show version – IOS Version, Config Register, Reload Reason & Upgrade Checks

1. Purpose of show version

show version is the single most informative diagnostic command on any Cisco device. It provides a complete hardware and software snapshot — everything needed to identify a device, verify its software state, check resources for an upgrade, understand why it rebooted, and confirm licensing. It runs from privileged exec mode (Router#) with no parameters required.

Use Case	What to Look For
Pre-upgrade check	IOS version, RAM size, Flash size, platform model — determine if the new image fits and is supported
Diagnose unexpected reboot	System uptime (how recently), last reload reason (power-on, crash, reload command)
Hardware inventory	Model number, Processor board ID (serial number), interface count — for asset management and Cisco TAC cases
Password recovery	Configuration register value — must be 0x2142 before reboot and returned to 0x2102 afterward
License / feature verification	License level (IP Base, IP Services, Security, Voice) — determines which features are available
Boot troubleshooting	System image file location (flash:), ROMMON version, boot variable

2. Full Annotated show version Output — Cisco Router (IOS 15.x)

Router# show version

Cisco IOS Software, Version 15.7(3)M2, RELEASE SOFTWARE (fc1)   <-- IOS version
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Mon 26-Mar-18 15:15 by prod_rel_team

ROM: System Bootstrap, Version 15.7(3r)M2, RELEASE SOFTWARE (fc1) <-- ROMMON version
                                                                        (bootstrap loader)
Router uptime is 1 week, 2 days, 14 hours, 7 minutes               <-- time since last reboot
System returned to ROM by reload at 08:23:41 UTC Mon Mar 12 2018   <-- last reload reason
                                                                        + timestamp

System image file is "flash0:isr4300-universalk9.03.16.07.S.155-3.S7-ext.SPA.bin"
                       ^     ^                  ^         ^
                       |     Platform            |         Feature set
                       Flash  IOS XE version    Version string

Last reload type: Normal Reload
Last reload reason: Reload command                                  <-- administrator issued 'reload'

cisco ISR4331/K9 (1RU) processor with 1647578K/6147K bytes of memory.
                        ^                ^       ^
                        Model            DRAM    Shared I/O memory
Processor board ID FGL213722RX                                     <-- Serial number
3 Gigabit Ethernet interfaces                                       <-- Interface inventory
2 Management Ethernet interfaces
32768K bytes of non-volatile configuration memory.                 <-- NVRAM size
4194304K bytes of physical memory.                                 <-- Total RAM (4 GB)
3255295K bytes of flash memory at bootflash:.                      <-- Flash storage

License Information for Module:'esg'
  Level: appxk9                                                     <-- License level
  Type: Smart License

Configuration register is 0x2102                                   <-- Boot config register
                              ^^^^
                              Normal boot = load startup-config from NVRAM

3. Full Annotated show version Output — Cisco Switch (IOS 15.x)

Switch# show version

Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(7)E1
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Thu 03-Oct-19 09:49 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(7r)E1   <-- Boot loader version

Switch uptime is 34 weeks, 2 days, 5 hours, 17 minutes
System returned to ROM by power-on                                  <-- Reload reason: power cycle
                                                                        (not a manual reload)
System image file is "flash:c2960x-universalk9-mz.152-7.E1.bin"

Processor board ID FOC2141Y23P                                      <-- Serial number
Last reload type: Normal Reload

cisco WS-C2960X-48FPS-L (APM86XXX) processor (revision V01)        <-- Model number
                  ^^^^^^^
                  48 ports, PoE, L2 only
with 524288K bytes of memory.
2048K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address       : A8:9D:21:FE:BC:00               <-- Switch base MAC
Motherboard assembly number     : 73-16169-06
Power supply part number        : 341-0543-01
Motherboard serial number       : FOC21411YRL
Power supply serial number      : POG21431VXT

Model revision number           : V01
Motherboard revision number     : A0
Model number                    : WS-C2960X-48FPS-L
System serial number            : FOC2141Y23P                      <-- same as Processor board ID

        48 FastEthernet interfaces                                  <-- Interface summary
         4 Gigabit Ethernet interfaces
         2 Ten Gigabit Ethernet interfaces

Configuration register is 0x102                                    <-- Switch: register
                              ^^^  (no leading 2 on some switch models)

