index_126
Router Security Configuration Guide
UNCLASSIFIED
126
UNCLASSIFIED
Version 1.0g
2. Shut down external interfaces.
If the router to be upgraded is used to enforce security at an enclave
boundary, such as the boundary between your network and the Internet,
then disable the outside network interfaces using the shutdown
command in interface configuration mode.
Central# config t
Central(config)# interface eth 0/0
Central(config-if)# shutdown
Central(config-if)# end
3. Back up the current running configuration.
Copy your current running configuration to your TFTP server using the
copy command. (Note: make sure you have followed the password
handling instructions in Section 4.1 before doing this.)
Central# copy running-config tftp
You must supply the IP address or host name of the TFTP server host. If
this step fails, do not proceed, abandon the update and check your TFTP
configuration before trying again.
4. Load the new software.
Copy the new IOS software from the TFTP or FTP server to the flash
memory of the router. On most Cisco routers, the flash will be erased
automatically during this step; if asked whether to erase the flash, answer
yes. Use the copy command as follows.
Central# copy tftp flash
On some Cisco routers, it is possible to store several IOS releases in flash
memory and select which one to run. (Because very few Cisco routers
have sufficient flash memory to hold multiple IOS releases, that scenario
is not covered here.) If this copy succeeds, your router may
automatically reboot; if it does not, then reboot it manually using the
command reload. If you are performing the update over a network
connection, your connection will be broken at this point.
Central# reload
Proceed with reload? [confirm] y
5. Confirm the new IOS version and boot image.
Watch the boot messages on the router console to confirm the new IOS
software version and boot image. If you performed steps 1 through 4
over a network connection, re-establish the connection at this point and
check the IOS version and boot image with show version. Then,
enable privileges and confirm the configuration status with show
running-config. Check the status of the interfaces, and check that the
access lists and static routes are still present.
Central# show version
Cisco Internetwork Operating System Software
IOS(tm) 1600 Software (C1600-SY56I-M), Version
12.0(9), RELEASE SOFTWARE
.