|
Cisco 25xx IOS Upgrade
http://www.sdnp.undp.org/rc/areas/tech/setup/cisco-upgrade.html
Upgrading cisco IOS can be tricky if it is your only connection to the
Internet. If you screw up and need help, you can't go to www.cisco.com or search newsgroups at
DejaNews
any more. So I suggest that you get Cisco documentation CD-ROM handy
and also download this document and the documents listed below before
you start.
You will need new "IOS image" which contains newer (or one with more
features) release of the system. Unless you have an (expensive)
support contract with cisco, you ususally have to pay for them, unless
it is only bugfix upgrade. Note that different IOS versions have
different memory requirements. Many cisco 25xx came with 4MB of flash
ROM memory (more expensive) and 1MB RAM (easy to upgrade, use
SIMMs). Newer ciscos 25xx come with 8MB flash and 2MB RAM default. You
can order more when purchasing the cisco, but cisco prices on memory
are quite high. RAM usage is highly dependant on what you are doing
(eg. whether you use routing protocols, access lists etc). Basic
terminal server (such as zaque) is fine with 1MB RAM, even though
cisco recommends minimum 4MB RAM with any IOS 11.* . Flash ROM holds
IOS and that's the one you have to worry about when upgrading or
selecting IOS version. Last IOS version that fits into 4MB flash is
11.1(20) - this is true for basic IP feature setm, if you need more
features, the flash ROM requirements can be higher. Starting with
11.2, newer IOS versions require 8MB flash.
Here is a list of several documents with details on the stuff below,
which might come usefull if anything goes wrong.
tftp server setup
For the procedure described below you will need a working tftp server,
preferably on the same LAN as cisco. tftp is a very simple (and also
very insecure) file transport protocol, often used for net-boot of
diskless workstations. It's also extensively used for remote
managenment of cisco config files. It doesn't use any access control
mechanism (such as passwords), so you probably either want to disable
it after you are done, or restrict it's use by the firewall
rule. Virtually all unices some with tftp server, which is disabled by
default. The following is how you enable it on RH Linux 5.* (and
probably all other Linux versions).
# mkdir /tftpboot
# chmod 666 /tftpboot
- edit file /etc/inetd.conf, uncoment line
tftp dgram udp wait root /usr/sbin/tcpd in.tftpd
# killall -1 inetd
For (primitive) security reasons, tftp clients can only download or
upload files withing /tftpboot directory which already exist and are
world read-writable. So for every file you want to download to client
(ie. cisco) do
# cp filename /tftpboot/filename
# chmod 666 /tftpboot/filename
and for every file you want to upload (eg. cisco config file) do
# touch /tftpboot/zemzem-confg
# chmod 666 /tftpboot/zemzem-confg
The first step described below is a good step of your tftp server setup.
IOS upgrade
This is captured telnet session of zemzem (cisco 2501) upgrade from
IOS 11.2(14) (with IP PLUS feature set) to IOS 11.2(15) using tftp
server 10.0.0.79. You can do the whole thing remotely, but it's safer
to use direct (serial) console connection for it.
The procedure involves several reboots of cisco. In addition to that
during the step 2 your router will run boot-ROM version of IOS, which
may be very old and not capable to perform all tasks your cisco is
configured for. Not mentioning the service interruptions if soemthing
goes wrong. So you should plan fro the upgrade for some time router is
not heavily used :-)
Step 1 - review cisco IOS version, status of flash ROM, backup
configuration and current version of IOS to tftp server. If your tftp
server is not setup properly (or the files you are uploading don't
exist or are not world red/writeable), you will get error messages for
wri n and copy flash tftp commands. Here is
the outline what we will do:
- review IOS version, flash size and status, normal config register value
- review IOS images (probably only 1) stored in flash
- save (upload) configuration file to tftp server
- load configuration file back from the tftp server as a test
- backup current IOS image (in flash) to tftp server
- change config-register (and review it's state using
sh ver )
- reboot (into new mode given by config-register)
As success some of the steps (tftp uploads) depends on proper tftp
server setup, you may spend some time tuning it. Note that none of
these actions is "destructive", so you can do this even during normal
use. It's only after changing config-register and reboot when the
things start to be funny. If you are unable to upload or download
files from tftp server, don't continue, but fix it first! You will
need the files you upload here later or if something goes wrong.
sdnhq[honza]> telnet zemzem
Trying 10.0.0.1...