4. Key Fields — Detailed Reference

Field	What It Contains	Why It Matters
IOS Version	Version string: e.g., 15.7(3)M2, 15.2(7)E1, 16.9.4	Identifies current software; determines feature availability; required before downloading a replacement image (must match platform and licence)
System Image File	Flash path and filename of loaded IOS binary	Confirms which image is running; the filename encodes platform, feature set, and version (see Section 5)
Device Model	Hardware platform identifier (e.g., ISR4331/K9, WS-C2960X-48FPS-L)	Required for Cisco TAC cases, licensing, and selecting the correct IOS image for upgrade
Processor Board ID	Device serial number (e.g., FGL213722RX, FOC2141Y23P)	Unique hardware identifier for asset management, SmartNet contracts, and Cisco support cases
System Uptime	Time since last reload: weeks, days, hours, minutes	Short uptime + unexpected reload reason = investigate power or stability issue. Long uptime = stable device
Last Reload Reason	Why the device rebooted: reload command, power-on, software crash, watchdog timeout, etc.	Distinguishes planned vs. unplanned restarts; crash-triggered reloads require log investigation
RAM (Memory)	DRAM in KB or MB; format varies by platform	New IOS images have minimum RAM requirements; confirm before downloading. IOS XE 16.x typically requires 4+ GB DRAM
Flash	Flash storage size (bootflash, flash0, etc.)	New IOS image must fit in available flash space alongside the current image (for dual-image rollback capability)
NVRAM	Non-volatile RAM size (stores startup-config)	Large configurations on complex devices require sufficient NVRAM. Rarely a constraint on modern hardware
Configuration Register	16-bit hex value: 0x2102, 0x2142, 0x2100, 0x2101	Controls boot behaviour; critical for password recovery and boot troubleshooting (see Section 6)
Interface Summary	Count and type of interfaces: "48 FastEthernet interfaces, 4 Gigabit Ethernet interfaces"	Verifies expected hardware is present and recognised; missing interfaces may indicate hardware failure or module not seated
License Level	Active feature licence: IP Base, IP Services, Security, appxk9, securityk9	Determines available features; some protocols (OSPF, BGP, VPN) require a specific licence level
ROMMON Version	Bootstrap/boot loader version	Required for ROMMON-based recovery; occasionally updated separately from IOS

5. Decoding the IOS Image Filename

The System Image File field contains the IOS image filename stored in flash. Each part of the filename is meaningful and identifies exactly what is loaded.

  Classic IOS filename:
  c2960x - universalk9 - mz . 152-7.E1 . bin
  ^^^^^^^   ^^^^^^^^^^^   ^^   ^^^^^^^^^   ^^^
  Platform  Feature set   Format  Version  Extension

  c2960x     = Catalyst 2960X platform
  universalk9= Universal image with all feature sets (K9 = encryption capable)
  mz         = compressed (z) image stored in RAM (m = runs from RAM)
  152-7.E1   = IOS 15.2(7)E1 release
  bin        = binary executable

  Common feature set codes:
  ipbase     = IP Base (basic routing/switching features)
  ipservices = IP Services (adds OSPF, BGP, EIGRP, QoS, MPLS)
  security   = Security features (VPN, firewall)
  universalk9= Universal (all features; licence controls what's active)

  Common format codes:
  mz  = DRAM-based, compressed (most common for routers)
  az  = Flash-based, compressed (rare)
  w   = runs from ROM (very old)

  IOS XE filename (ISR 4000, Catalyst 9000 series):
  isr4300-universalk9.03.16.07.S.155-3.S7-ext.SPA.bin
  ^^^^^^^  ^^^^^^^^^^^  ^^^^^^^^     ^^^^^^^^^^^^^^^^^^
  Platform Feature set  IOS XE ver   Classic IOS equiv version string

  IOS XE examples:
  16.9.4   = Fuji release (Catalyst 9300, 9400, 9500)
  17.3.x   = Amsterdam release (Catalyst 9000, ISR 1000/4000)
  Note: "show version" on IOS XE shows BOTH the IOS XE version
        AND the equivalent classic IOS version string

6. Configuration Register — All Values Explained

The configuration register is a 16-bit value stored in NVRAM that controls several aspects of device behaviour at boot time. It is displayed in hexadecimal. Understanding it is essential for password recovery and boot troubleshooting.

