File Handling in Cisco IOS

Cisco IOS File Handling

Notes about other resources: This guide is rather specific for Cisco devices. For more information about basic usage on Cisco devices, see the start of the Cisco usage guide. For related topics for other types of devices, see: file handling.

File handling

Differences between Cisco products

Viewing an active configuration file might be done using “show run” or “write terminal”, while viewing the stored configuration file may be done using “show start” or “more start” or “show configuration”, depending on what version of the operating system is being used.

Support DOC 4250 shows how some devices use one command (erase for the filesystem, which is a command that other devices may use for only a single file), while other devices may use different commands (e.g. format), and some devices may even be able to switch which command is used based on whether a squeeze log file has been created.

So, know that this shows some details for many items, not not necessarily all.

Differences from other operating systems

Remember how commands can be referenced by recognized shortcuts? Well, so can filenames. For example, “ copy startup-config tftp: ” can be abbreviated to “ copy start tftp ” (using a shorter filename and removing the colon from the destination's prefix), and “ copy running-config flash:startup-config ” may commonly be shortened to “ copy run start

This does not mean that filenames are restricted to pre-defined filenames. User-created filenames can be created (on at least some devices). However, some interesting filenames do have shortcuts on how they may be referenced.

Here's a characteristic of Cisco IOS which one doesn't typically see a lot of. (Unix might be able to support some of this with the concept of a Symbolic Link, but Cisco IOS probably has a lot more frequency of using these shortcut names (like “run”) when file handling commands get used.

Quick overview: The most important files

There are four files that are generally more important than any others.

Operating System (boot) image

This exists. It will typically be stored at “flash:”. That is just the location of the file: the boot file also has a filename. The filename may typically be fairly long. For instance, c1841-ipbase-mz.123-14.T7.bin is 29 characters long.

Running configuration

This “file” is called “running-config” and reflects the current state of the equipment. Any time that the equipment's configuration is changed, this “file” also gets altered.

The “file” can often be referred to by the shortcut name, “run”. The “file” is stored in RAM. If there was a “directory” for this file, it might be “system:”, but some devices might not support “system:”. So, the right (and perhaps only?) way to really access this file might be to just not refer to a directory name.

Cisco IOS: common commands shows a “configuration” (“show configuration” which appears to provide a similar functionality to “show run”. Official Cisco training has been known to point people to the “show run” command, so that may be preferable due to reasons like being more widely supported or perhaps showing a different, and likely more desirable, amount of information.

Startup Configuration

This file is called “startup-config” and has a full pathname of “nvram:startup-config”.

Note: If a device doesn't support “copy running-config startup-config”, Cisco IOS documentation: saving configuraiton changes mentions an alternative: “write memory”. This alternative is known to work on not only newer hardware, but some older hardware as well. So that may actually be the more compatible method, but it may also be a little harder to remember than the copy command which permits an easy way to either write new configuration or to restore older configuration (depending on which filename is specified first, making that the source, and which filename is specified last, indicating that file is the destination).

VLAN configuration

VLAN information may be stored in a flash:vlan.dat file. The main reason to know about this file is that it can store information that affects communications. An attempt to really reset the device to factory default behavior may need to erase not only the Startup Configuration file, but also this file as well. Otherwise, if this file has been customized, then erasing the Startup Configuration file, but leaving this customized file in place, may cause the device to behave in a way that really breaks a lot of standard behavior.

Seeing what filesystems exist
deviceName#show file systems

The names of the filesystems will show in a column called “Prefixes” which basically act like “mount points” (or, for users of DOS and similar platforms like Microsoft Windows, “drive letters”). For flash: and nvram:, the “Type” column may look quite similar to the value in the “Prefixes” column (simply lacking the colon at the end of the prefix name). Other file systems might have different values. For instance, Cisco product tech note redirection to Cisco product tech note: Copying information from one device to another device in the same router lists some filesystems that may be available. Some of those look like actual devices, while others look like known file transfer software protocols. Depending on what device is being used (and possibly depending on other details, like what add-on equipment has been added), there may be some other devices available. (For example, the flh: refers to Cisco's “Flash Load Helper”, and is further documented by Cisco's “Flash Load Helper” compared to Dual Flash Bank.)

Seeing what files exist

As a generalization (which needs to be customized), try something like this:

deviceName#dir filesysPrefix:

e.g.:

deviceName#dir nvram:

or...

deviceName#dir flash:

Another method for viewing the contents of flash::

deviceName#show flash:

That will show much of the same information, but not entirely. Also, using the sh (a.k.a. show) command may work fine for flash: but not for nvram: (as experienced by a ROM from Packet Tracer 5.3.3).

[#cscioshf]: Viewing files

Cisco IFS documentation: section on show startup-config notes, “In Cisco IOS Release 12.0 the show startup-config command was deprecated in favor of the more nvram:startup-config command. Although more commands (in various operating systems) are generally recommended (due to their uniform structure across platforms and their expandable syntax), the show startup-config command remains enabled to accommodate its widespread use, and to allow typing shortcuts such as show start.”

Using an IOS ROM bundled with Packet Tracer 5.3.3 (“12.3(8r)T8”, flash:c1841-ipbase-mz.123-14.T7.bin), the more command seemed to imply a prefix of flash:, making the command unusable for trying to view the contents of the nvram:running-config “file”. So, a command like either of the following was needed to view that “file”:

deviceName#show nvram:running-config
deviceName#show run

There have been some more advanced commands that have been documented. For example, the following commands use piping (which uses the “pipe character”).At least some of this did not seem to work with Packet Tracer images. However, the following might work on some equipment:

Restricting output to lines matching text
deviceName#show nvram:running-config | include textToShow
Restricting output to sections starting with text
deviceName#do show nvram:running-config | begin textToShow

This shows a configuration which includes all of the lines that start with the textToShow, and the related commands (which a standard configuration view will typically show as indented under such a line). This probably makes more sense after seeing an example:

e.g.:

deviceName(anything)#end
deviceName#do show nvram:running-config | begin line
line con 0
  password # passwordOrHash
  login
line aux 0
  no exec
  login
  password # passwordOrHash
line vty 0 4
  password # passwordOrHash
  password # login
!
end
deviceName#

So this shows all of the configuration of the various connection lines, by showing each configuration entry that includes the word line, as well as the configuration options within those line sections.

Note that this example was fabricated based on multiple sources of documentation. (This might not yet be tested by the creator of this text, as this time.) Be sure to check how this works, on actual equipment, before just assuming that it will work as documented here.

[#iosflcmd]: Other commands/details

(This section describes some IOS commands. Note that this section does not display all such commands, and reading the rest of this file handling tutorial is recommended. For instance, viewing files shows some piping options.)

IOS 12.2 documentation: IOS File System (IFS) commands show multiple commands, which are not discussed in much detail here because they are discussed by Cisco's documentation and because many of these are similar to DOS/Unix commands (see handling files). Some commands include:

dir
listing files
copy
copying files
delete
removing files
rename
renaming/moving files
pwd
show present working directory
cd
like chdir
mkdir
creating directories/folders
rmdir
removing directories/folders
more
viewing files, particularly discussing paging
fsck
testing/repairing filesystems

There may even be a “service compress-config” to support file compression of the nvram:startup-config file. (For more details about the generic concept, see: data compression.)

An “ erase startup-config ” command may be used. Interestingly, a Packet Tracer implementation showed that “ erase ? ” offered only one option: startup-config. (Not any user-chosen filename. Just that one single specific file.) To delete other files, use delete.

In an IOS version bundled with Packet Tracer 5.3.3, it seemed that the more command might only work for data copied to flash:. (A file stored in nvram: could be viewed by first copying the file to flash:.) Documentation indicates that the more command does not have this limit on all devices.

Cisco 7201 Installation/Configuration: section on replacing/installing CompactFlash shows an eject button to the right of the CompactFlash slot. Some equipment may have an eject button to the left of the CompactFlash slot. (The next section is Cisco 7201 Installation/Configuration: section on replacing/installing USB memory.)

documentation about: copy logging system destination

Some devices (Cisco Pix 501, perhaps?) might not support copy. If so, the write command may be useful. (“write terminal” may be similar to “sh run” and “write memory” may be similar to “copy run start”.)

Working with remote file systems

In addition to local filesystems (like nvram: and flash:), there may be some remotely accessible protocols such as tftp. They may show up when running:

deviceName#show file systems

As noted earlier, Cisco product tech note redirection to Cisco product tech note: Copying information from one device to another device in the same router lists some filesystems that may be available. Some of those listed are clearly recognized as being related to file transfer protocols, including: ftp: and rcp: and tftp:

piping output

Output can be redirected. (Some of this may have already been seen in some of the earlier example commands.

Note that redirecting output may be a feature that is newer than some of Cisco's older equipment. For instance, Show output redirection seems to indicate that this feature got intorduced to Cisco IOS XE with “Release 2.1”. There are certainly some commands that are documented, and even seem to be mentioned on a fairly wide-spread basis, which don?t actually work on some other equipment.

Output can be redirected to a local file, or to a remote filesystem. However, support may not be universally consistent with some of the other abilities to access remote file systems. For instance, Ciscio IOS reference: tee notes that this supports saving to local storage (a disk, or flash), or remote servers using some file transfer protocols (the the FTP file transfer protocol or the TFTP file transfer protocol), although does not support using the rcp: prefix to use the RCP file transfer protocol.

file

This creates a file. Using information from, Cisco IOS command commands, running a command looking something like the following ought to work:

show something | file output.txt

Here is another example, showing some customization of the appropriate sections:

show running-config | file current.txt
tee

One way to handle text, as mentioned in some earlier commentary, is to copy it to a location while also allowing the text to be displayed. Similar to Unix, this is done with the tee command. Cisco show output redirection mentions being able to use tee to copy output.

Secure Bootset

The operating system image and the startup-config file can be secured with a feature called “resiliency” to create a “secure bootset”. This prevents the ability to write to a secured file. Removing this security remotely is not supposed to be possible. Using the “no” command can remove this protection, but only from the console connection.

! secure operating system boot image
secure boot image
! secure configuration file
secure boot config
do show secure bootset
Final/Misc thoughts

This guide may not cover all of the possible commands. One reason for this is that further commands may be added over time. Also, at the time of this writing, various redirection/piping options have not been very heavily documented here (yet). So there may certainly be more possibilities, beyond just what this guide shows. If there is a need, and probably especially if Unix provides similar capabilities (because that might be especially likely to be supported), then researching the possibilities is recommended.

Though this gets slightly off the topic of file handling, Cisco IOS documentation: filtering show output discusses piping, and mentions some more available commands that are similar to what may be found in Unix.