Mental model
Cisco IOS treats every storage location as a named file system, the way Unix treats /, /proc, /dev, etc. as mount points. You move data between them using copy.
The four you’ll use 95% of the time:
| Device | What lives there | Volatile? |
|---|---|---|
system: | running-config — the live config in RAM | Yes — gone on reload |
nvram: | startup-config — what’s loaded next boot | No |
flash: | IOS image (.bin), license files, sometimes archived configs | No |
tftp: / ftp: / scp: / http: | Remote servers — for image transfers, backups | n/a |
Modern devices (3850/9300/9500/ISR4xxx) add bootflash:, usbflash0:, harddisk:, but the mental model is identical.
The four-line summary
Router# show file systems
Router# dir flash:
Router# copy running-config startup-config
Router# copy tftp: flash:
If you understand those four commands, you understand 80% of IOS file-system work.
show file systems — the directory of devices
Router# show file systems
File Systems:
Size(b) Free(b) Type Flags Prefixes
- - opaque rw system:
- - opaque rw tmpsys:
- - network rw tftp:
* 256487424 192385024 disk rw flash:
4096 4055 nvram rw nvram:
- - opaque rw bs:
- - network rw ftp:
- - network rw http:
- - network rw scp:
The * marks the default file system — commands like dir, cd, delete use this if no device is specified. Usually flash:.
dir — list files
Router# dir flash:
Directory of flash:/
1 -rw- 67541040 Mar 12 2026 09:14:00 +00:00 c2900-universalk9-mz.SPA.157-3.M5.bin
2 -rw- 492 Apr 02 2026 11:22:30 +00:00 startup-config.backup
3 -rw- 1242 May 18 2026 14:55:01 +00:00 vlan.dat
256487424 bytes total (192385024 bytes free)
You see the IOS .bin image, occasional backups, and vlan.dat (the VLAN database — stored separately from running-config).
copy — the universal move command
copy <source-device>:<filename> <destination-device>:<filename>
The day-one one you must know:
Router# copy running-config startup-config
This saves your live config to NVRAM so it persists across reboots. Short forms: write memory, wr.
Other essential copies:
! Back up running-config to a TFTP server
Router# copy running-config tftp:
Address or name of remote host []? 10.0.99.5
Destination filename [running-config]? R1-2026-05-25.cfg
! Restore startup-config from TFTP
Router# copy tftp: startup-config
! Upload new IOS image
Router# copy tftp: flash:
Address or name of remote host []? 10.0.99.5
Source filename []? c2900-universalk9-mz.SPA.158-3.M2.bin
copy prompts interactively. If you’ve ever scripted Cisco devices, you’ll learn to script the answers.
Image management — upgrading IOS
! 1. Download new image to flash
R1# copy tftp: flash:
! ...answer prompts...
! 2. Verify integrity (checksum vs Cisco's published MD5)
R1# verify /md5 flash:c2900-universalk9-mz.SPA.158-3.M2.bin
! 3. Tell the router which image to boot
R1(config)# no boot system ! remove any old boot statements
R1(config)# boot system flash:c2900-universalk9-mz.SPA.158-3.M2.bin
! 4. Save and reload
R1# write memory
R1# reload
boot system order matters. Multiple boot system statements act as a fallback list — first found, first booted. Newest image typically goes first.
Free up flash before downloading — if disk is full, the transfer fails:
R1# delete flash:c2900-universalk9-mz.SPA.156-3.M0.bin
R1# squeeze flash: ! reclaim deleted blocks on older devices
Boot-time decision tree
What happens at power-on:
- Power-on Self Test (POST) — basic hardware check.
- Bootstrap loads from ROM, reads the config register.
- Config register tells the bootstrap where to look for IOS:
0x2102(default) — boot IOS as specified byboot systemcommands in startup-config.0x2120/0x0000— boot to ROMMON instead.0x2142— boot IOS but skip startup-config (used in password recovery — see Password Recovery).
- IOS loads. If
boot systemexists in startup-config, that image. If not, first valid.binin flash. - Startup-config copied from
nvram:intosystem:(running-config in RAM) — unless register said skip. - Prompt appears.
See also Catalyst Boot Process for the switch-specific flow.
Archiving configs — built-in IOS feature
For audit logs / change tracking, IOS can auto-archive each write memory:
R1(config)# archive
R1(config-archive)# path flash:/configs/R1-config
R1(config-archive)# maximum 14
R1(config-archive)# write-memory
R1# show archive ! shows the archive history
R1# show archive config differences flash:/configs/R1-config-1 flash:/configs/R1-config-2
Per-version diffs straight from the CLI. Very handy when troubleshooting “what changed.”
SCP vs TFTP — security upgrade
TFTP is unauthenticated, plain text, UDP 69. Fine for a closed lab; never use across the internet.
SCP uses SSH for transport (TCP 22, encrypted, authenticated):
R1(config)# ip scp server enable
! From another device or laptop
scp R1-2026-05-25.cfg admin@10.0.0.1:flash:
Always prefer SCP in 2026 production environments.
Verification
Router# show version ! shows running image, boot variable
Router# show flash: ! flash contents
Router# show file systems
Router# show boot ! current boot variable
Router# show archive ! config archive history
Common mistakes
-
copy startup-config running-configvscopy running-config startup-config— easy to swap. Source comes first. Running → startup saves. Startup → running merges (does NOT overwrite — it adds). -
Flash full during upgrade. Always check
dir flash:for free space before downloading. A failed mid-transfer can leave a corrupt image. -
Forgetting to verify MD5. Corrupted image installs → device boots into ROMMON loop. Always run
verify /md5against the value published on cisco.com. -
Missing
boot system. No boot statement → router boots the first.binit finds in flash, alphabetically. Could be an ancient backup image. Always set it explicitly. -
Treating
vlan.datlike running-config. VLAN database lives inflash:vlan.dat, separate from startup-config. Restoring a config without VLAN.dat means VLANs vanish. Backup both. -
TFTP across the internet. Plain-text config including passwords flying over public links. Career-ending if it sniffs. Use SCP.
-
Naming images stuff like
image.bin. Keep the original Cisco filename — it encodes platform, feature set, and version. Renaming hides info fromshow version.
Lab to try tonight
- In Packet Tracer / CML / real router, run
show file systems. Identify each device. dir flash:— note the IOS filename.- Make a small config change (e.g.,
interface Lo99with description).do show running-config | section Loopback99. copy running-config startup-config. Reload. Verify the loopback survived.- Set up a TFTP server on your laptop (tftpd64 on Windows,
tftp-hpaon Linux).copy running-config tftp:to back up the device. - Edit the backup file in a text editor. Change a description.
copy tftp: running-configto re-apply. - Bonus: enable IOS archive (
archive+path flash:/configs/$h-config+write-memory). Do threewrite memorycalls.show archive config differencesbetween two versions. - Bonus: enable SCP server, transfer a file from your laptop using
scp.
Cheat strip
| Concept | Plain English |
|---|---|
system: | Running-config in RAM — volatile |
nvram: | Startup-config — persists across reboots |
flash: | IOS image and other persistent storage |
copy A B | Move/duplicate file from A to B (interactive prompts) |
write memory | Shorthand for copy running-config startup-config |
boot system flash:... | Tells router which IOS image to load on boot |
Config register 0x2102 | Default — load startup-config on boot |
verify /md5 | Check downloaded image integrity vs Cisco’s published hash |
archive | Built-in auto-archive of configs at each save |
vlan.dat | VLAN database in flash — separate from startup-config |
| SCP > TFTP | Use SCP in production — TFTP is plain text |