Value	Meaning	When Used
0x2102	Default/Normal boot — load IOS from flash, load startup-config from NVRAM	Normal production operation; this is what every device should show under normal conditions
0x2142	Ignore startup-config at boot — device boots with empty configuration	Password recovery procedure — allows admin to enter device without the unknown enable password. Must be changed back to 0x2102 after recovery
0x2100	Boot to ROMMON (ROM Monitor) — stops at rommon> prompt	Low-level recovery; ROMMON-based file operations (xmodem transfer, manual boot); rarely set intentionally in production
0x2101	Boot from ROM (mini-IOS or bootstrap image) — bypasses flash IOS	Recovery when flash is corrupt or IOS image is missing; boots minimal-functionality IOS from ROM
0x2104, 0x2106, etc.	Boot field bits 0–3 select which boot source; upper bits control console speed, break key, etc.	Specialised configurations; break key disable (bit 8); console speed override (bits 11–13)

Bit Breakdown of 0x2102

  0x2102 in binary: 0010 0001 0000 0010

  Bit 0-3  (boot field) = 0010 = Boot from flash (normal)
  Bit 6    = 0 = Ignore boot system commands: NO (use boot system commands)
  Bit 8    = 0 = Break key during boot: ENABLED (0 = enabled; 1 = disabled)
  Bit 13   = 1 = Boot from ROM on failures after boot attempts

  0x2142 in binary: 0010 0001 0100 0010
                               ^
                         Bit 6 = 1 = IGNORE startup-config on next boot
                         This single bit change is the entire password recovery trick!

Changing the Configuration Register

! Change config register from global config mode:
Router(config)# config-register 0x2102     ! Set to normal boot
Router(config)# config-register 0x2142     ! Set to ignore startup-config

! Change takes effect on NEXT reload (not immediately)
Router(config)# end
Router# reload

! Verify after reload:
Router# show version
...
Configuration register is 0x2102    <-- confirm it changed correctly

7. Reload Reasons — What Each Means

Reload Reason Message	Meaning	Action Required
`System returned to ROM by reload command`	Administrator issued `reload` — planned reboot	None — expected; note the timestamp to confirm it was during a maintenance window
`System returned to ROM by power-on`	Device was power-cycled or experienced a power failure	Investigate power supply and UPS; if unplanned, review power event logs and environmental conditions
`System returned to ROM by software-forced crash`	IOS encountered a critical error and forced a restart (similar to a kernel panic)	Check `show logging` for the crash traceback; collect crash dump (`show stacks`); open Cisco TAC case; consider IOS upgrade
`System returned to ROM by watchdog timeout`	Hardware watchdog timer expired — CPU was too busy to reset the watchdog counter (CPU utilisation issue)	Check `show processes cpu` for runaway processes; check for routing loops or broadcast storms causing high CPU
`System returned to ROM by bus error at PC`	Bus error — often indicates a software bug accessing invalid memory, or hardware memory fault	Open Cisco TAC case; decode the crash address; check for known bugs in Cisco bug toolkit; may require hardware replacement
`Reload requested by user from terminal`	Reload was initiated via a console, VTY, or scheduled reload command	None if planned; investigate if unexpected

Multiple reboots: show version only shows the most recent reload reason. To see a history of reboots and error events, check show logging. On IOS XE,

show platform software
              process slot switch active r0 monitor

provides additional crash history.

8. RAM and Flash — Pre-Upgrade Resource Check

Before upgrading IOS, the two critical resources are DRAM (must meet the new image's minimum RAM requirement) and Flash (must have enough free space for the new image, ideally alongside the old one for rollback).

  From show version output:
  "with 1647578K/6147K bytes of memory"
        ^^^^^^^  ^^^^^
        DRAM    Shared I/O memory
  1647578K = approximately 1.57 GB DRAM total

  "3255295K bytes of flash memory at bootflash:"
   ^^^^^^^
   3255295K ÷ 1024 ÷ 1024 ≈ 3.1 GB flash available

! Verify available flash space:
Router# dir flash:
Directory of flash:/
1  -rwx  499712    Oct 22 2018 10:32:12 +00:00  isr4300-universalk9.SPA.bin
2  drwx   4096     Oct 22 2018 10:30:00 +00:00  managed

3255295 bytes total (2755583 bytes free)
                               ^^^^^^^
                               2.6 GB free -- plenty for another ~100 MB IOS image

! If flash is tight -- check specific free space:
Router# show flash: | include bytes
3255295 bytes total (2755583 bytes free)

! Cisco guidance for IOS upgrade: keep BOTH old and new image in flash
! until new image is confirmed stable; then delete old image
! Old image serves as rollback if new image has issues

IOS Image Size vs. Memory Requirements

Platform	Typical Image Size	Min DRAM (IOS 15.x)	Min Flash
Catalyst 2960X	~25 MB	128 MB	64 MB
Catalyst 3850 / IOS XE	~200 MB	4 GB	4 GB
ISR 4000 / IOS XE	~300 MB (package)	4 GB	8 GB
Catalyst 9300 / IOS XE	~600 MB–1 GB	4 GB	16 GB

9. Password Recovery Using Configuration Register

When an enable password or enable secret password is forgotten, the configuration register is used to bypass the startup configuration and regain access to the device. The key is that by setting the register to 0x2142, the router boots with a blank configuration — no password protection.

