Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett

command! If the file is corrupted, you’ll need to do an IOS-restore from

ROM monitor mode.

If you are loading a new file and you don’t have enough room in flash

memory to store both the new and existing copies, the router will ask to

erase the contents of flash memory before writing the new file into flash

memory, and if you are able to copy the IOS without erasing the old

version, then make sure you remember to use the

boot system

flash:ios-file

command.

A Cisco router can become a TFTP server host for a router

system image that’s run in flash memory. The global configuration

command is

tftp-server flash: ios-file

.

It’s Monday Morning and You Just Upgraded Your IOS

You came in early to work to upgrade the IOS on your router. After

the upgrade, you reload the router and the router now shows the

rommon>

prompt.

It seems that you’re about to have a bad day! This is what I call an

RGE: a resume-generating event! So, now what do you do? Just keep

calm and chive on! Follow these steps to save your job:

rommon 1 >

tftpdnld

Missing or illegal ip address for variable IP_ADDRESS

Illegal IP address.

usage: tftpdnld [-hr]

Use this command for disaster recovery only to recover an

image via TFTP.

Monitor variables are used to set up parameters for the

transfer.

(Syntax: "VARIABLE_NAME=value" and use "set" to show current

variables.)

"ctrl-c" or "break" stops the transfer before flash erase

begins.

The following variables are REQUIRED to be set for tftpdnld:

IP_ADDRESS: The IP address for this unit

IP_SUBNET_MASK: The subnet mask for this unit

DEFAULT_GATEWAY: The default gateway for this unit

TFTP_SERVER: The IP address of the server to fetch

from

TFTP_FILE: The filename to fetch

The following variables are OPTIONAL:

[unneeded output cut]

rommon 2 >

set IP_Address:1.1.1.1

rommon 3 >

set IP_SUBNET_MASK:255.0.0.0

rommon 4 >

set DEFAULT_GATEWAY:1.1.1.2

rommon 5 >

set TFTP_SERVER:1.1.1.2

rommon 6 >

set TFTP_FILE: flash:c2800nm-advipservicesk9-mz.124-

12.bin

rommon 7 >

tftpdnld

From here you can see the variables you need to configure using the

set

command; be sure you use ALL_CAPS with these commands as

well as underscore (_). From here, you need to set the IP address,

mask, and default gateway of your router, then the IP address of the

TFTP host, which in this example is a directly connected router that I

made a TFTP server with this command:

Router(config)#

tftp-server flash:c2800nm-advipservicesk9-

mz.124-12.bin

And finally, you set the IOS filename of the file on your TFTP server.

Whew! Job saved.

There is one other way you can restore the IOS on a router, but it takes a

while. You can use what is called the

Xmodem

protocol to actually upload an

IOS file into flash memory through the console port. You’d use the

Xmodem

through the console port procedure if you had no network connectivity to

the router or switch.

Using the Cisco IOS File System (Cisco IFS)

Cisco has created a file system called Cisco IFS that allows you to work

with files and directories just as you would from a Windows DOS prompt.

The commands you use are

dir

,

copy

,

more

,

delete

,

erase

or

format

,

cd

and

pwd

, and

mkdir

and

rmdir

.

Working with IFS gives you the ability to view all files, even those on

remote servers. And you definitely want to find out if an image on one of

your remote servers is valid before you copy it, right? You also need to

know how big it is—size matters here! It’s also a really good idea to take a

look at the remote server’s configuration and make sure it’s all good

before loading that file on your router.

It’s very cool that IFS makes the file system user interface universal—it’s

not platform specific anymore. You now get to use the same syntax for all

your commands on all of your routers, no matter the platform!

Sound too good to be true? Well, it kind of is because you’ll find out that

support for all commands on each file system and platform just isn’t

there. But it’s really no big deal since various file systems differ in the

actions they perform; the commands that aren’t relevant to a particular

file system are the very ones that aren’t supported on that file system. Be

assured that any file system or platform will fully support all the

commands you need to manage it.

Another cool IFS feature is that it cuts down on all those obligatory

prompts for a lot of the commands. If you want to enter a command, all

you have to do is type all the necessary info straight into the command

line—no more jumping through hoops of prompts! So, if you want to copy

a file to an FTP server, all you’d do is first indicate where the desired

source file is on your router, pinpoint where the destination file is to be

on the FTP server, determine the username and password you’re going to

use when you want to connect to that server, and type it all in on one line

—sleek! And for those of you resistant to change, you can still have the

router prompt you for all the information it needs and enjoy entering a

more elegantly minimized version of the command than you did before.

But even in spite of all this, your router might still prompt you—even if

you did everything right in your command line. It comes down to how

you’ve got the

file prompt

command configured and which command

you’re trying to use. But no worries—if that happens, the default value

will be entered right there in the command, and all you have to do is hit

Enter to verify the correct values.

