index_125
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
125
it again. If possible, connect the TFTP server host to your router
through a separate network connection, not through your operational
network. RCP is a little more secure and more reliable than TFTP, but is
not supported on all Cisco routers nor it is generally available except on
Unix platforms.
3. Schedule your downtime.
Installing an update imposes a minimum downtime, and may impose
much longer downtime (up to half an hour if things go wrong and you
have to back out). Schedule your upgrade ahead of time, and inform the
user community as needed.
4. Read the entire upgrade procedure, below.
Review the entire procedure before you start. Be sure that you are
familiar with all the IOS commands involved.
If possible, it is safest to replace a router and take it offline for update. If a redundant
router or a hot spare is available, take advantage of that to perform the update without
disrupting service.
Update Procedure
This section presents a suggested sequence of steps for installing Cisco IOS software.
The sequence is very conservative, by following it you can be sure to avoid mishaps,
and ensure that you can restore your previous IOS version if necessary. The
sequence has three phases: backup, install, and test. The backup phase, steps 1-3,
involves copying the running IOS software and configuration onto the TFTP server
host for safekeeping. The install phase, step 4, involves loading the new software.
The test phase, step 5-6, involves checking that the new software is running the old
configuration successfully. The steps are described below, followed by a console
transcript of a successful update.
0. Log in on the router console, confirm the current IOS and boot version.
It is best to perform router updates from the system console rather than
from a network login. The console will show important status messages
in the later steps of the installation that would not be visible otherwise.
Check the current IOS version number and the name of the routers boot
image with the commands show version and show flash, make a
record of them.
1. Enable privileges, and back up the current IOS software.
Copy the current IOS release to the server using the copy command as
shown below.
Central# copy flash tftp
You must supply the IP address or host name of the TFTP server
host. If this step fails, do not proceed, abandon the update and
check the server configuration before trying again.