- Introduction
This section will cover Cisco device management, which is going to include some of the basic administration tasks that you need to carry out on your routers and switches. We’ll start off by covering how the boot-up process works, networks, and the different memory locations in your device. Then we’ll move on to how to do a factory reset if you want to wipe your configuration and how to do a password recovery if you’ve lost the administrator’s enable password. After that, we’ll cover how to back up the operating system image and also your configuration. Then we’re going to see how to upgrade iOS to a new version. So, once you get there, we’ll tell you what to COVID.
2. The Boot Up Process
In this lecture, you’ll learn about the bootup process on your routers and switches. And to understand how the device boots up, you need to know about the different memory locations on your device. There are four built-in memory locations. First up, you have Rom, the read-only memory. Then we have Flash on older devices that will be installed as a virus on the motherboard.
On newer devices, it’s a removable compact flash card. Then we’ve got NV RAM, the nonvolatile RAM, and finally the RAM, the normal random-access memory. You can also use an external USB memory stick plugged into the device as well. Okay, so the first one is read-only memory, the ROM, and that is what is used when the device is first powered on. Rom’s got two main functions. The first is the ability to self-test. The posttest will check for any problems with the hardware. It will then load the bootstrap, and the bootstrap will look in Flash for an iOS software image to load. Next, if an iOS image can’t be found in Flash, then the device will show the wrong prompt at the command line.
That means the device has failed to boot up. If you see a command prompt that says “Ram on the wrong monitor is what it stands for,” that can be used to recover a missing or corrupted software image. In that case, you can boot from USB or an external TFTP trivial file transfer protocol server to recover the device. And the instructions for doing that can be slightly different depending on the model of router or switch that you need to recover. So to get instructions, just search Google for “Cisco RAM on recovery” for your particular platform. We’ll have a look at that at the end of the lecture when I do a lab demo.
Okay, so we had the RAM memory and then the Flash memory. So Rom does the post test and loads up the bootstrap, which then looks in Flash memory for an iOS system image. It will load the first image that it finds there by default, but you can override that with the boot system command. Now, when you get the device initially from the factory, it’s just going to have one software image on it, but you can upgrade that device because Cisco will come out with newer versions of the software regularly. So in that case, you can download the new version of the operating system and then copy it down to Flash. In that case, you’ll have two copies of different system images on Flash now. So when the system boots up, you’re going to tell it which one to boot from. It will default to choosing the first one.
So to make sure that you get the newer image, the command to use is boot system, then flash, and then the system image name. That’s a global configuration command. The next type of memory is NVRAM. So when the system has finished loading the iOS system image from Flash, it will then load the startup configuration file from NVRAM, and the saved startup configuration then becomes the current running configuration in RAM. If no startup configuration file is found, then the system will not load the setup wizard. If no startup config file was found, it’s either because you just factory reset it or because it actually came from the factory. When you enter a command in iOS, it takes immediate effect and is stored in the running configuration and RAM, making your changes permanent even after a reboot. We copy the running configuration to the startup configuration command, which stores it in NVRAM and uses it the next time the system boots.
The reason it’s designed like this is So if you’re working on a router or a switch and you make some kind of catastrophic error and then you can’t get to the switch of the router anymore, you can just pull the power cord out of the back, put the power back in, boot it up again, and it will boot back up. With the old startup configuration, before you made the error in the running configuration that caused you to lose connectivity to the command line, okay, the last type of built-in memory is RAM, or random access memory. During boot, the iOS system image and startup configuration are loaded into RAM from Flash for the system image and NVRAM for the startup configuration. And Ram is then used as the device’s normal working memory.
And if you’re wondering, “Well, why don’t we just keep everything in RAM?” then the reason is that RAM is volatile memory; it does not survive a power outage or a reboot. So we can’t keep the files in there that we need to keep permanently; they need to be saved in persistent storage like our Flash and our MV. I have a couple of other things to tell you. First and foremost, that file is the VLAN in the VLAN database. That file is just on the switch, where it saves the VLAN information, which is saved in either flash memory or NVRAM depending on the model of the switch. I know we haven’t covered VLAN yet; don’t worry, we’ll cover that in a later section. I’m just mentioning it now as we talk about the different memory locations.