  Password recovery procedure (Cisco router):

  Step 1: Power cycle the router. Within 60 seconds of boot,
          send a BREAK signal on the console to enter ROMMON mode.
          (Ctrl+Break in PuTTY, or Break key on terminal)
          Prompt: rommon 1 >

  Step 2: Change config register to ignore startup-config:
          rommon 1 > confreg 0x2142
          rommon 2 > reset
          (Router reboots and comes up with blank config)

  Step 3: When prompted to enter setup mode, type No.
          Router boots to: Router>
          Type: enable
          (No password required -- blank config)

  Step 4: Restore configuration from startup-config:
          Router# copy startup-config running-config
          (This loads the full original config including the old password)

  Step 5: Change the enable secret to the new password:
          Router(config)# enable secret NewPassword123

  Step 6: CRITICAL -- Restore normal config register:
          Router(config)# config-register 0x2102
          Router(config)# end
          Router# copy running-config startup-config
          Router# reload
          (Device reboots with new password and normal boot behaviour)

  Step 7: Verify:
          Router# show version
          ...
          Configuration register is 0x2102   <-- confirms normal boot restored

If you forget Step 6 (restoring 0x2102), the device will boot with a blank configuration again on the next reload — losing all the configuration changes made during recovery. Always verify the register value with show version before the final reload.

10. IOS vs IOS XE — Version Differences in show version

Cisco has been transitioning from classic IOS to IOS XE on newer platforms. The show version output differs between them.

Feature	Classic IOS (15.x)	IOS XE (16.x / 17.x)
Typical platforms	Catalyst 2960, 3750, 3560, ISR 2800/2900/3900	Catalyst 9000 series, ISR 1000/4000/4400, ASR 1000
Version format	15.2(7)E1, 15.7(3)M2	16.9.4, 17.3.1 (also shows equivalent 15.x string)
IOS image	Single monolithic binary (.bin file)	Package-based (bundle or install mode; .bin or sub-packages)
Memory displayed	"with 524288K bytes of memory"	Shows both DRAM and package install info separately
Licence info	Legacy licence levels (IP Base, IP Services)	Cisco Smart Licensing — separate portal; show version shows feature level
show version appearance	Shorter output	More verbose; may show package install mode status

  IOS XE show version sample (Catalyst 9300):

  Cisco IOS XE Software, Version 16.12.04                    <-- IOS XE version
  Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software
  (CAT9K_IOSXE), Version 16.12.4, RELEASE SOFTWARE (fc5)

  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2020 by Cisco Systems, Inc.

  cisco C9300-48P (X86) processor with 1414933K/6147K bytes of memory.
  Processor board ID FCW2312G07E
  2048K bytes of non-volatile configuration memory.
  8388608K bytes of physical memory.
  1638400K bytes of Crashinfo at crashinfo:.
  11264000K bytes of Flash at flash:.                        <-- 11 GB flash
  0K bytes of WebUI ODM Files at webui:.

  License Information for Module:'chassis 1'
    License Level: network-essentials
    License Type: Permanent Right-To-Use
    Next reload license Level: network-essentials

  The current throughput level is 250000 kbps

  Configuration register is 0x102

11. Platform Differences — Router, Switch, ASA

Device Type	Unique Fields in show version	Notable Differences
Router (ISR)	Serial/WAN interfaces, configuration register, processor type, ROMMON version, boot variable	Config register is critical; reload reasons include bus errors and watchdog timeouts from complex routing processes; licence determines routing feature set (e.g., MPLS, VPN)
Switch (Catalyst)	Ethernet interface summary (e.g., "48 FastEthernet, 4 Gigabit"), PoE status, base MAC address, switch serial number	Config register on some models uses 0x102 (without leading 2); licence determines if L3 routing is available; power supply info included on PoE models
Firewall (ASA)	Security context mode (single/multi), failover status, VPN session capacity, firewall mode (routed/transparent)	ASA uses different OS (ASA OS, not IOS); "show version" shows maximum VPN sessions, context count, failover configuration; licensing is per-context and per-feature
IOS XE (Cat 9000)	Both IOS XE version AND equivalent IOS version string, package install mode, Smart Licence status, throughput level	Much larger flash and RAM than classic IOS devices; install mode vs bundle mode affects upgrade procedure; Smart Licensing requires cloud or on-prem licence server

