Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 2.3
Managing Software and Configuration Files
Downloads: This chapterpdf (PDF - 293.0KB) The complete bookPDF (PDF - 4.49MB) | Feedback

Managing Software, Licenses, and Configurations

Table Of Contents

Managing Software, Licenses, and Configurations

Managing Licenses

Obtaining an Activation Key

Entering a New Activation Key

Installing Application or PDM Software

Installation Overview

Installing Application Software from the FWSM CLI

Installing Application Software from the Maintenance Partition

Installing PDM from the FWSM CLI

Upgrading Failover Pairs

Upgrading to a Major or Minor Release

Upgrading to a Maintenance Release

Installing Maintenance Software

Checking the Maintenance Software Release

Upgrading the Maintenance Software

Downloading and Backing Up Configuration Files

Viewing Files in Flash Memory

Downloading a Text Configuration to the Startup or Running Configuration

Downloading a Context Configuration to Disk

Backing Up the Configuration

Backing up the Single Mode Configuration or Multiple Mode System Configuration

Backing Up a Context Configuration in Flash Memory

Backing Up a Context Configuration within a Context

Copying the Configuration from the Terminal Display


Managing Software, Licenses, and Configurations


This chapter describes how to install new software on the FWSM from an FTP, TFTP, HTTP, or HTTPS server. You can upgrade the application software, the maintenance software, and PDM management software. This chapter includes the following sections:

Managing Licenses

Installing Application or PDM Software

Upgrading Failover Pairs

Installing Maintenance Software

Downloading and Backing Up Configuration Files

Managing Licenses

When you install the software, the existing activation key is extracted from the original image and stored in a file in the FWSM file system. This section includes the following topics:

Obtaining an Activation Key

Entering a New Activation Key

Obtaining an Activation Key

To obtain an activation key, you will need a Product Authorization Key, which you can purchase from your Cisco account representative. After obtaining the Product Authorization Key, register it on the Web to obtain an activation key by performing the following steps:


Step 1 Obtain the serial number for your FWSM by entering the following command:

hostname> show version | include Number

Enter the pipe character (|) as part of the command.

Step 2 Connect a web browser to one of the following websites (the URLs are case-sensitive):

Use the following website if you are a registered user of Cisco.com:

http://www.cisco.com/go/license

Use the following website if you are not a registered user of Cisco.com:

http://www.cisco.com/go/license/public

Step 3 Enter the following information, when prompted:

Your Product Authorization Key

The serial number of your FWSM.

Your e-mail address.

The activation key will be automatically generated and sent to the e-mail address that you provide.


Entering a New Activation Key

To enter the activation key, enter the following command:

hostname(config)# activation-key key

The key is a four-element hexadecimal string with one space between each element. For example, a key in the correct form might look like the following key:

0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e

The leading 0x specifier is optional; all values are assumed to be hexadecimal.

If you are already in multiple context mode, enter this command in the system execution space.


Note The activation key is not stored in your configuration file. The key is tied to the serial number of the device.

You must reboot the FWSM after entering the new activation key for the change to take effect in the running image.


This example shows how to change the activation key on the FWSM:

hostname(config)# activation-key 0xe02888da 0x4ba7bed6 0xf1c123ae 0xffd8624e

Installing Application or PDM Software

This section contains the following topics:

Installation Overview

Installing Application Software from the FWSM CLI

Installing Application Software from the Maintenance Partition

Installing PDM from the FWSM CLI

Installation Overview

For application software, you can use one of two methods to upgrade:

Installing to the current application partition from the FWSM CLI

The benefit of this method is you do not have to boot in to the maintenance partition; instead you log in as usual and copy the new software. The activation key is maintained with this method.

This method supports downloading from a TFTP, FTP, HTTP, or HTTPS server.

You cannot copy software to the other application partition. You might want to copy to the other partition if you want to keep the old version of software as a backup in the current partition.

You must have an operational configuration with network access. For multiple context mode, you need to have network connectivity through the admin context.