Finally, rather than using Flash or MV RAM, the system can load a system image and/or startup configuration from an external TFTP server. That is not recommended, though, because the device will not be able to boot if it loses connectivity to the TFTP server. So the only reason you would ever really do that is if you want to load a new version of the system image and there’s not enough flash memory capacity on your device to store that, then you can save it to an external TFTP instead and boot from there. But this is really not recommended because if you lose connectivity with a TFTP server, your device won’t be able to boot. Okay, so that was all the information. The last thing I want to do is give you a demonstration of all this in the lab.
3. The Boot Up Process Lab Demo
In this lecture, we’re going to go through a demo in the lab of the boot-up process, and we’ll also talk about the different memory locations there again as well. So, in the lab typology, R 1 is on the left, with IP address 1010 1. It is linked to switch one, which has IP address 1010-2 assigned to its VLAN-1 SSID.
And we’ve got a TFTP server on 1010. Now, I’m using Packet Tracer for this lab because if you use one of the other virtual labs, it doesn’t support playing around with the different images in Flash, but Packet Tracer does. The other way that you can do this is by using real devices. But I didn’t want to be messing around with the iOS images on real devices. It’s easier to do it in Packet Tracer, so I recommend you use Packet Tracer if you want to follow along with this as well.
Okay, so that’s what the lab topology looks like. So let’s jump on to R1 and take a look at the boot-up process. So I’ll do a reload and hit Enter to confirm. And you can see that read-only RAM was initialised first. And then if I just scroll back a bit here, Now, after Ramon itself decompresses the image, So this is the system image that is in Flash, and it is decompressing it because it’s in an archive format, kind of like a zip file.
As a result, it decompresses it and stores it in RAM memory. And then the system will boot up. I press Return to get started, go into the enable prompt, and that’s when the system boots up. After it finished loading the system image, which you can see here, The next thing it did after that was load the startup configuration from NDRAM again into RAM, the working memory on the router, where it becomes the running configuration. So on the router here, if I do a show version, I’ll be able to see what the system image is. We just scrolled up to the top of that command, and I can see that this is on a 2900 series router. I’m also using version 15 one four M four. And if I do a show flash, I’ll see that the system images are there. There it is, and it’s the only system image that’s there right now.
You can actually delete the system image from Flash. So let’s go ahead and do that. So I’ll copy the file name here, enter the command to delete Flash, and then the name of the file, paste it in, and hit Enter. It asks me to confirm. Are you sure you want to delete that file name and ask me to confirm again? And I say yes. And if I show Flash again now, you’ll see that the file is no longer there. Now the system is still up. I can still get to configure, I can still enter configuration commands in here, and the router will still keep running just fine. The reason is that when the system boots up, the system image is loaded from flash memory into the working memory. So as long as the system is up and running, I’m not going to have a problem.
A problem is going to arise when the system next reboots. So let’s do that. I’ll do a reload, yeah. And it wouldn’t be as quick in a real physical router, but when it tries to boot up again, it can’t. It boots up in “raw” mode because it wasn’t able to find a system image in Flash. So be very careful not to do that in the real world. Actually, on older routers and switches, it’s quite easy to do because in some of the older images, by default, if you copy anything into Flash, it will ask you, “Do you want to delete everything that is already there?” And if you’re not really thinking and you go ahead and do that by just copying some other file into Flash, then you’ll lose your system image that way. So just be careful; do not delete the system image out of Flash, because if you do, it’s a pain to recover it.
Let’s take a look and see how you do now. So I’ll go to a browser. So I’ve got Firefox open here. And in Google, you see that I searched for Cisco 2900 ROM on recovery because that’s the model of router I’m on there. And then it’s this file here for the 2900, which I’ve already opened in another tab. And in the section on recovering the system image with the TFTP download command, it tells you how to recover the image. So you will need a TFTP server to do this, which we do actually have. I’ll show you the TFTP server in a minute.