12. Troubleshooting with show version — Practical Scenarios

Scenario	What show version Reveals	Next Steps
Router rebooted unexpectedly overnight	Uptime = 4 hours (confirms recent reboot); Last reload reason = "software-forced crash"	`show logging` for crash traceback; `show stacks` for process that crashed; open TAC case with output; consider IOS upgrade
IOS upgrade fails — "not enough flash space"	Flash size = 64 MB; new image = 45 MB; old image = 35 MB (80 MB needed, only 64 MB total)	Delete old image ONLY after confirming new image boots correctly; `delete flash:old-image.bin`; verify with `dir flash:`
Feature not available after licence shows correct level	Licence level = "ipbase" but OSPF configuration fails	Upgrade licence to "ipservices" for OSPF/BGP/MPLS on classic IOS; on IOS XE, activate the appropriate Smart Licence entitlement
Device boots with no configuration	Config register = 0x2142 (startup-config being ignored)	Change to 0x2102: `config-register 0x2102`; save the configuration; reload — or if this is intentional password recovery, follow Section 9 procedure
Device stuck at rommon> prompt	Config register = 0x2100 (boot to ROMMON)	From ROMMON: `confreg 0x2102` then `reset`; or use ROMMON to manually boot: `boot flash:image.bin`

13. Related Diagnostic Commands

! ── After show version reveals crash reload reason ──────────────────────────
Router# show logging ! Syslog buffer -- look for crash messages
Router# show stacks ! Process stack at time of crash
Router# show processes cpu sorted ! CPU utilisation by process
Router# show processes memory sorted ! Memory utilisation

! ── Storage and image verification ──────────────────────────────────────────
Router# dir flash: ! List flash contents and free space
Router# dir bootflash: ! IOS XE platforms use bootflash:
Router# verify /md5 flash:image.bin ! Verify image integrity (MD5 hash)
Router# show flash: ! Summary of flash with filesystem info

! ── Boot configuration ───────────────────────────────────────────────────────
Router# show boot ! Boot variable and config register
Router# show startup-config ! View startup-config in NVRAM

! ── Licensing ────────────────────────────────────────────────────────────────
Router# show license ! Licence status (classic IOS)
Router# show license summary ! IOS XE Smart Licensing summary
Router# show license udi ! Unique Device Identifier for Smart Licensing

! ── Hardware inventory ────────────────────────────────────────────────────────
Router# show inventory ! Detailed hardware inventory with S/N for all modules
Router# show hardware ! Extended hardware details

14. Key Points & Exam Tips

show version runs from privileged exec mode (#) — no configuration needed, no parameters required.
Configuration register 0x2102 = normal boot (load startup-config from NVRAM). 0x2142 = ignore startup-config (password recovery). 0x2100 = boot to ROMMON. These three values are critical exam knowledge.
The config register change (config-register 0x2142) takes effect at the next reload — not immediately. Always verify with show version after reload to confirm it changed.
Reload reason interpretation: "power-on" = power failure or cycle; "reload command" = planned admin reload; "software crash" or "software-forced crash" = IOS bug → check logs and open TAC case.
RAM check: look for "with XXXXXXK/XXXXK bytes of memory" — first number is DRAM. Flash check: look for "XXXXXXK bytes of flash" or run dir flash: for precise free space.
The System Image File shows the running IOS filename including platform code, feature set, and version — all encoded in the filename.
Processor Board ID = device serial number — needed for TAC cases and SmartNet support contract registration.
IOS XE devices show both the IOS XE version (16.x, 17.x) and the equivalent classic IOS version string in show version.
Short uptime with unexpected reload reason = immediate investigation required. Long uptime (months/years) = stable production device.
After password recovery, always restore 0x2102 with config-register 0x2102 before the final reload or the device boots with empty config again.

15. show version – System Details and Uptime Quiz

1. A network engineer sees this in `show version`: `Configuration register is 0x2142`. The device just rebooted and came up with a blank configuration. What happened and what must the engineer do before the next reload?