IFS also lets you explore various directories and inventory files in any

directory you want. Plus, you can make subdirectories in flash memory or

on a card, but you only get to do that if you’re working on one of the more

recent platforms.

And get this—the new file system interface uses URLs to determine the

whereabouts of a file. So just as they pinpoint places on the Web, URLs

now indicate where files are on your Cisco router, or even on a remote file

server! You just type URLs right into your commands to identify where

the file or directory is. It’s really that easy—to copy a file from one place

to another, you simply enter the

copy source-url destination-url

command—sweet! IFS URLs are a tad different than what you’re used to

though, and there’s an array of formats to use that vary depending on

where, exactly, the file is that you’re after.

We’re going to use Cisco IFS commands pretty much the same way that

we used the

copy

command in the IOS section earlier:

For backing up the IOS

For upgrading the IOS

For viewing text files

Okay—with all that down, let’s take a look at the common IFS commands

available to us for managing the IOS. I’ll get into configuration files soon,

but for now I’m going to get you started with going over the basics used to

manage the new Cisco IOS.

dir

Same as with Windows, this command lets you view files in a

directory. Type

dir

, hit Enter, and by default you get the contents of the

flash:/

directory output.

copy

This is one popular command, often used to upgrade, restore, or

back up an IOS. But as I said, when you use it, it’s really important to

focus on the details—what you’re copying, where it’s coming from, and

where it’s going to land.

more

Same as with Unix, this will take a text file and let you look at it on a

card. You can use it to check out your configuration file or your backup

configuration file. I’ll go over it more when we get into actual

configuration.

show file

This command will give you the skinny on a specified file or file

system, but it’s kind of obscure because people don’t use it a lot.

delete

Three guesses—yep, it deletes stuff. But with some types of

routers, not as well as you’d think. That’s because even though it whacks

the file, it doesn’t always free up the space it was using. To actually get the

space back, you have to use something called the

squeeze

command too.

erase/format

Use these with care—make sure that when you’re copying

files, you say no to the dialog that asks you if you want to erase the file

system! The type of memory you’re using determines if you can nix the

flash drive or not.

cd/pwd

Same as with Unix and DOS,

cd

is the command you use to change

directories. Use the

pwd

command to print (show) the working directory.

mkdir/rmdir

Use these commands on certain routers and switches to

create and delete directories—the

mkdir

command for creation and the

rmdir

command for deletion. Use the

cd

and

pwd

commands to change

into these directories.

The Cisco IFS uses the alternate term

system:running-config

as well as

nvram:startup-config

when copying the configurations on a

router, although it is not mandatory that you use this naming

convention.

Using the Cisco IFS to Upgrade an IOS

Let’s take a look at some of these Cisco IFS commands on my ISR router

(1841 series) with a hostname of R1.

We’ll start with the

pwd

command to verify our default directory and then

use the

dir

command to verify its contents (

flash:/

):

R1#

pwd

flash:

R1#

dir

Directory of flash:/

1 -rw- 13937472 Dec 20 2006 19:58:18 +00:00 c1841-ipbase-

mz.124-1c.bin

2 -rw- 1821 Dec 20 2006 20:11:24 +00:00 sdmconfig-

18xx.cfg

3 -rw- 4734464 Dec 20 2006 20:12:00 +00:00 sdm.tar

4 -rw- 833024 Dec 20 2006 20:12:24 +00:00 es.tar

5 -rw- 1052160 Dec 20 2006 20:12:50 +00:00 common.tar

6 -rw- 1038 Dec 20 2006 20:13:10 +00:00 home.shtml

7 -rw- 102400 Dec 20 2006 20:13:30 +00:00 home.tar

8 -rw- 491213 Dec 20 2006 20:13:56 +00:00 128MB.sdf

9 -rw- 1684577 Dec 20 2006 20:14:34 +00:00

securedesktop-

ios-3.1.1.27-k9.pkg

10 -rw- 398305 Dec 20 2006 20:15:04 +00:00 sslclient-

win-1.1.0.154.pkg

32071680 bytes total (8818688 bytes free)

What we can see here is that we have the basic IP IOS (

c1841-ipbase-

mz.124-1c.bin

). Looks like we need to upgrade our 1841. You’ve just got

to love how Cisco puts the IOS type in the filename now! First, let’s check

the size of the file that’s in flash with the

show file

command (

show flash

would also work):

R1#

show file info flash:c1841-ipbase-mz.124-1c.bin

flash:c1841-ipbase-mz.124-1c.bin:

type is image (elf) []

file size is 13937472 bytes, run size is 14103140 bytes

Runnable image, entry point 0x8000F000, run from ram

With a file that size, the existing IOS will have to be erased before we can

add our new IOS file (

c1841-advipservicesk9-mz.124-12.bin

), which is

over 21 MB. We’ll use the

delete

command, but remember, we can play

with any file in flash memory and nothing serious will happen until we

reboot—that is, if we made a mistake. So obviously, and as I pointed out

earlier, we need to be very careful here!

