cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5675
Views
2
Helpful
10
Replies

force catalyst 2960 to ignore startup config

zittastanislav
Level 1
Level 1

Good afternoon,

I was wondering if I can force catalyst 2960 to skip startup config stored in NVRAM and boot with no config everytime it is powered. I tried to find it on google and in cisco white papers but still no luck. I found only commands that begin with "set boot config-register ... ", but switch acts like it does not know these commands. Any help would be appreciated. Thanks.

Best regards,

Standa Zitta

10 Replies 10

Peter Paluch
Cisco Employee
Cisco Employee

Hi Standa,

Nice to meet you here again

Sadly, lower-end Catalyst switches do not have a concept of a configuration register. While a value of 0x0 is displayed in the show version output, there is really no configuration register present on these devices. Thus, it is not directly possible to influence the switch in this way.

However, more recent IOSes appear to have the boot config-file command pointing the IOS to the location of the startup-config. By default, the location is flash:/config.text as evidenced by the show boot command:

SW-Dist1#show boot

BOOT path-list      : flash:c3560-ipbasek9-mz.122-52.SE.bin

Config file         : flash:/config.text

Private Config file : flash:/private-config.text

Enable Break        : no

Manual Boot         : no

HELPER path-list    :

Auto upgrade        : yes

Auto upgrade path   :

Timeout for Config

          Download:    0 seconds

Config Download

       via DHCP:       disabled (next boot: disabled)

Try modifying this setting to null:/config.text, i.e. in the global configuration mode, enter the following command:

boot config-file null:/config.text

Hopefully this will do the trick - however, I haven't tried it myself so it's up to you to find out if this works. Please keep in mind that there is no way for the switch to ignore the vlan.dat file - you'll have to somehow work around it.

Please let me know if this worked.

Best regards,

Peter

Hello Peter,

what a surprise How are you doing?

Thank you for your reply. Unfortunately, neither 2960 nor 3560 do not accept that command. Problem was switch wasn't satisfied with "null" word in boot config-file null:/config.text command. It said that "flash" is the only one correct.

It's not a such a big deal. Only thing I wanted to achieve was to make our lab less prone to students' config errors like misconfigured password and subsequent inability to log in....

Still, thank you for your help

Standa Zitta

Hello Standa,

I'm fine, thanks for asking How are you?

Hmmm, the IOS seems to be quite picky here. Well, well... Let's give it one more try. The boot config-file command in fact configures an environment variable called CONFIG_FILE. This variable can also be manipulated manually from the bootloader command line (the one you break into when doing password recovery). Perhaps the bootloader does not perform such a strong validity check on the name of the configuration file. Try breaking the IOS bootup process and in the bootloader, try entering the following command:

set CONFIG_FILE null:/config.text

We'll see if this helps...

Best regards,

Peter

Standa,

Please disregard my previous response. It will sadly not work, either. The trick is that while the bootloader will allow you to set the CONFIG_FILE variable using the null: filesystem, the IOS during boot will detect that the CONFIG_FILE does not contain a valid path and will unset it, reverting to the default. I don't like when software tries to outsmart its administrator

Anyway, it seems that I have found a totally simple yet working solution. Simply use the boot config-file to point the IOS to a nonexistent directory within the flash: filesystem. As the IOS is not going to create the directory itself, it will be unable to store (and thus read) any configuration unless you create that directory manually. So for example:

boot config-file flash:/nonexistent/config.text

After configuring this, any attempt to save the running-config to startup-config will fail:

Switch#show boot

BOOT path-list      : flash:/c2960-lanbasek9-mz.122-58.SE1/c2960-lanbasek9-mz.122-58.SE1.bin

Config file         : flash:/nonexistent/config.text

Private Config file : flash:/private-config.text

Enable Break        : no

Manual Boot         : no

HELPER path-list    :

Auto upgrade        : yes

Auto upgrade path   :

NVRAM/Config file

      buffer size:   65536

Timeout for Config

          Download:    0 seconds

Config Download

       via DHCP:       disabled (next boot: disabled)

Switch#write

Building configuration...

nv_done: unable to open "flash:/nonexistent/config.text.new"[OK]

Switch#

The protection will last as long as the "flash:/nonexistent" directory does not exist.

Try it out and let me know if it worked for you!

Best regards,

Peter

Peter, you are incredibly quick

I just rebooted the switch after saving the configuration and it's asking me if I want to terminate autoinstall - this is proof that everything works correctly. Many many thanks, you solved my "headache". Now, I am going to implement it happily on every switch in our lab.

One more time thanks and have a nice day

Standa Zitta

Hi Standa,

You are very much welcome! Once again, please note that the vlan.dat file will still be stored and processed. I do not currently know of any way of redirecting the vlan.dat to oblivion... Perhaps I can find out something about access rights to files...

Anyway, I'm glad it appears to have worked for you.

Best regards,

Peter

Hello again, Peter,

vlan.dat is not as critical for us as rest of config, students are often aware of deleting vlans before configuring, but if somebody forgots to clean config, consequences are often worse. Anyway, it's interesting topic to think about :-)

Have a nice rest of the day,

Standa

Hi Peter

I just used your input in our Networking Academy Lab, however, I hav run into an issue.
when using the write or copy run start command no config file is created in flash.

I can get around that by using copy run config.text that will save the running config in flash:

But I would like to make an alias so my students always use the same filename - makes it a lot easier to clean up.
However when I try to configure an alias "gem" it takes the command but creates no alias.
I probably do not understand the syntax correctly

Switch(config)# alias configure gem copy run config.text

 

I am slightly puzzled about your post. The original post and its very interesting suggestions (thank you @Peter Paluch ) was about how to make sure that the switch would not use the startup config in  its boot process. If you do not want the switch to use startup config then why does it matter whether students can save the config or not?

HTH

Rick

Hi Rhchard
The problem is we spend too much time on students who use "non standard" passwords and then leave the box locked in the middle of an exam. If they can save their startup-config they can reload and copy the config back and correct the password.
The next benefit is that if another student needs the box it is accessible eventhough it may not be reset.
Regards,

Orla

 

Review Cisco Networking for a $25 gift card