All Cisco-Network Study Notes: Upgrading Software cisco

Upgrading Software

The acceptable way of managing images is via TFTP.This is a UDP-based transport

protocol—fast and efficient. Unfortunately, it is not authenticated, so you

have to be a bit accurate to ensure that your abstracts gets adored back you abode to a

TFTP server and that the abstracts downloaded doesn’t get corrupted.

By tradition, UNIX hosts accept TFTP software preinstalled. If you do accept a

UNIX laptop, try man tftpd to see how to about-face it on. If you accept a Windows

laptop, the server is not installed (although a applicant ability able-bodied be—it’s standard

on best NT and Win2K environments).

www.syngress.com

68 Chapter 2 • Introduction to PIX Firewalls

Luckily, a TFTP server for a Windows ambiance is accessible to access and

install. Perhaps one of the best is the Solar Winds server, allotment of the Solar Winds

suite.The abounding apparatus set is an invaluable aid to aegis professionals, and some

pieces of it, like the TFTP server, are free. Installation is via the WISE installation

wizard.

Another accomplished TFTP server is the one Cisco provides. It is accessible at

www.cisco.com/cgi-bin/tablebuild.pl/tftp and is additionally free. Simply accommodate your

Cisco user ID back you download, and barrage the installer executable.

Running the Cisco TFTP server is straightforward.The server, by default, is

not running. (This approach is recommended, back there is no authentication; you

don’t appetite anyone uploading or downloading files after your knowledge.) The

first time you run it, you will appetite to columnist O for Options (under the View

menu) to set the log file, if desired, and set the TFTP basis directory.This is where

you appetite to abundance the images. If you are activity to be advance the PIX software,

FTP the bifold angel bottomward from the Web into that directory, and you are ready

for the transfer.

If you accept a actual old adaptation of the software (pre 5.1(x)), you charge upgrade

using adviser mode.You can chase the above-mentioned addendum or the afterward stepby-

step procedure:

1. Enter adviser mode. Remember, this requires that you get a console

session running, power-cycle the box, and columnist Escape aural 10

seconds of the boot.

2. The PIX is currently unconfigured. Set up your download interface by

doing the following:

Use interface to set the TFTP interface.The absence is 1,

so you don’t accept to set it if the TFTP server is on the inside.

Use abode to set the IP abode of the PIX.

Hopefully, your server is on the aforementioned arrangement as the TFTP interface.

If not, you can set a absence aperture with aperture .

3. Abutting adapt the alteration information:

Use server to set the IP abode of your TFTP server.

Use book to set the name of the angel to upload.

4. Finally, assassinate the transfer. Use tftp to alpha the file.

This action endless a new angel in place, and back you reboot, you will appear up

under the new image.

www.syngress.com

Introduction to PIX Firewalls • Chapter 2 69

Luckily, this action should not apply—unless you accidentally upload the

wrong book or your TFTP alteration fails. Adviser approach is primarily acclimated in the

event of disaster.

The action of afterlight your software on a analytic new adaptation of cipher is

straightforward.You can abstain adviser approach and do aggregate from the PIX

enable command line. Log into the PIX and get into accredit mode. It is a good

idea to ping your TFTP server to verify connectivity—for example:

PIX1# ping central 10.1.1.1

Get the adaptation of the software assimilate your TFTP server, and archetype the book to

flash:

pixfirewall# archetype tftp flash

Address or name of alien host [127.0.0.1]? 10.1.1.1

Source book name [cdisk]? pix621.bin

copying tftp://10.1.1.1/pix621.bin to flash

[yes|no|again]? yes

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Received 1640448 bytes.

Erasing accepted image.

Writing 1640448 bytes of image.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Image installed.

On the abutting reload, the new angel is available.