R1#

delete flash:c1841-ipbase-mz.124-1c.bin

Delete filename [c1841-ipbase-mz.124-1c.bin]?

[enter]

Delete flash:c1841-ipbase-mz.124-1c.bin? [confirm]

[enter]

R1#

sh flash

-#- --length-- -----date/time------ path

1 1821 Dec 20 2006 20:11:24 +00:00 sdmconfig-18xx.cfg

2 4734464 Dec 20 2006 20:12:00 +00:00 sdm.tar

3 833024 Dec 20 2006 20:12:24 +00:00 es.tar

4 1052160 Dec 20 2006 20:12:50 +00:00 common.tar

5 1038 Dec 20 2006 20:13:10 +00:00 home.shtml

6 102400 Dec 20 2006 20:13:30 +00:00 home.tar

7 491213 Dec 20 2006 20:13:56 +00:00 128MB.sdf

8 1684577 Dec 20 2006 20:14:34 +00:00 securedesktop-ios-

3.1.1.27-k9.pkg

9 398305 Dec 20 2006 20:15:04 +00:00 sslclient-win-

1.1.0.154.pkg

22757376 bytes available (9314304 bytes used)

R1#

sh file info flash:c1841-ipbase-mz.124-1c.bin

%Error opening flash:c1841-ipbase-mz.124-1c.bin (File not found)

R1#

So with the preceding commands, we deleted the existing file and then

verified the deletion by using both the

show flash

and

show file

commands. We’ll add the new file with the

copy

command, but again, we

need to make sure to be careful because this way isn’t any safer than the

first method I showed you earlier:

R1#

copy tftp://1.1.1.2/c1841-advipservicesk9-mz.124-12.bin/ flash:/

c1841-advipservicesk9-mz.124-12.bin

Source filename [/c1841-advipservicesk9-mz.124-12.bin/]?

[enter]

Destination filename [c1841-advipservicesk9-mz.124-12.bin]?

[enter]

Loading /c1841-advipservicesk9-mz.124-12.bin/ from 1.1.1.2 (via

FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[output cut]

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 22103052 bytes]

22103052 bytes copied in 72.008 secs (306953 bytes/sec)

R1#

sh flash

-#- --length-- -----date/time------ path

1 1821 Dec 20 2006 20:11:24 +00:00 sdmconfig-18xx.cfg

2 4734464 Dec 20 2006 20:12:00 +00:00 sdm.tar

3 833024 Dec 20 2006 20:12:24 +00:00 es.tar

4 1052160 Dec 20 2006 20:12:50 +00:00 common.tar

5 1038 Dec 20 2006 20:13:10 +00:00 home.shtml

6 102400 Dec 20 2006 20:13:30 +00:00 home.tar

7 491213 Dec 20 2006 20:13:56 +00:00 128MB.sdf

8 1684577 Dec 20 2006 20:14:34 +00:00 securedesktop-ios-

3.1.1.27-k9.pkg

9 398305 Dec 20 2006 20:15:04 +00:00 sslclient-win-

1.1.0.154.pkg

10 22103052 Mar 10 2007 19:40:50 +00:00 c1841-advipservicesk9-

mz.124-12.bin

651264 bytes available (31420416 bytes used)

R1#

We can also check the file information with the

show file

command:

R1#

sh file information flash:c1841-advipservicesk9-mz.124-12.bin

flash:c1841-advipservicesk9-mz.124-12.bin:

type is image (elf) []

file size is 22103052 bytes, run size is 22268736 bytes

Runnable image, entry point 0x8000F000, run from ram

Remember that the IOS is expanded into RAM when the router boots, so

the new IOS will not run until you reload the router.

I really recommend experimenting with the Cisco IFS commands on a

router just to get a good feel for them because, as I’ve said, they can

definitely give you some grief if not executed properly!

I mention “safer methods” a lot in this chapter. Clearly, I've

caused myself some serious pain by not being careful enough when

working in flash memory! I cannot stress this enough—pay attention

when messing around with flash memory!

One of the brilliant features of the ISR routers is that they use the

physical flash cards that are accessible from the front or back of any

router. These typically have a name like

usbflash0

:, so to view the

contents, you’d type

dir usbflash0:

, for example. You can pull these flash

cards out, put them in an appropriate slot in your PC, and the card will

show up as a drive. You can then add, change, and delete files. Just put

the flash card back in your router and power up—instant upgrade. Nice!

