index_124
Router Security Configuration Guide
UNCLASSIFIED
124
UNCLASSIFIED
Version 1.0g
before upgrading, and again afterwards; be prepared to back out if the performance
has suffered.
Deciding which update to pick is a complex topic, you must take many factors into
account: feature availability, release status, cost, router memory size, and bug history.
For more information about Cisco IOS release types, see Section 8.3.
Obtaining Updates
Cisco makes software updates availa ble through a variety of purchase and
maintenance mechanisms. The logistics of purchasing updates is beyond the scope of
this document. If you have a maintenance agreement with Cisco, you can download
updates from the Software Center on the Cisco web site.
Whenever you download Cisco IOS software, it is best to check the length after
downloading. During the software selection and download sequence at Ciscos web
site, you will be given the length of the release in bytes. Print the summary web
page, whic h will include the length, for the IOS version youve selected for your
upgrade. After downloading the IOS binary file, check the length against the printed
page; if they differ, discard the file and download it again.
Before You Perform the Update
Follow the checklist below before installing a new version of Cisco IOS on your
router.
1. Ensure that you have enough memory.
Cisco routers have two fundamental kinds of memory: RAM and Flash.
Every Cisco IOS release has minimum memory requirements. Use the
commands show version and show flash to check the amount of
memory your router has. Do not install an update unless the router to be
upgraded satisfies the memory requirements for both RAM and Flash.
(Often, a major upgrade will require more memory, because Cisco
typically sells routers with just enough memory to run the IOS version
pre-installed at purchase.)
2. Check your TFTP, RCP, or FTP configuration.
Router software updates are normally performed using TFTP or Unix
RCP; Cisco IOS 12.0 supports FTP. Make sure that the TFTP, RCP, or
FTP server is correctly set up for both upload and download. Copy the
new Cisco IOS software into the servers download directory.
If possible, use FTP for performing Cisco upgrades. (If the router to be
upgraded is running IOS 11.3 or earlier, then FTP will probably not be
available.) While TFTP is supported by all IOS versions, it is not a
secure service, and normally should not be running on any host in a
secure network. Enable TFTP only for the update sequence, then disable