So on the TFTP server, you need to have the system image there. And then the document that you’ll get from the Cisco website will tell you the commands to enter that I’m just scrolling here. Then, at the bottom, it provides an example. Config. When you get to the wrong prompt, the router is not operational; it has not booted up, so it doesn’t have any IP addresses on it. The startup configuration has not been loaded. So you’re going to need to configure IP connectivity at the wrong prompt. These are the commands to do that. So we enter an IP address for the router.
In addition, we enter the subnet mask. You also have to enter a default gateway. If the router is on the same subnet as the TFTP server, then just put the TFTP server’s IP address in here, followed by the IP address of the TFTP server, and then the file name. The system image that you’re going to use to recover that is on the TFTP server. Finally, you put in the command “TFTP Download.” It will then connect out to the TFTP server and download this file, copying it into Flash. The last thing you do after that is enter the reset command, and that will reboot the router. And because you’ve now got a working system image in Flash, it will be able to boot up. Okay, let’s just have a quick look at the TFTP server in Packet Tracer.
So, in Packet Tracer, go to the End Device stab in the bottom left, and then drag up this generic server, which is the third one, along with this version of Packet Tracer, and bring it up here. If I click on this now and go to Services, you’ll see that TFTP is enabled on that server by default. So there are already iOS system images on the TFTP server in the real world. Then you can either download a free TFTP server or use a paid one. There’s lots of TFTP software available on the Internet. Again. Just Google for that. You’ll find something.
4. Factory Reset and Password Recovery
In this lecture, you’ll learn how to factory reset your router or switch, as well as how to recover a password if you’ve forgotten the enable password.
So we did a factory reset first. The way we do that is very simple. At the enable prompt, we use the right arrays command that will array the startup configuration. You do that, then reload the device, and it will boot up with a blank configuration. There’s no startup configuration, so the setup wizard will then run. Let’s take a look at how we do this in the lab. So I’m on my router here. R one. If I do a show running configuration, you can see the host name is “R One” there. If I do issue startup configuration, the host name in the startup configuration is also “R One.” So that has been saved. So what I’ll do here is go to global configuration and say hostname two; I’m not doing a copy run start yet. If I break back down to the enable prompt, if I do a show run, I’ve entered the command.
As a result, the hostname in the current configuration is R2. If I do a show startup configuration, you’ll see that I haven’t saved it yet. I haven’t yet done the copy on start. So that is still the hostname. So if I rebooted now, it would come back up with a startup configuration, I would lose my unsafe changes, and it would still have the hostname “R.” What this is useful for is that if you lose connectivity to a device that you’re working on remotely, you can’t get to it anymore. You need to recover it. You can ask somebody in that office to pull the power out and put it back in. It’s not good because it does cause an outage. It’s pretty embarrassing, but there’s a way that you can get back onto that router or switch again. Okay, so back to doing the factory reset. I’d like to show you the running configuration and the restart up configuration first.
If I wanted to factory reset this device, the command is: “I’ll do it in full for you.” Write arrays It will then tell you that this is going to erase the NVRAM file system, which you know is where the startup configuration is saved. So I’ll hit enter to confirm that if I now do a show start, it will tell me that the startup configuration is not present; it was erased. And if I reload now and confirm that, it will take a minute to do the reload. And when it comes back up, I can see it’s running the setup wizard because it’s got no configuration. Okay, so that is how you do a factory reset on your router or switch. Go back to the slides now and take a look at how to do the password recovery. First, you need to know about the configuration register that is used to change the way that the router boots from the default You can use the configuration register command in global configuration mode, or if you’re at the wrong prompt and the router switch hasn’t completed booting yet, you can use the conference command. For example, in the global configuration, we could use config register x 2142, or confreg x 2142 if we were at the wrong prompt.
