HostedDB - Dedicated UNIX Servers
index_125
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 125   it again.   If possible, connect the TFTP server host to your router through a separate network connection, not through your operational network.  RCP is a little more secure and more reliable than TFTP, but is not supported on all Cisco routers nor it is generally available except on Unix platforms.   3.     Schedule your downtime. Installing an update imposes a minimum downtime, and may impose much longer downtime (up to half an hour if things go wrong and you have to back out).  Schedule your upgrade ahead of time, and inform the user community as needed. 4.     Read the entire upgrade procedure, below. Review the entire procedure before you start.  Be sure that you are familiar with all the IOS commands involved. If possible, it is safest to replace a router and take it offline for update.  If a redundant router or a hot spare is available, take advantage of that to perform the update without disrupting service. Update Procedure  This section presents a suggested sequence of steps for installing Cisco IOS software.   The sequence is very conservative, by following it you can be sure to avoid mishaps, and ensure that you can restore your previous IOS version if necessary.  The sequence has three phases: backup, install, and test.  The backup phase, steps 1-3, involves copying the running IOS software and configuration onto the TFTP server host for safekeeping.  The install phase, step 4, involves loading the new software.   The test phase, step 5-6, involves checking that the new software is running the old configuration successfully.  The steps are described below, followed by a console transcript of a successful update. 0.     Log in on the router console, confirm the current IOS and boot version. It is best to perform router updates from the system console rather than from  a network login.  The console will show important status messages in the later steps of the installation that would not be visible otherwise.    Check the current IOS version number and the name of the router’s boot image with the commands show version and show flash,  make a record of them. 1.     Enable privileges, and back up the current IOS software. Copy the current IOS release to the server using the copy command as shown below.    Central# copy flash tftp You must supply the IP address or host name of the TFTP server host.  If this step fails, do not proceed, abandon the update and check the server configuration before trying again.