Connected to zemzem.
Escape character is '^]'.
User Access Verification
Username: login
Password:
zemzem>en
Password:
zemzem#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 11.2(14), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 18-May-98 12:43 by tlane
Image text-base: 0x0302F4E4, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)
zemzem uptime is 1 day, 16 hours, 26 minutes
System restarted by reload
System image file is "flash:c2500-is-l.112-14", booted via flash
Host configuration file is "zemzem-confg", booted via tftp from 10.0.0.79
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
zemzem#sh flash
System flash directory:
File Length Name/status
1 5895768 c2500-is-l.112-14
[5895832 bytes used, 2492776 available, 8388608 total]
8192K bytes of processor board System flash (Read ONLY)
zemzem#wri n
Remote host [10.0.0.79]? 10.0.0.79
Name of configuration file to write [zemzem-confg]? zemzem-confg
Write file zemzem-confg on host 10.0.0.79? [confirm]
Building configuration...
Writing zemzem-confg !! [OK]
zemzem#conf n
Host or network configuration file [host]?
Address of remote host [10.0.0.79]? 10.0.0.79
Name of configuration file [zemzem-confg]? zemzem-confg
Configure using zemzem-confg from 10.0.0.79? [confirm]
Loading zemzem-confg from 10.0.0.79 (via Ethernet1): !
[OK - 1918/32723 bytes]
zemzem#copy flash tftp
System flash directory:
File Length Name/status
1 5895768 c2500-is-l.112-14
[5895832 bytes used, 2492776 available, 8388608 total]
Address or name of remote host [255.255.255.255]? 10.0.0.79
Source file name? c2500-is-l.112-14
Destination file name [c2500-is-l.112-14]? c2500-is-l.112-14
Verifying checksum for 'c2500-is-l.112-14' (file # 1)... OK
Copy 'c2500-is-l.112-14' from Flash to server
as 'c2500-is-l.112-14'? [yes/no]yes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Upload to server done
Flash copy took 00:01:18 [hh:mm:ss]
zemzem#conf t
Enter configuration commands, one per line. End with CNTL/Z.
zemzem(config)#config-register 0x2101
zemzem(config)#^Z
zemzem#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 11.2(14), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 18-May-98 12:43 by tlane
Image text-base: 0x0302F4E4, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)
zemzem uptime is 1 day, 16 hours, 31 minutes
System restarted by reload
System image file is "flash:c2500-is-l.112-14", booted via flash
Host configuration file is "zemzem-confg", booted via tftp from 10.0.0.79
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102 (will be 0x2101 at next reload)
zemzem#wri
Building configuration...
[OK]
zemzem#reload
Proceed with reload? [confirm]
Connection closed by foreign host.
sdnhq[honza]>
Step 2 - cisco now reboots in "boot-mode", running boot-ROM
version of IOS (boot-ROM is another piece of physical memory in cisco,
non-upgradable). It containd simpe version of IOS, which possibly
cannot do everything your cisco is normally configured for. It can
setup IP on ethernet interfaces and accept telnet sessions though. The
mode is given by the value of "config-register". In mode 0x2101, flash
ROM is also in read/write mode.
Actions:
- review boot-IOS version, flash ROM status (should be R/W)
- download new IOS image (presumably you already placed it on tftp
server) - this will also erase current flash ROM contents
- set the config-register back to normal value
- reboot (to normal mode) - you are asked to save config
here. It's better not to do it (as we are currently running
incomplete IOS), but even if you do it, you don't have to worry - we
already have backup of config on tftp server
sdnhq[honza]> telnet zemzem
Trying 10.0.0.1...
Connected to zemzem.
Escape character is '^]'.