There are several different configuration registers that you can use. The three most useful ones are probably zero, two, and one. That should be the default. The device will boot normally when that is done. The next one, 2120, will boot into RAM on mode and, finally, will ignore the contents of NDRAM while booting, so the startup configuration will be ignored. Now there are other settings you can use as well, which will mostly change the bond rate, like the rate at which you connect to the device. I can’t really think of any reason you would want to do that. So these are the three that you would commonly use. Okay, if we do need to do a password recovery, this is where we’ve lost the enable prompt.
So maybe it’s a small company; we just had one administrator there before, and unfortunately they got hit by a bus, or more happily, they’ve left the company, and they didn’t let anybody know what the enable password was before we left. Or, if you work in a large company, you might take a router or a switch off a shelf, out of a cupboard somewhere, and you have no idea what the enabled secret is. As a result, it is quite common that you will have to do this not on a daily basis, but once in a while in a real-world environment. The way you do it is, first off, Google for the instructions for this because, again, you’re not going to be doing it every day and it’s unlikely you’re going to remember how to do this off the top of your head. I’ve done it probably hundreds of times, and I still go for the instructions whenever I need to do it.
So first up, you don’t have the enable password, so you can’t get into the device, so you need to reboot it. Then, while it is rebooting, press the brake key on the keyboard. That is a commonly occurring control break, but it depends on which software you’re using to connect to the console. Again, you can Google if it’s not a control break. Okay, so do that during the first minute that the device is powered on, and that will break you into the RawMan prompt. You then enter the command conference 2142 at the wrong prompt, which says to ignore the startup configuration on boot.
Now you’re not deleting the startup configuration like when we did the factory reset; the startup configuration is still there, as is the full configuration; everything that was configured on that device is there as well, like IP addresses or whatever. And also, the enabled secret is still there, which you don’t know, but the router is not going to use that startup configuration when it boots up. So you don’t have to know the enable secret. You then enter “reset” at the wrong prompt to boot the device. The router will boot up with no configuration, so it will enter the setup wizard. You then type “no” to bypass that. You then enter enable mode with the enable command. You’re not going to be prompted for the enable secret because it’s not in the current running configuration, which is blank.
The next step is to copy the startup configuration to the running configuration. Do not forget that step. If you forget that step and do everything else correctly, as stated here, you will end up factory resetting the device and losing the previous configuration. If you’re doing a password recovery because the administrator has left and you need to keep that configuration, don’t forget to copy the startup configuration so it’s running at that point. That will copy the entire previous configuration into the running configuration, including the unknown enable secret. But you’re already in enable mode, so again, you don’t need to know what the enabled secret was. You then enter a new enable secret in global configuration mode to overwrite the old one, and that will go into the current running configuration.
Then enter config register zero x 2102 so the router will boot normally on the next restart. Again, don’t forget to do this because if you do, every time you boot up, it will boot up with a blank configuration and you’re going to think there’s something seriously wrong with that router. If you ever get that symptom where every time you boot it up, it looks like it’s been factory reset, it will be because the config register is set to zero x 2102. Finally, we copy run start to save the configuration, and you’re back where you started with the exception that you’re now logged in and have a new enable secret. Okay, so that’s how we do the recovery procedure on a router. If you’re using a switch, it may be slightly different depending on the model.
Also, some routers can be slightly different as well. So whatever kind of device it is that you need to recover, it will be very, very similar to those instructions I just showed you there, but it might be slightly different. So again, use Google to get the instructions, and just follow the instructions to do the password recovery. Let’s take a look at how to do this in the labnet now.
5. Password Recovery Lab Demo
You learn how to do password recovery from watching a lab demo. When we talk about password recovery, we’re talking about recovering from a lost password or secret. Now, I know we haven’t really spoken about those yet. We’re going to cover them in a later section, when we get to securing your Cisco router or switch. For now, all you need to know is that you can set the password that is required to get to the enable prompt. So let’s actually do that on a router.
So I’ll go to global configuration mode and enable password flat box one and enable secret flat box two. The difference between these is that enable password is really a legacy command. The new method is to enable secret. So if I go in here and do a how-run, you’ll see the difference is that the enabled secret is always in encrypted form. When you look at the running confit, enable password is unencrypted by default.