Licensing

IOS licensing is now done quite differently than it was with previous

versions of the IOS. Actually, there was no licensing before the new 15.0

IOS code, just your word and honor, and we can only guess based on how

all products are downloaded on the Internet daily how well that has

worked out for Cisco!

Starting with the IOS 15.0 code, things are much different—almost too

different. I can imagine that Cisco will come back toward the middle on

its licensing issues, so that the administration and management won’t be

as detailed as it is with the new 15.0 code license is now; but you can be

the judge of that after reading this section.

A new ISR router is pre-installed with the software images and licenses

that you ordered, so as long as you ordered and paid for everything you

need, you’re set! If not, you can just install another license, which can be

a tad tedious at first—enough so that installing a license was made an

objective on the Cisco exam! Of course, it can be done, but it definitely

requires some effort. As is typical with Cisco, if you spend enough money

on their products, they tend to make it easier on you and your

administration, and the licensing for the newest IOS is no exception, as

you’ll soon see.

On a positive note, Cisco provides evaluation licenses for most software

packages and features that are supported on the hardware you purchased,

and it’s always nice to be able to try it out before you buy. Once the

temporary license expires after 60 days, you need to acquire a permanent

license in order to continue to use the extended features that aren’t

available in your current version. This method of licensing allows you to

enable a router to use different parts of the IOS. So, what happens after

60 days? Well, nothing—back to the honor system for now. This is now

called Right-To-Use (RTU) licensing, and it probably won’t always be

available via your honor, but for now it is.

But that’s not the best part of the new licensing features. Prior to the 15.0

code release, there were eight different software feature sets for each

hardware router type. With the IOS 15.0 code, the packaging is now

called a universal image, meaning all feature sets are available in one file

with all features packed neatly inside. So instead of the pre-15.0 IOS file

packages of one image per feature set, Cisco now just builds one universal

image that includes all of them in the file. Even so, we still need a

different universal image per router model or series, just not a different

image for each feature set as we did with previous IOS versions.

To use the features in the IOS software, you must unlock them using the

software activation process. Since all features available are inside the

universal image already, you can just unlock the features you need as you

need them, and of course pay for these features when you determine that

they meet your business requirements. All routers come with something

called the IP Base licensing, which is the prerequisite for installing all

other features.

There are three different technology packages available for purchase that

can be installed as additional feature packs on top of the prerequisite IP

Base (default), which provides entry-level IOS functionality. These are as

follows:

Data: MPLS, ATM, and multiprotocol support

Unified Communications: VoIP and IP telephony

Security: Cisco IOS Firewall, IPS, IPsec, 3DES, and VPN

For example, if you need MPLS and IPsec, you’ll need the default IP Base,

Data, and Security premium packages unlocked on your router.

To obtain the license, you’ll need the unique device identifier (UDI),

which has two components: the product ID (PID) and the serial number

of the router. The

show license UDI

command provides this information

in an output as shown:

Router#

sh license udi

Device# PID SN UDI

-------------------------------------------------------------------

------

*0 CISCO2901/K9 FTX1641Y07J

CISCO2901/K9:FTX1641Y07J

After the time has expired for your 60-day evaluation period, you can

either obtain the license file from the Cisco License Manager (CLM),

which is an automated process, or use the manual process through the

Cisco Product License Registration portal. Typically only larger

companies will use the CLM because you’d need to install software on a

server, which then keeps track of all your licenses for you. If you have just

a few licenses that you use, you can opt for the manual web browser

process found on the Cisco Product License Registration portal and then

just add in a few CLI commands. After that, you just basically keep track

of putting all the different license features together for each device you

manage. Although this sounds like a lot of work, you don’t need to

perform these steps often. But clearly, going with the CLM makes a lot of

sense if you have bunches of licenses to manage because it will put

together all the little pieces of licensing for each router in one easy

process.

When you purchase the software package with the features that you want

to install, you need to permanently activate the software package using

your UDI and the product authorization key (PAK) that you received

with your purchase. This is essentially your receipt acknowledging that

you purchased the license. You then need to connect the license with a

particular router by combining the PAK and the UDI, which you do

online at the Cisco Product License Registration portal

(

www.cisco.com/go/license

). If you haven’t already registered the license

on a different router, and it is valid, Cisco will then email you your

permanent license, or you can download it from your account.

But wait! You’re still not done. You now need to activate the license on

the router. Whew... maybe it’s worthwhile to install the CLM on a server

after all! Staying with the manual method, you need to make the new

license file available to the router either via a USB port on the router or

through a TFTP server. Once it’s available to the router, you’ll use the

license install

command from privileged mode.

Assuming that you copied the file into flash memory, the command

would look like something like this:

Router#

Yüklə 22,5 Mb.

Dostları ilə paylaş: