Based on security considerations, network administrators need to back up the configuration information of network devices and IOS devices. If you need to deploy new features on network devices, in many cases, you need to upgrade the IOS version.
Accidentally deleting IOS by mistake or failing to upgrade IOS, it is common to enter the ROMMONROMMON status after restart, Which is abbreviated as rom monitor. This article introduces two methods for IOS backup and recovery.
Problem: It is difficult to try the operating system of network devices.
Many people who want to test CISCO certification often suffer from drills without equipment. A training center in Beijing opens an experimental environment for some VIP students free of charge based on their business development. In addition, many complex functions are configured and implemented on the topology composed of these devices. However, students often plug in the Console line, which causes great damage to the Console port. Based on the above considerations, the training center has established a remote lab on the basis of the original training lab. Most of the lab environments are isolated. That is to say, students have little access to real equipment. The lab has also made some provisions, such as some dangerous command erase flash. However, some students do not comply with these Rules, resulting in IOS damage to some devices. Some devices are no longer available and can only enter the ROMMON status. Normal routing and forwarding functions and software configuration are not allowed. In this mode, most of the commands in the original IOS cannot be used.
When the network administrator fixes these devices, the Administrator first checks the configuration of config-register. The configuration of config-register should be 0x2102, it can be confirmed that IOS has suffered a fatal injury. In addition, the IOS features of some network devices have been upgraded. You also need to update these devices after obtaining new IOS devices. The network maintenance requirements of the Training Center are as follows:
◆ Upgrade the IOS version of some vswitches to support more features.
◆ Repair the damaged router IOS. Tip:
In the experiment environment, IOS upgrades are also common. For example, if a CISCO 2950 switch is frequently suspended, the switch that is suspended does not have any warning information. After the switch is restarted, it returns to normal. By upgrading the IOS version of The vswitch from 12.11EA1 to the version later than 12.12 (EA2), the fault will disappear. Operating system backup solution: When config-register is used to check whether the register is correct, you need to check whether the IOS size and file name have been changed. Run dir flash: Command. Note that the flash is followed by the colon ":" in the command. After the command is executed, the existing IOS size and file name of flash are displayed, as shown below:
rommon 1 > dir flash: File size Checksum File name 2179331 bytes (0x214103) 0x7b95 c1600-nsy-mz_112-15a_p |
If the two items of File name and File size are inconsistent with the previous snapshots of the system, you need to restore the operating system. In this case, the administrator can recover the system based on the IOS backup and use the "TFTP" and "XMODEM" methods. The following describes the preparations before the upgrade and backup.
1. Select transmission protocol
There are three methods to upgrade or restore IOS: TFTP, XMODEM, and FTP. However, the first two methods are commonly used.
Upgrading the operating system of network devices in the lab is still relatively simple. Risks only exist in the lab network, but the risks of upgrading IOS in the production network are everywhere. Some unexpected things may occur during the upgrade of high-end devices. For example, if you use TFTP to transmit the Cisco 6509 switch to IOS, the problem may occur because TFTPTrivial File Transfer Protocol) the normal file transfer protocol supports transferring up to 32 MB of files, and the new IOS will exceed this limit, so you need to use FTP for upgrade.
1) TFTP
TFTPTrivial File Transfer Protocol, simple File Transfer Protocol) is a Protocol used in the TCP/IP Protocol set to transmit simple files between the client and the server, provides File Transfer services that are not complex and costly. TFTP is carried on UDP and provides unreliable data stream transmission services. It does not provide access authorization and authentication mechanisms, and uses the timeout retransmission method to ensure data arrival.
It can be seen from its name that it is suitable for transferring "simple" files. What is different from FTP is that it uses the UDP 69 interface, so it can traverse many firewalls. However, it also has disadvantages, such as unreliable transmission and no password verification. Even so, it is very suitable for transferring small files, such as IOS files on network devices.
2) XMODEM
XMODEM protocol is the first communication protocol standard for two computers to transmit files through RS232 asynchronous serial port. Compared with other file transfer protocols such as YMODEM and ZMODEM,
The XMODEM protocol is simple and suitable for scenarios with limited memory. The XMODEM file sender splits the file into a fixed-length 128-byte data block. Each time a data block is sent, the next data block is sent after the other Party responds. The data verification adopts vertical accumulation and verification, you can also use 16-bit CRC verification. It is a simple ARQ automatic request re-transmission protocol, so it is also suitable for use in a 2-wire half-duplex RS485 network.
2. Upgrade preparation and precautions
As a complex system, no matter how carefully tested before the release, there will always be defects. The only solution after a defect occurs is to patch the system as soon as possible; if it is the operating system of the network device, it is compatible with other general operating systems Windows and Linux) the difference is that IOS needs to replace the entire system with a patch. IOS restoration does not recover some files, because IOS itself is an image file.
1) Get the latest IOS version
New IOS versions can be obtained from suppliers, Cisco websites, and some third-party tools. For example, IOSHunter and IOSHunter are a tool that can automatically search for IOS images suitable for routers or switches on the Internet. The operation method is very simple. Figure 6-5 shows the IOSHunter operation interface. When selecting a new IOS software, consider the following two factors:
1) Reduce costs once FLASH/DRAM in existing network devices fail to meet the requirements of large-size IOS devices, they have to purchase new FLASH/DRAM, which will bring about cost overhead and a certain procurement cycle.
Figure IOSHunter IOS search tool
2) Stable Operation
If the new IOS is just released, there may be new security vulnerabilities and unstable factors. For enterprise production networks, stable and continuous operation is our goal, not the software with complete functions but temporarily exceeds our needs, not to mention the potential risks that these too new software will bring to the production network. Therefore, the latest software is not necessarily stable and reliable. What we need is software that has been widely used for a period of time and has been proven to run stably and eliminate a large number of bugs, and select the software with the same major version number as the existing software.
2) confirm the upgrade scope and sequence
In this step, the Cisco network device is used as an example to confirm the IOS software version with security vulnerabilities and the scope of affected devices. First, identify the IOS software version and the alternative version with security vulnerabilities on the Cisco website. Secondly, determine the affected hardware device range based on the IT asset database.
Based on the analysis of the enterprise's network environment, data flow direction, and business characteristics, You need to determine the upgrade principle, that is, first upgrade the secondary device in the secondary node, and then upgrade the secondary device in the primary node, then, upgrade the main devices on the secondary node.
The secondary device of the secondary node is upgraded because it cannot predict what unknown problems will occur during the production network running after the upgrade. First, upgrade the secondary device. Even if a problem occurs, the device will have less impact on user services than other primary nodes. In other words, secondary nodes can be used as the "test site" for overall upgrade. Once a problem occurs, we have the opportunity to roll back and reduce risks and project pressure. Subsequent upgrades can also be terminated in a timely manner.
3) Evaluate the FLASH/DRAM capacity
For new IOS software alternatives, the file size is usually larger than the old software. In this case, you need to check whether the effective Flash/DRAM capacity of the network device meets the running requirements of the new IOS software before the upgrade. Flash/DRAM has two effective capacities:
1) Large Capacity
When the effective capacity of Flash/DRAM can accommodate two IOS software at the same time, you can upload the new IOS software to the Flash card of the device to be upgraded without deleting the old IOS software, this is the ideal situation. The advantage is that when the upgrade fails, the original IOS software can be immediately rolled back to reduce the risk during the upgrade process.
2) small capacity
When the valid capacity can only accommodate one IOS software, you need to delete the old IOS software before uploading the new IOS software, and then restart the network device, which may pose a certain risk. Once the restart fails, manual intervention is required to re-enable the old IOS software.
4) physical preparation
During the upgrade operation, remember not to lose power, so you need to configure the UPS uninterrupted power supply. In addition, the physical lines used need to be tested in advance to ensure stable transmission performance.
5) operation preparation
Most of the updates require administrators to directly access network devices, and the desktops and laptops on the platform to be operated can be used). They are used to configure switches and store IOS files as TFTP servers, and the connection line of the device.
Operating system upgrade and recovery plan
If you are upgrading IOS through the network, there is no restriction on the interface for running the TFTP Server host to connect to the switch. The address of the TFTP Server can be defined at will, but it must be in the same network segment as the address defined by the network device. When connecting to a vro, you must use the first Ethernet port of the vro, that is, Ethernt0 to Cisco 2500 series, etc.) and Ethernet0/0 to Cisco 2600 series). Other series are slightly different, it can be determined according to the user manual. The following describes how to fix IOS files.
Deploy TFTP
First, install the TFTP Server software. Here we use the TFTP Server software of Cisco TFTP Server, which can be downloaded from the Cisco website. The configuration of the Cisco TFTP Server is very simple, and there is almost no need to change its configuration. You can change its root directory as needed, and select the location in Figure 6-6.
Put the IOS file in the root directory of the TFTP Server Directory. If the TFTP Server software is installed with the Cisco TFTP Server directory on the machine, put the new IOS file in the Cisco TFTP Server Directory. You can also specify the location where IOS files are stored.
- Network Switch hardware upgrade Guide
- Vswitch upgrade troubleshooting instance
- Cisco switch IOS upgrade troubleshooting instance