So that could be a security concern. If you’ve enabled both the enable secret and the enable password, then the enabled secret overrides the enable password. So if the enable password isn’t used, we’re always going to use the enable secret. Okay, so our scenario is that an enable secret has been set on this router, and we come to work on the router.
So we need to get to the enable prompt. So we type in “enable it,” it asks us for a password, and the problem is that we do not know it and nobody else in the company does either. So we need to recover the password. The method is to first boot the router into Raman mode. Now, normally, you turn it on, and within the first minute, you hit control, breaking the break sequence, which will result in the wrong one prompt.
Because I’m on packet tracer here, it doesn’t really give me much time to do that. So I’m going to do it in the normal configuration instead. So I’m going to log in here. I got it if I remember what the password was, and I’ll go to configuration and set the configuration register here. So I’ll set it to config register zero x 2120, which will boot it into the wrong prompt. But obviously normally if you’re doing a password recovery you’re not going to be able to get to confit mode to do it here. So you’d be breaking in when the router first powers on or switches. Okay, now that I’ve done that, I’ll exit and do a copy run start, then reload, and this will boot up into the wrong prompt. Okay, so this is how I would do my password recovery. What I need to do here is instruct the router to skip the startup configuration when it boots up. The command for that is confer. So it’s a little bit different than it is at the normal command prompt.
And to bypass NVR, which is where the startup configuration is, it’s 0x2142; hit enter, and then reset to boot the router. And you’ll see that when it finishes booting up, it’s not going to ask me for an enable password to get into the enable prompt because it’s booted up with a blank configuration. You can see that’s happened because it’s booted up into the setup wizard.
So I will say no here to bypass this setup wizard, and now I can hit enable. And because it’s not using the enabled secret from the startup configuration, it’s not going to ask me for a password. Okay, the next step is to copy the startup configuration into the running configuration. I do that, and it’s going to copy the startup configuration in that was already there with all of the commands that were already there, including that enable secret. But I don’t need to know it because I’m already at the enable prompt.
The next thing I need to do is configure, and I’m going to set a new enable secret. Or, for this lab exercise, I’ll simply go into the “Enable Secret” section and remove it. In the real world, you would always want to have a secret for the enable prompt on the router, so you wouldn’t actually do that.
You’d just set a different secret that you know now so you could get in the next time it rebooted. Okay, the last thing I need to do is copy run, and now I’m all good. I’ve got my old configuration on there, but it was there before I changed the password and got into the router. And did I actually reset the configuration register the next time I reloaded? No. Okay, I forgot that this is super important too.
Okay. Also, perform a confit register at global configuration. X 2102 is for the default boot. Okay, not such a deliberate mistake there. If I’d done that in the real world, what would happen is that the next time that I rebooted, it would go back into, I think, Roman Prompt again, which obviously would not be good. Don’t forget to reset the configuration register as well. End and start the copy run. Actually, in the real world, you would do a reload at this point to ensure that everything is fine when it boots up again. You’re not causing an outage because you already had one right now anyway. So once you’ve finished, just reboot it again, wait a couple of minutes for it to boot up, and then check that it loads correctly and that you can log in. So, enable it. Okay. And it’s asking me for a password. I want you to keep it a secret. I actually paused the video when this first happened because I was like, “Why did that happen?” And then I thought, okay.
And I realized that, so what I want you to do now is pause the video and have a think about it, because I did the “no enable secret” command and I’ve rebooted. I didn’t forget to do the copy at the start. I rebooted, and it’s still asking for a password to get into the enable prompt. So think about why this is the case. Stop the video for a minute if you have to. When you start the video again, I’ll tell you the reason why. Okay? The reason why is that when we did the initial part of the lab, I set an enable password and an enable secret. When I did the password recovery, I just did the “do not enable” secret. I did not use the “no enable password” option. So there’s still an enable password there, and that’s what it’s asking me for. In the real world, you are unlikely to encounter this issue because you would not perform a no enable secret. What you would do is set a new enable secret, which would override the enable password.