A. The startup-config was corrupted — reload again to fix it B. The device is in ROMMON mode — issue confreg 0x2102 from ROMMON C. The startup-config was erased — reconfigure the device from scratch D. Config register 0x2142 causes the device to skip startup-config at boot — the startup-config is intact in NVRAM but being ignored. The engineer must change the register back: config-register 0x2102, save config, and reload. Otherwise the device boots blank again every time

Correct answer is D. Config register 0x2142 sets bit 6 (the "ignore NVRAM config" bit), causing the device to bypass loading the startup-config from NVRAM at boot. The startup-config is NOT deleted — it is still safely stored in NVRAM. The device boots as if no startup-config exists. This is used during password recovery: you boot with a blank config (no enable password), copy startup-config to running-config to restore your configuration, change the password, then MUST change the register back to 0x2102 before the final reload. If you forget to restore 0x2102, the next reload will again boot blank — your password change and any other config work will be lost. ROMMON mode (option B) would be config register 0x2100, not 0x2142. The startup-config is not corrupted or erased.

2. A router's `show version` shows: `System returned to ROM by software-forced crash (SIGSEGV)` with uptime of only 2 hours. The router has been in production for 3 years without issues. What does this indicate and what is the immediate next step?

A. The router lost power — check the UPS B. IOS experienced a fatal error (SIGSEGV = invalid memory access), forced a restart to recover. Run show logging and show stacks to find the crash traceback; check Cisco bug toolkit for known issues with this IOS version; consider upgrading IOS C. An administrator ran the reload command — check the audit log D. The config register is set incorrectly — change to 0x2102

Correct answer is B. "Software-forced crash" indicates IOS itself encountered a fatal error — a signal like SIGSEGV (segmentation violation = invalid memory address access) caused the OS to restart to prevent data corruption. This is essentially a kernel panic or blue screen equivalent for Cisco IOS. Short uptime (2 hours) after a long stable history suggests something changed: a new configuration, new traffic pattern, or IOS software bug triggered by specific conditions. The diagnostic procedure: (1) show logging — look for the crash message with traceback; the traceback shows which IOS process was running when the crash occurred. (2) show stacks — shows the process stack at crash time. (3) Search cisco.com bug toolkit with the router model, IOS version, and the crashing process name. (4) If a known bug matches, upgrade to a fixed IOS release. A power loss (option A) would show "System returned to ROM by power-on," not software-forced crash. A reload command (option C) shows "System returned to ROM by reload command."

3. An engineer needs to upgrade IOS on a Catalyst 2960X switch. The current `show version` output shows: "with 524288K bytes of memory" and "64002048 bytes of flash memory." The new IOS image is 22 MB and the current image is 18 MB. Is the upgrade feasible?

A. No — 524 MB RAM is insufficient for the new IOS B. No — flash is too small to hold both images C. Yes — 524 MB RAM exceeds the typical 128 MB minimum for 2960X IOS. Flash = 64002048 bytes ÷ 1024 ÷ 1024 ≈ 61 MB. Current image (18 MB) + new image (22 MB) = 40 MB needed; 61 MB available — fits. Best practice: keep both images for rollback D. Cannot determine — need to run show flash separately

Correct answer is C. Calculating feasibility requires converting the raw KB values from show version. RAM: 524288K ÷ 1024 = 512 MB DRAM — well above the typical 128 MB minimum for Catalyst 2960X IOS 15.x. Flash: 64002048 bytes ÷ 1024 ÷ 1024 ≈ 61 MB total flash. Current image: 18 MB. New image: 22 MB. Total needed: 40 MB. Available: ~61 MB. Comfortable fit with ~21 MB to spare. The upgrade is feasible and can maintain both images simultaneously (best practice for rollback capability). After the new image is confirmed stable, delete the old image to reclaim flash space. Note: always verify exact free space with dir flash: as some flash may be used by log files, config backups, etc. The show version flash number is the total capacity, not free space.

4. What is the correct sequence to decode the system image filename `c2960x-universalk9-mz.152-7.E1.bin`?

A. Platform: Catalyst 2960X; Feature set: Universal with crypto (k9); Format: DRAM-based compressed (mz); Version: 15.2(7)E1; File type: binary executable B. Platform: Catalyst 2960; Feature set: base; Version: 7.1; File type: compressed archive C. The filename contains only the version number; platform details are in a separate field D. Platform: Catalyst 9200; Feature set: universal; Version: 15.2; Format: XZ compressed

Correct answer is A. The IOS classic image filename is structured as: [platform]-[feature_set]-[format].[version].[bin]. Breaking it down: "c2960x" = Cisco Catalyst 2960X platform. "universalk9" = Universal image containing all feature sets (the active features depend on the licence installed); "k9" indicates the image includes 3DES/AES encryption (required for SSH, SSL VPN). "mz" = the image is RAM-based (m = runs from DRAM after decompression, not directly from flash) and compressed (z = gzip compressed). "152-7.E1" = IOS version 15.2(7)E1; the E release train is for Catalyst LAN switches. "bin" = binary executable. The format code "mz" is the most common for modern Cisco IOS. "az" format runs from flash without decompression (used on flash-short devices). Knowing how to decode this filename allows you to verify that a downloaded image is appropriate for your hardware before attempting an upgrade.

5. A network engineer performs password recovery on a router and completes all the steps including restoring the configuration and setting a new enable secret. She then issues `show version` and sees: `Configuration register is 0x2142`. She saves the config and reloads. What happens?

A. Everything is fine — 0x2142 is normal after password recovery B. The new enable secret is applied and the device boots normally C. The device boots with a blank configuration again — the startup-config (including the new password) is ignored because 0x2142 was never changed back to 0x2102. She must enter ROMMON or use another recovery cycle to fix this D. The device boots normally but disables the enable secret for security

Correct answer is C. This is the most critical password recovery mistake. The engineer completed the password change correctly but forgot Step 6 — changing the config register back to 0x2102. Saving the running-config (which includes the new enable secret) to startup-config (NVRAM) preserved the configuration data. However, since the config register is still 0x2142, the router ignores the startup-config on boot regardless of what it contains. The router boots with a blank configuration. The new password (and all other configuration) is lost in effect — technically still in NVRAM but not loaded. The engineer must either: (A) Reload again, break into ROMMON (confreg 0x2102, reset) and then go through the recovery steps again properly; or (B) Connect via console while the blank config is loaded, change config register to 0x2102, save, reload, then load the backup config. This scenario is why "verify the config register with show version before the final reload" is Step 7 of the password recovery procedure.

6. A switch's `show version` shows: `System returned to ROM by watchdog timeout` after a period of degraded network performance. What does this reload reason indicate and what should be checked?

A. The switch ran out of flash space and rebooted to clear old log entries B. The CPU was overloaded — it couldn't reset the hardware watchdog timer fast enough, triggering a forced reboot. Check show processes cpu sorted for runaway processes and show logging for any events that preceded the high CPU C. A power failure occurred but was misidentified by the firmware as a watchdog timeout D. The watchdog timer is a scheduled reboot feature configured by the administrator

Correct answer is B. The hardware watchdog timer is a safety mechanism present in all Cisco devices. A dedicated hardware timer counts down continuously; the IOS kernel must periodically reset this timer (a "pet the watchdog" action) to prove the software is still responsive. If the CPU is too busy executing other code and fails to reset the timer before it expires, the watchdog hardware forces a system reset — a "watchdog timeout." The preceding degraded network performance is a key clue: something was consuming excessive CPU before the crash. Common causes: (1) Routing protocol instability — OSPF or BGP reconvergence storms generating massive CPU load. (2) Broadcast storm — excessive flooding consuming CPU for packet processing. (3) DDoS or scanning attack — large volumes of packets requiring CPU handling. (4) IOS software bug in a specific process. (5) STP topology change loop. Investigation: show processes cpu sorted shows which process was consuming CPU; show logging shows events leading up to the crash.

7. An engineer examines `show version` on an ISR 4331 and sees: `License Level: appxk9`. A colleague wants to configure OSPF and EIGRP. Will these work, and what about IPsec VPN?

A. OSPF, EIGRP, and IPsec all require a separate licence on ISR 4000 routers B. Only OSPF works — EIGRP requires a premium licence C. All features work with any licence level D. The appx (Application Experience) licence level on ISR 4000 includes base routing features including OSPF and EIGRP. IPsec VPN requires the securityk9 licence (security extension). Verify with show license and check if securityk9 is active

Correct answer is D. ISR 4000 series routers use a licence-based feature model. The licence structure for ISR 4000 IOS XE: "appxk9" = Application Experience licence — includes standard routing protocols (OSPF, EIGRP, BGP), basic firewall, QoS, NAT, WAN optimisation features. "k9" in the suffix indicates the device supports encryption. However, advanced security features like IPsec VPN, SSL VPN, and DMVPN require the separate "securityk9" licence (Security extension). The engineer's colleague can configure OSPF and EIGRP immediately. To add IPsec VPN: activate securityk9 licence through Cisco Smart Licensing or purchase a feature licence. Commands to check:

show
                  license

(classic) or show license summary (IOS XE Smart Licensing) — shows which technology packages are active. On classic IOS switches (2960): "IP Base" licence supports all Layer 2 features but limited Layer 3 (static routes only); "IP Services" adds OSPF, EIGRP, BGP routing.