Installing to any application partition from the maintenance partition

The benefit of this method is you can copy software to both application partitions, and you do not have to have an operational configuration. You just need to configure some routing parameters in the maintenance partition so you can reach the server on VLAN 1.

The disadvantage is that you need to boot in to the maintenance partition, which might not be convenient if you have an operational application partition.

This method supports downloading from an FTP server only.

To upgrade PDM, you can only install to the current application partition from the FWSM CLI.

See the "Managing the Firewall Services Module Boot Partitions" section on page 2-11 for more information about application and maintenance partitions.

Installing Application Software from the FWSM CLI

When you log in to the FWSM during normal operation, you can copy the application software to the current application partition from a TFTP, FTP, HTTP, or HTTPS server.

For multiple context mode, you must be in the system execution space.

To upgrade software to the current application partition from an FTP, TFTP, or HTTP(S) server, perform the following steps:


Step 1 Enter the following command to confirm access to the selected FTP, TFTP, or HTTP(S) server:

hostname# ping ip_address

Step 2 To copy the application software, enter one of the following commands, directed to the appropriate download server.

To copy from a TFTP server, enter the following command:

hostname# copy tftp://server[/path]/filename flash:

The flash keyword refers to the application partition on the FWSM. You can only copy an image and PDM software to the flash partition. Configuration files are copied to the disk partition.

To copy from an FTP server, enter the following command:

hostname# copy ftp://[user[:password]@]server[/path]/filename flash:

To copy from an HTTP or HTTPS server, enter the following command:

hostname# copy http[s]://[user[:password]@]server[:port][/path]/filename flash:

For example, to copy the application software from an FTP server, enter the following command:

hostname# copy ftp://10.94.146.80/tftpboot/bnair/cdisk flash:

copying ftp://10.94.146.80/tftpboot/bnair/cdisk to flash:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!
Received 6128128 bytes.
Erasing current image.This may take some time..
Writing 6127616 bytes of image.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!
Image installed.

Step 3 To run the new software, you need to reload the system. If you do not have a failover pair, enter the following command:

hostname# reload
Proceed with reload? [confirm] 

At the `Proceed with reload?' prompt, press Enter to confirm the command.

Rebooting...

If you have a failover pair, see the "Upgrading Failover Pairs" section.


Installing Application Software from the Maintenance Partition

If you log in to the maintenance partition, you can install application software to either application partition (cf:4 or cf:5).


Note The FWSM maintenance partition can only use VLAN 1 on the switch. The FWSM does not support 802.1Q tagging on VLAN 1.


If you are running maintenance software release 1.1, the activation key, if present, is removed and the mode reverts to single context mode. We suggest that you upgrade the maintenance software to Release 2.1 or later to keep the activation key and mode. See the "Installing Maintenance Software" section to upgrade.


Note If you are upgrading between consecutive minor releases (2.3.1 to 2.3.2, for example) and you have a failover pair, first perform this procedure on the standby unit; after the standby unit reloads, force the active unit to fail over to the standby unit using the no failover active command in the system execution space of the active unit; then upgrade the active unit.

If you are upgrading between major releases (2.2 to 2.3, for example), then perform this procedure on the standby unit first. After you complete the procedure for the standby unit, start the procedure for the active unit. To minimize downtime, immediately reenable failover on the standby unit using the failover command as soon as you reboot the active unit. Failover was disabled on the standby unit because it sensed a version mismatch. When you reenable failover on the standby unit while the active unit is down, then the standby unit becomes active.


To install application software from an FTP server while logged in to the maintenance partition, perform the following steps:


Step 1 Each application partition has its own startup configuration, so you need to make the current configuration available to copy to the backup application partition, if desired. You can either copy it to an available TFTP, FTP, or HTTP(S) server, or you can enter the show running-config command and cut and paste the configuration from the terminal. See the "Backing up the Single Mode Configuration or Multiple Mode System Configuration" section

Step 2 If necessary, end the FWSM session by entering the following command:

hostname# exit

Logoff

[Connection to 127.0.0.31 closed by foreign host]
Router#

You might need to enter the exit command multiple times if you are in a configuration mode.

