • 0 (default) → load startup-config
    • 1 → ignore startup-config (device boots with empty config)

Common values:

ValueMeaning
0x2102Default — normal boot, load startup-config
0x2142Skip startup-config (used for password recovery)
0x2100Boot to ROMMON only

Change it with:

R1(config)# config-register 0x2142
R1# reload

After reload, the device boots without loading the startup-config — letting you recover from a forgotten password.

Boot system commands

When the boot field is 0x2–0xF, IOS looks at boot system commands in the startup-config to decide which image to load. Multiple lines = ordered fallback:

R1(config)# boot system flash:c2960x-universalk9-mz.152-7.E3.bin
R1(config)# boot system flash:c2960x-universalk9-mz.152-7.E0.bin
R1(config)# boot system rom

Tries the first image. If missing/corrupt, tries the second. If both fail, falls back to the ROM-resident mini-IOS (limited functionality, just enough to recover).

If no boot system commands exist, IOS loads the first valid image file it finds in flash.

Password recovery — the practical use of 0x2142

Forgot the enable password? Process:

  1. Console into the device.
  2. Power cycle. Press Ctrl+Break during boot to interrupt and land in ROMMON.
  3. From ROMMON, change the config register: confreg 0x2142
  4. reset to reboot. Device now boots without the startup-config.
  5. Enter privileged mode (no password — running-config is empty).
  6. copy startup-config running-config — load the saved config back (now you have access).
  7. Reset passwords as needed.
  8. Restore normal boot: config-register 0x2102
  9. copy running-config startup-config
  10. reload

Console access required (it’s the rescue path). Without physical access, you can’t do this — which is also why physical security of network equipment matters.

Boot sequence troubleshooting

What it looks like when things go wrong at each stage:

SymptomLikely stage failing
Device totally dead, no LEDsPower supply or hardware
LEDs cycling, no console outputPOST failure (hardware)
rommon 1 > promptROMMON loaded but no IOS — image missing or corrupt
boot: promptBoot loader can’t find image — check boot system
Boots but prompt is (Initial config dialog?)NVRAM blank — no startup-config
Boots but missing featuresWrong IOS image — installed image lacks needed feature set

Commands — observe the boot environment

R1# show version                ! IOS version, uptime, config-register, boot image
R1# show flash:                 ! list IOS files in flash
R1# show bootvar                ! current boot variables
R1# show running-config | include boot
R1# dir flash:                  ! same as show flash:, longer format

show version is the single most useful “what’s going on with this device” command. It shows hardware model, IOS version, uptime, reason for last reload, and config register — answer to “is this thing healthy?” in one screen.

Image management — upgrades

Upgrade flow:

! Copy new image from TFTP server to flash
R1# copy tftp: flash:

! Set boot variable to use new image
R1(config)# boot system flash:c2960x-universalk9-mz.152-7.E4.bin

! Save and reload
R1# wr
R1# reload

Always keep the old image as a fallback. Don’t delete it until the new one’s been running stable for a week+.

For newer Catalyst 9000 series running IOS-XE, the process is more sophisticated — install commands, packaged software (.bin or .pkg), and multiple boot modes (install vs bundle).

Common mistakes

  1. Forgetting to save the config register change. config-register 0x2102 after password recovery — without it, the next reload still skips startup-config.

  2. No boot system commands when needed. If you have multiple IOS images and don’t specify, IOS picks the first valid file alphabetically. Surprising results.

  3. Pulling power during a flash upgrade. Bricks the device. Always use UPS, never power-cycle during firmware install.

  4. Filling flash to 100%. No room for upgrade images. Always keep ~30% headroom.

  5. Console access “not needed because we have SSH.” Until SSH doesn’t work and you need to do password recovery. Always maintain console access.

  6. Mistaking the boot stages. “It’s stuck at ROMMON” vs “stuck at IOS load” vs “stuck at config load” — different stages, different fixes. Read the symptom carefully.

Lab to try tonight

  1. Cable up a Cisco switch with a console cable. Watch the boot in your terminal.
  2. Identify each stage: POST messages, ROMMON banner, IOS load, config application.
  3. From the running device: show version. Note the config register.
  4. From the running device: show bootvar and show flash:.
  5. Power-cycle. Press Ctrl+Break during ROMMON. Run confreg 0x2142. Reset.
  6. Watch it boot without your config. Enable mode, no password.
  7. copy start run to restore. Note: never copy run start here — you’d save the empty config!
  8. Reset config-register back to 0x2102. wr. Reload.

Cheat strip

ConceptPlain English
POSTSelf-test on power on
ROMMONBootloader. Minimal CLI. Used for password recovery.
IOS imageIn flash. Loaded into RAM.
startup-configIn NVRAM. Loaded into RAM as running-config.
running-configIn RAM. Lost on power off (unless saved).
0x2102Default config register — normal boot
0x2142Skip startup-config — password recovery
boot system flash:...Which image to load (multiple lines = fallback)
show versionOne-stop overview of hardware + boot state
Console accessRequired for password recovery. Never lose it.
← Previous topic

Default Routing

The catch-all route every edge router needs. Covers static defaults, dynamic defaults (originated by OSPF/EIGRP/BGP), gateway of last resort, and the difference between a default and a summary route.
Next topic →

Routing Decision Process

How a router actually decides where to forward a packet. Longest prefix match, administrative distance, and metric — in that order. Covers why a /30 static beats a /16 OSPF even though OSPF is the better protocol.
Master this on a real network

Want this drilled into reflex?

1:1 weekly sessions, live feedback on your labs, and US interview prep — built around the CCNA® exam blueprint. Free first session. No card on file until you decide.

Claim my free session →

Related topics

Device Operations

Cisco IOS Device Management

How you actually log into and configure a Cisco device. Covers console / SSH / Telnet access, command modes (user / privileged / config), saving config, banners, the password types, and modern best practices for line security.

 Network Access

Spanning Tree Protocol (STP)

Definitive CCNA-level STP guide — why loops are catastrophic, bridge ID + priority election, three port roles, five port states, BPDU anatomy, PortFast + BPDU Guard + Root Guard + Loop Guard, RSTP convergence, MSTP overview, and 8 worked scenarios.

 Network Access

Switching Operation

How a switch actually decides where to forward each frame. Covers source-MAC learning, destination-MAC lookup, the three outcomes (forward / flood / drop), and store-and-forward vs cut-through.

One topic per email, every fortnight

VLANs, OSPF, ACLs, subnetting, automation — written like this. Unsubscribe in one click.

We respect your inbox. One email per week, max. Unsubscribe any time.

Start typing — or browse popular topics below.

↑↓ navigate open Searches topics · labs · programs · pages