User Access Verification
Username: login
Password:
zemzem(boot)>en
Password:
zemzem(boot)#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWA
RE (fc1)
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Fri 27-Dec-96 17:33 by loreilly
Image text-base: 0x01010000, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
zemzem uptime is 1 minute
System restarted by reload
Running default software
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interfaces.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2101
zemzem(boot)#copy tftp flash
System flash directory:
File Length Name/status
1 5895768 c2500-is-l.112-14
[5895832 bytes used, 2492776 available, 8388608 total]
Address or name of remote host [255.255.255.255]? 10.0.0.79
Source file name? c2500-is-l.112-15.bin
Destination file name [c2500-is-l.112-15.bin]? c2500-is-l.112-15.bin
Accessing file 'c2500-is-l.112-15.bin' on 10.0.0.79...
Loading c2500-is-l.112-15.bin from 10.0.0.79 (via Ethernet1): ! [OK]
Erase flash device before writing? [confirm]
Flash contains files. Are you sure you want to erase? [confirm]
Copy 'c2500-is-l.112-15.bin' from server
as 'c2500-is-l.112-15.bin' into Flash WITH erase? [yes/no]yes
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Loading c2500-is-l.112-15.bin from 10.0.0.79 (via Ethernet1): !!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!
[OK - 5895436/8388608 bytes]
Verifying checksum... OK (0x61A0)
Flash copy took 0:03:02 [hh:mm:ss]
zemzem(boot)#conf t
Enter configuration commands, one per line. End with CNTL/Z.
zemzem(boot)(config)#config-register 0x2102
zemzem(boot)(config)#^Z
zemzem(boot)#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWA
RE (fc1)
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Fri 27-Dec-96 17:33 by loreilly
Image text-base: 0x01010000, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
zemzem uptime is 5 minutes
System restarted by reload
Running default software
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interfaces.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
Configuration register is 0x2101 (will be 0x2102 at next reload)
zemzem(boot)#reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
Connection closed by foreign host.
sdnhq[honza]>
Step 3 - we rebooted back to normal mode, shoudl be running new
version of IOS now. Load the saved config.
Actions:
- review IOS version, flash ROM status (should be R/O)
- load (previously saved) config file from tftp server
- save the configuration to NVRAM
sdnhq[honza]> telnet zemzem
Trying 10.0.0.1...
Connected to zemzem.
Escape character is '^]'.
User Access Verification
Username: login
Password:
zemzem>en
Password:
zemzem#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-IS-L), Version 11.2(15), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Tue 07-Jul-98 21:56 by tmullins
Image text-base: 0x0302F154, data-base: 0x00001000
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFT
WARE (fc1)
zemzem uptime is 0 minutes
System restarted by reload
System image file is "flash:c2500-is-l.112-15.bin", booted via flash
cisco 2500 (68030) processor (revision L) with 2048K/2048K bytes of memory.
Processor board ID 08363366, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
zemzem#conf n
Host or network configuration file [host]?
Address of remote host [255.255.255.255]? 10.0.0.79
Name of configuration file [zemzem-confg]? zemzem-confg
Configure using zemzem-confg from 10.0.0.79? [confirm]
Loading zemzem-confg from 10.0.0.79 (via Ethernet1): !
[OK - 1953/32723 bytes]
zemzem#wri
Building configuration...
[OK]
zemzem#exit
Connection closed by foreign host.
sdnhq[honza]>
Notes
Problems with enable password on old ciscos - boot-ROM IOS on
old ciscos doesn't understand enable secret config
password, only outdated enable password (which is
insecure and generaly should not be used). In such a case you might
not be able to enter enable mode in step 2, getting error messages
such as "password required but none set" (it happenned to me on zaque,
our old 2509 with boot-IOS version 4.14(9.1)). If that happen, you
have to use part of password recovery procedure as described in
document referred above, specifically these steps - attaching to cisco
console, cold-booting cisco, breaking the boot sequence, changing
config-register to value 0x42 using boot-monitor command and rebooting
again.
You can save yourself this work if you enter enable password
<passwd> and wri in step 1 and remove it
using no enable password and wri in step 3.
If something goes wrong - this depends on the steps done so
far. If cisco doesn't reboot after step 1, you can use part of
"password recovery procedure" and set config-register to 0x2102 using
boot-monitor prompt - cisco should boot back to old IOS. If it doesn't
boot after step 2, use the same procedure to set the config-register
to 0x2101 - cisco should boot back to boot-ROM IOS and you can repeat
step 2 downloading back previous version of IOS.
| Areas |
Management |
Training |
Technical |
|