Step 3 To view the current boot partition, enter the command for your operating system. Note the current boot partition so you can set a new default boot partition.

Cisco IOS software

Router# show boot device [mod_num]

For example:

Router# show boot device
[mod:1 ]:
[mod:2 ]:
[mod:3 ]:
[mod:4 ]: cf:4
[mod:5 ]: cf:4
[mod:6 ]:
[mod:7 ]: cf:4
[mod:8 ]:
[mod:9 ]:

Catalyst operating system software

Console> (enable) show boot device mod_num

For example:

Console> (enable) show boot device 4
Device BOOT variable = cf:4

Step 4 To change the default boot partition to the backup, enter the command for your operating system:

Cisco IOS software

Router(config)# boot device module mod_num cf:{4 | 5}

Catalyst operating system software

Console> (enable) set boot device cf:{4 | 5} mod_num

Step 5 To boot the FWSM into the maintenance partition, enter the command for your operating system at the switch prompt:

For Cisco IOS, enter the following command:

Router# hw-module module mod_num reset cf:1

For Catalyst operating system software, enter the following command:

Console> (enable) reset mod_num cf:1

Step 6 To session in to the FWSM, enter the command for your operating system:

Cisco IOS software

Router# session slot number processor 1

Catalyst operating system software

Console> (enable) session module_number

Step 7 To log in to the FWSM maintenance partition as root, enter the following command:

Login: root
Password:

By default, the password is cisco.

Step 8 To set network parameters, perform the following steps:

a. To assign an IP address to the maintenance partition, enter the following command:

root@localhost# ip address ip _address netmask

This address is the address for VLAN 1, which is the only VLAN used by the maintenance partition.

b. To assign a default gateway to the maintenance partition, enter the following command:

root@localhost# ip gateway ip_address

c. (Optional) To ping the FTP server to verify connectivity, enter the following command:

root@localhost# ping ftp_address

Step 9 To download the application software from the FTP server, enter the following command:

root@localhost# upgrade ftp://[user[:password]@]server[/path]/filename cf:{4 | 5}

cf:4 and cf:5 are the application partitions on the FWSM. Install the new software to the backup partition.

Follow the screen prompts during the upgrade.

Step 10 To log out of the maintenance partition, enter the following command:

root@localhost# logout

Step 11 To reboot the FWSM into the backup application partition (that you set as the default in Step 4), enter the command for your operating system:

For Cisco IOS, enter the following command:

Router# hw-module module mod_num reset

For Catalyst operating system software, enter the following command:

Console> (enable) reset mod_num

Step 12 To session in to the FWSM, enter the command for your operating system:

Cisco IOS software

Router# session slot number processor 1

Catalyst operating system software

Console> (enable) session module_number

By default, the password to log in to the FWSM is cisco (set by the password command). If this partition does not have a startup configuration, the default password is used.

Step 13 Enter privileged EXEC mode using the following command:

hostname> enable

The default password is blank (set by the enable password command). If this partition does not have a startup configuration, the default password is used.

Step 14 Each application partition has its own startup configuration, so you might need to copy a current configuration to the application partition. If you have an old configuration running on this partition, you might want to clear it before copying to the running configuration. To clear the running configuration, enter the clear configure all command. To copy the configuration to the running configuration, use one of the following methods:

Paste the configuration at the command line.

To copy from a TFTP server, enter the following command:

hostname# copy tftp://server[/path]/filename running-config

To copy from an FTP server, enter the following command:

hostname# copy ftp://[user[:password]@]server[/path]/filename running-config

To copy from an HTTP or HTTPS server, enter the following command:

hostname# copy http[s]://[user[:password]@]server[:port][/path]/filename 
running-config

To copy from the local Flash memory, enter the following command:

hostname# copy disk:[path/]filename running-config

Step 15 Save the running configuration to startup using the following command:

hostname# write memory

Step 16 The default context mode is single mode, so if you are running in multiple context mode, set the mode to multiple in the new application partition using the following command:

hostname# configuration terminal
hostname(config)# mode multiple
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]

Confirm to reload the FWSM.