When you rebooted, it would ask you for the secret you had just set here. If you remember what we said, it was the flat box one for the enable password. So I’m actually able to log in here if I do ipconfig now and set enable secret as the new secret, or if I do flat box two and hit enter copy run start at the enable prompt. Copy, run, and start. This is something I should have done earlier in the lab, with a different enabled secret, for example. Then, when I rebooted, it would have asked me for that new enabled secret, which I do know. Okay? Hopefully, watching me make a couple of mistakes there entertained you. I’ll try not to do it in the next lecture.
6. Backing up the System Image and Configuration
In this lecture, you’ll learn about backing up the iOS system image and your confit file on your router or switch. You can back up either to an external FTP or TFTP server or to a USB stick, or you can back up to the flash memory in the device. Now, for reasons that you would want to do a backup, you could back up the system image to an off-box TFTP server so that if you need to recover the image later—whether you’re downloading it again from the Cisco website or not—it’s going to be handy to have it already on your TFTP server.
Obviously, there’s no point in backing up the system image to Flash. In any case, it’s already in Flash. We would make a copy of the backup configuration for two reasons: if we need to roll back to it later, we could make another copy to an off-box location, or it might be more convenient to do it on Flash. In that case, if you do want to restore an old version of the configuration file, you can’t just copy it into the startup or running configuration because if you do that, it will be merged; it’s not going to replace it. And if we want to restore, we’re going to want to do a replacement, not a merge. So, first, you factory reset the device, then copy the old configuration into the startup configuration, reboot, and you’re back with the old configuration.
OK, the different commands to take a copy of our system image or to take a copy of our confit file Some examples we could copy from Flash TFTP The iOS system image is in Flash, so that’s the command you would use to back up the system image. We could perform a TFTP copy to save a copy of our configuration off-site on a TFTP server. Another example is copying startup configuration. Okay, so let’s have a look at some examples in a lab environment. In the lab, I’ve got a router at 1010-1 and a TFTP server at 1010 1st.One thing I’ll do is back up the system image and the running configuration to the TFTP server. So let’s go on to our router first. And if I show Flash here, you can see that the system image is C 2900 universal canine MZ, which is what it starts with. I just want to show you that it’s not already on the TFTP server. So I’ll go to the TFTP server, and as you can see, there’s no file there yet, but it begins with C 2900.
So I want to have a backup of the system image on the TFTP server. So the way I do that is to go back to my router, say copy TFTP, and it will ask me for the source file name. I’m going to copy and paste that from the show slash output. Then the address of the remote host is my TFTP server. That’s at 1010. I want to use the same filename on the TFTP server as well. So I hit Enter, and I can see that it goes, copying the file over to the TFTP server. If I now go back onto the TFTP server again and just refresh this so I go back to the services and TFTP, I can see the file is now on my TFTP server.
OK, so that’s how you make a backup copy of your system image. If you want to make a copy of your configuration for backup purposes, I’ll go back on the router again, and for this, I will do a copy run to TFTP. We’ll copy my running configuration there. It will ask me where the remote host is. Again, the TFTP server is 1010. Then it’ll ask me what I want to call the file name.I will call this one Monday. because it’s a Monday here today. It’s a good idea to put the actual date on there. Obviously, a bit more specific than just Monday would suffice. Hit Enter. It’s a really small file, so it takes next to no time to copy. If I go back on the TFTP server and refresh this again, you can see the backup of my configuration. Okay, so that’s how you back up to a TFTP server. Next, let’s take a backup of Flash and then restore it.
So I’ll go back on the router, and I’ll do a show, Flash. And you can see that I don’t have any backup files in there right now, so I’ll make a copy. Actually, let me show you the transformation that is taking place. So I’m on hostname one right now, and I will take a backup of my running configuration. So I’ll say copy run to Flash and give it the filename R OneLab. Okay, and now I will go to global configuration, and I will change my host name to R Two. Now, I haven’t saved it to the startup configuration, so if I wanted to get back to our original state, I could just do a reboot. But as soon as I do a copy run start, that hostname is now in both the running configuration and the startup configuration. So I go for a show run. I can see that my host name is R Two, and if I do a show start, the host name will be R Two there as well.
