There are some nasty, nasty SNMP vulnerabilities that have recently been revealed. Many different products are affected. See the CERT Advisory Here. This inspired us to upgrade our Cisco. To upgrade the IOS on your Cisco router, you have a couple of options. You can either upgrade via TFTP, or you can use the console. We used a 1600 router, so the procedure below is quite specific. Your mileage may vary.
To use TFTP, you need to download and install TFTP. Here is one source for TFTP. This version also works fine on XP.
First of all, before you touch anything, you should list your configuration using the command:
Print your config to paper, just in case. Your config should stay during the IOS upgrade, but you never know what could happen. You may want to make sure you have console access to the router, as well as the ability to connect to it via the ethernet port. You can temporarily change the address on the ethernet port if you wish by entering:
then
where x is the ip address and y is the subnet mask. Use the earlier show config command so you can set it back when you are done. You could also enter a secondary address instead. Whatever you like.
You can find out what the name of your current flash image is by:
The next thing you should do is copy your current image (flashimage) up to the TFTP server:
You should see an entry like this in the log of your tftp server:
Copy your current image twice if you wish, to different file names, just to be safe. Browse Cisco to be very sure you have the right image. If you load the wrong image of IOS, your router won't work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs. IOS 12.2 needs more RAM than 12.0, and Cisco isn't lying about this. When you are happy you have the right image:
You will be asked if you want to erase the current image. Say yes. When it is done loading, change your eth0 IP if needed, and remove any old boot references:
Now copy your config:
Reload, and you are set:
Now, when you reboot all should come up ok. If it doesn't, you will have to use the console port and xmodem to load an image that does work, and this is painful. Here is how to do it.
Pretty much, you just hit ctrl-break (At least with the version of HyperTerminal we used) when the router boots to get into rommon. Minicom or other terminal programs may have different sequences. Try ctrl-c, esc, etc. After you successfully enter rommon, you just:
then, from your terminal program, send the file using xmodem. On our 1600, we had to do this at 9600 baud. We couldn't figure out how to change our router to transfer faster than 9600, although we did see some references to how to do it. At 9600 baud, it takes about 50 minutes to reload IOS. After you are done uploading the image, remove the old boot references and copy config to start as above. If all else fails, you could go back to the flash image that you copied via TFTP.
To use TFTP, you need to download and install TFTP. Here is one source for TFTP. This version also works fine on XP.
First of all, before you touch anything, you should list your configuration using the command:
show config
Print your config to paper, just in case. Your config should stay during the IOS upgrade, but you never know what could happen. You may want to make sure you have console access to the router, as well as the ability to connect to it via the ethernet port. You can temporarily change the address on the ethernet port if you wish by entering:
int eth0
then
ip address x.x.x.x y.y.y.y
where x is the ip address and y is the subnet mask. Use the earlier show config command so you can set it back when you are done. You could also enter a secondary address instead. Whatever you like.
You can find out what the name of your current flash image is by:
show flash
The next thing you should do is copy your current image (flashimage) up to the TFTP server:
copy flash:flashimage tftp://ipaddress/flashimage
You should see an entry like this in the log of your tftp server:
Receiving 'flashimage' file from x.x.x.x in binary mode
Copy your current image twice if you wish, to different file names, just to be safe. Browse Cisco to be very sure you have the right image. If you load the wrong image of IOS, your router won't work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs. IOS 12.2 needs more RAM than 12.0, and Cisco isn't lying about this. When you are happy you have the right image:
delete flashimage
copy tftp://ipaddress/flashimage flash:flashimage
You will be asked if you want to erase the current image. Say yes. When it is done loading, change your eth0 IP if needed, and remove any old boot references:
conf term
no boot system flash oldflashimagename
boot system flash flashimage
exit
Now copy your config:
copy running-config startup-config
Reload, and you are set:
reload
Now, when you reboot all should come up ok. If it doesn't, you will have to use the console port and xmodem to load an image that does work, and this is painful. Here is how to do it.
Pretty much, you just hit ctrl-break (At least with the version of HyperTerminal we used) when the router boots to get into rommon. Minicom or other terminal programs may have different sequences. Try ctrl-c, esc, etc. After you successfully enter rommon, you just:
rommon> xmodem -cf fileimagename
then, from your terminal program, send the file using xmodem. On our 1600, we had to do this at 9600 baud. We couldn't figure out how to change our router to transfer faster than 9600, although we did see some references to how to do it. At 9600 baud, it takes about 50 minutes to reload IOS. After you are done uploading the image, remove the old boot references and copy config to start as above. If all else fails, you could go back to the flash image that you copied via TFTP.
No comments:
Post a Comment