Installing PDM from the FWSM CLI

When you log in to the FWSM during normal operation, you can copy PDM software to the current application partition from a TFTP, FTP, HTTP, or HTTPS server.

For multiple context mode, you must be in the system execution space.

To copy PDM software, enter one of the following commands for the appropriate download server:

To copy from a TFTP server, enter the following command:

hostname# copy tftp://server[/path]/filename flash:pdm

The flash keyword represents to application partition on the FWSM. You can only copy an image and PDM software to the flash partition. Configuration files are copied to the disk partition.

To copy from an FTP server, enter the following command:

hostname# copy ftp://[user[:password]@]server[/path]/filename[;type=xx] flash:pdm

The type can be one of the following keywords:

ap—ASCII passive mode

an—ASCII normal mode

ip—(Default) Binary passive mode

in—Binary normal mode

Use binary for image files.

To copy from an HTTP or HTTPS server, enter the following command:

hostname# copy http[s]:// 
[user[:password]@]server[:port][/path]/filename flash:pdm

To use secure copy, first enable SSH, then enter the following command:

hostname# ssh scopy enable

Then from a Linux client enter the following command:

scp -v -pw password filename username@fwsm_address

The -v is for verbose, and if -pw is not specified you will be prompted for a password.


For example, to copy PDM from a TFTP server, enter:

hostname# copy tftp://209.165.200.226/cisco/pdm.bin flash:pdm

To copy to the PDM from an HTTPS server, enter:

hostname# copy http://admin:letmein@209.165.200.228/adsm/pdm.bin flash:pdm

Upgrading Failover Pairs

The two units in a failover configuration must have the same major (first number) and minor (second number) software version. If you upgrade the failover pair to a new major or minor release, you will have some downtime.

You can use different maintenance versions (third number) of the software during an upgrade process without downtime; for example, you can upgrade one unit from Release 2.3(2) to Release 2.3(3) and have failover remain active.

This section includes the following topics:

Upgrading to a Major or Minor Release

Upgrading to a Maintenance Release

Upgrading to a Major or Minor Release

To upgrade a failover pair to a new major or minor release, perform the following steps:


Step 1 Ensure that the standby unit has a configuration saved to memory by entering the following command:

standby(config)# write memory

The saved configuration will load when you restart the standby unit. Because the standby unit will have a different software version from the active unit, it will not synch with the active unit to get a running configuration.

For multiple context mode, if the active unit has context configurations in Flash memory, be sure to enter the write memory command in each context.

Step 2 Download the new image to both units. See the "Installing Application Software from the FWSM CLI" section.

Step 3 Restart the standby unit to load the new software by entering the following command:

standby(config)# reload

After the standby unit restarts, the version mismatch will cause failover to be disabled; because the standby unit sensed the version mismatch with an active unit, it continues to be in a standby state.

Step 4 After the standby unit restarts, restart the active unit by entering the following command:

active(config)# reload

Current connections to the active unit will be disconnected. New connections will be handled by the standby unit after you reenable failover.

Step 5 Immediately reenable failover on the standby unit by entering the following command:

standby(config)# failover

The standby unit senses that the failover link is down, and becomes active.

Step 6 (Optional) Restore the former active unit to be active by entering the following command:

formeractive(config)# failover active

Before performing this step, ensure that the configuration and stateful connections are synched between the two units to minimize traffic loss.


Upgrading to a Maintenance Release

You can use different maintenance versions of the software during an upgrade process and have failover remain active; for example, you can upgrade one unit from Release 2.3(2) to Release 2.3(3). We recommend upgrading both units to the same version to ensure long-term compatibility.