So, let’s say I don’t like the new configuration and want to revert to the old one. In the real world, where this is useful is in a lab or test environment. So say that you want to do some lab exercises, and then you want to be able to easily go back to the startup configuration for the start of that lab. What you do is set up the starting configuration and then save a copy of it to Flash. And then you can go and make whatever changes you want. Then, to return to that startup configuration, do the appropriate arrays to start the startup configuration, and you’ll notice that the startup configuration has vanished.
Then what I do is show Flash just to check the name of my backup configuration, and I’m going to do a copy flash to start the source file name I will copy and paste. So I’ll copy and paste that, and it was R One Lab. The destination file name is going to be the startup config. And now if I do a reload, when it comes back up again with a little bit of luck, it’s going to be with the original configuration, and the hostname is going to be “R One.” So there you go; that worked just fine. Okay, so that is how you back up your running or your startup configuration to an off-box server, how you can also take a backup of your configuration to Flash, and how to restore from that if you need to later. See you in the next class.
7. Upgrading IOS
In this lecture, you’ll learn how to upgrade the IOS system image on your Cisco router or switch. The first thing that you need to do is get the new software image. So you get that from the Cisco website at cisco.com. Let’s have a look there. So you land on this page, click on the link for software download, and then that will open up a new tab, and it’s searchable here. So in the search box, put in whatever it is that you want to upgrade.
So let’s say we want to upgrade a 29-60 switch. I put that in, and I then select my model of switch. I can then select the iOS image I want to download from there. So download it from the Cisco website and then copy it onto your TFTP server. Then, from the TFTP server, you’re going to download it to Flash on the device. Once you’ve got it on Flash, either delete the old image, leaving just the new one there, or the device will now boot up from the new image.
Or if you want to keep both images on there just in case you need to fall back to the old one, Then, to make sure that it uses the new image, use the boot system command. So let’s have a look at doing this in the lab. Same lab as the last time I received a switch. This time we’re going to use the switch at 1010, and we’re going to download a new software image from the TFTP server at 1010. So let’s go on to the switch and check what software image is running right now.
So if I do a show flash, you’ll see there’s only one system image in there, which is running C 29 60 on a land-based MZ 12 225. And if I do a show version, not surprisingly, that’s the only system image and Flash that are confirmed as the software image that we are running. So we’re going to upgrade this to a newer version of iOS. So let’s take a look at the TFTP server now. And I see that I have version 150 for the 2000 and 916. So this is the image that I’m going to use. So I need to download it back to my switch. So I’ll go back to the switch again, and the command I want to use at the enable prompt is copy TFTP to Flash. The TFTP server is at 1010, the file name. I’ve already copied this to my clipboard, hopefully.
So I’ll try pasting it. Yes, there it is. That was a 15-dot image. I want to keep the same name when I copy it to Flash. So there it is, copied into Flash. Now I’ll verify it’s there with a show of flash. And now I can see both the current and the new system images. What I could do now is delete the old one, and that will guarantee it will boot up with a new one next time. But let’s say I want to keep the old one there just in case I need to fall back on it. I’m going to keep it there to make it easier to do that in case I need to. So I need to do the boot system command now. So I will copy the name of the new system image, and then at Global Config, I will enter the command bootsystem, and it’s on Flash, and then the file name.
Paste that at the end and copy run start, and it should be good to go. Now, when the system boots up, it loads the system image into RAM memory. So I need to reload the new system image. So I will do that now. I will do a reload, and you can see the message there that, yes, it is loading the new system image. So that looks all good, but let’s just wait for it to boot up so that we can confirm. Okay, there we go. I’ll go to the enable prompt and select Show Flash. You’ll see that both images are still there. And if I run a show version, I’ll see that I’m now on version fifteen zero. Okay, so that’s all there is to it. That is how you upgrade iOS on your router or switch.