8. What is the key difference between what `show version` shows on a Cisco router running IOS XE 16.9.4 versus a router running classic IOS 15.7(3)M2 when it comes to the version information?

A. IOS XE displays TWO version strings — the IOS XE version (16.9.4) AND the equivalent classic IOS version string. Classic IOS shows only one version string. IOS XE also shows package install mode information which classic IOS does not have B. IOS XE shows only the version number with no feature set information C. Classic IOS shows more information than IOS XE in show version output D. There is no difference — both show identical version formats

Correct answer is A. IOS XE maintains dual version numbering for backward compatibility. The output includes: "Cisco IOS XE Software, Version 16.9.4" (the IOS XE kernel version) AND "Cisco IOS Software [Fuji], ..., Version 16.9.4, RELEASE SOFTWARE" (which also shows the equivalent classic IOS version mapping). The IOS XE release names (Gibraltar, Fuji, Amsterdam, Bengaluru, etc.) correspond to 16.x, 17.x etc. Additionally, IOS XE platforms may show install mode status: whether the IOS is running in "bundle mode" (single .bin file, simpler but like classic IOS) or "install mode" (decomposed sub-packages that enable faster in-service upgrades on Catalyst 9000). Classic IOS 15.x has one version string, runs from a single monolithic .bin file, and has no install mode concept. IOS XE also displays more verbose Smart Licensing information compared to classic IOS's simpler licence level display.

9. An engineer verifies a completed password recovery by running `show version`. Which specific field confirms the recovery was fully completed correctly and the device will boot normally on the next reload?

A. System uptime — a long uptime means the config register is correct B. Last reload reason — "reload command" confirms the recovery succeeded C. Configuration register showing 0x2102 — this confirms the register was properly restored to normal boot mode. The startup-config will be loaded at next boot, and the new enable secret will be active D. IOS version — a matching version confirms the recovery did not corrupt the image

Correct answer is C. The Configuration register value is the definitive indicator that password recovery was completed correctly. The last step of any Cisco password recovery procedure is: change config register back to 0x2102 (config-register 0x2102), save config (copy running startup), reload, then verify with show version that the register shows 0x2102. If it shows 0x2142, the device will boot with empty config again. If it shows 0x2100, the device will go to ROMMON. 0x2102 is the only value confirming normal boot with startup-config loading. The uptime (option A) only indicates how recently the device rebooted — it cannot confirm the config register is correct. The last reload reason (option B) would show "reload command" for any planned reboot, regardless of register value. The IOS version (option D) is unaffected by password recovery and tells nothing about whether the recovery was completed properly.

10. A `show version` output includes this line: `Processor board ID FOC2141Y23P`. An engineer opens a Cisco TAC case and is asked for the serial number. What is the correct value to provide?

A. The IOS version string B. FOC2141Y23P — the Processor board ID IS the device serial number. It uniquely identifies this specific unit of hardware and is what Cisco TAC uses to look up warranty, SmartNet coverage, and hardware history C. The device model number (WS-C2960X-48FPS-L) D. The Configuration register value

Correct answer is B. The Processor board ID in Cisco's show version output is the device's unique serial number. It is also called the "system serial number" and is shown as both "Processor board ID" in the router/switch output and explicitly as "System serial number" in the switch detailed inventory section. The format follows Cisco's convention: the first three letters identify the manufacturing site and year/week (FOC = Foxconn factory, FGL = Flex factory, FDO = Flextronics, CAT = Catamaran/old facility), followed by digits and letters that encode the production year, week, and unit sequence. When opening a Cisco TAC case, you provide this serial number so TAC can: (1) verify your SmartNet support contract coverage, (2) look up the exact hardware version and known issues, (3) check the device's repair/replacement history. The model number (option C) identifies the product family but not the specific unit — thousands of switches share the same model number. Only the serial number uniquely identifies one device. The same serial number can also be found by running show inventory which provides it for all modules including line cards and power supplies.

← Back to Home