Note You can only install different versions on the failover units if they are contiguous releases, for example 2.3(2) and 2.3(3). You cannot upgrade one unit to 2.3(3) while the other unit is still 2.3(1).


To upgrade a failover pair to a new maintenance release, perform the following steps:


Step 1 Download the new image to both units. See the "Installing Application or PDM Software" section.

Step 2 Reload the standby unit to boot the new image by entering the following command:

standby# reload

Step 3 When the standby unit has finished reloading, force the active unit to fail over to the standby unit by entering the following command on the standby unit:

standby# failover active

Step 4 Reload the former active unit (now the new standby unit) by entering the following command:

newstandby# reload


Installing Maintenance Software

This section includes the following topics:

Checking the Maintenance Software Release

Upgrading the Maintenance Software

Checking the Maintenance Software Release

To determine the maintenance software release, you must boot in to the maintenance partition and view the release by performing the following steps:


Step 1 If necessary, end the FWSM session by entering the following command:

hostname# exit

Logoff

[Connection to 127.0.0.31 closed by foreign host]
Router#

You might need to enter the exit command multiple times if you are in a configuration mode.

Step 2 To boot the FWSM into the maintenance partition, enter the command for your operating system at the switch prompt:

For Cisco IOS, enter the following command:

Router# hw-module module mod_num reset cf:1

For Catalyst operating system software, enter the following command:

Console> (enable) reset mod_num cf:1

Step 3 To session in to the FWSM, enter the command for your operating system:

Cisco IOS software

Router# session slot number processor 1

Catalyst operating system software

Console> (enable) session module_number

Step 4 To log in to the FWSM maintenance partition as root, enter the following command:

Login: root

Password:

By default, the password is cisco.

The FWSM shows the version when you first log in:

Maintenance image version: 2.1(2)

Step 5 To view the maintenance version after you log in, enter the following command:

root@localhost# show version

Maintenance image version: 2.1(2)
mp.2-1-2.bin : Thu Nov 18 11:41:36 PST 2004 : integ@kplus-build-lx.cisco.com

Line Card Number :WS-SVC-FWM-1
Number of Pentium-class Processors :       2
BIOS Vendor: Phoenix Technologies Ltd.
BIOS Version: 4.0-Rel 6.0.9
Total available memory: 1004 MB
Size of compact flash: 123 MB
Daughter Card Info: Number of DC Processors: 3
Size of DC Processor Memory (per proc): 32 MB


Upgrading the Maintenance Software

If you need to upgrade the maintenence software, perform the following steps:


Step 1 Download the maintenance software from Cisco.com at the following URL:

http://www.cisco.com/cisco/software/navigator.html

Put the software on a TFTP, HTTP, or HTTPS server that is accessible from the FWSM admin context.

Step 2 If required, log out of the maintenance partition and reload the application partition by performing the following steps:

a. log out of the maintenance partition by entering the following command:

root@localhost# logout

b. If required, reboot the FWSM into the application partition by entering the command for your operating system:

For Cisco IOS, enter the following command:

Router# hw-module module mod_num reset

For Catalyst operating system software, enter the following command:

Console> (enable) reset mod_num

c. To session in to the FWSM, enter the command for your operating system:

Cisco IOS software

Router# session slot number processor 1

Catalyst operating system software

Console> (enable) session module_number

Step 3 To upgrade the maintenance partition software, enter one of the following commands for the appropriate download server.

For multiple context mode, you must be in the system execution space.

To download the maintenance software from a TFTP server, enter the following command:

hostname# upgrade-mp tftp[://server[:port][/path]/filename]

You are prompted to confirm the server information, or if you do not supply it in the command, you can enter it at the prompts.

To download the maintenance software from an HTTP or HTTPS server, enter the following command:

hostname# upgrade-mp http[s]://[user[:password]@]server[:port][/path]/filename

Passwords for the root and guest accounts of the maintenance partition are retained after the upgrade.

Step 4 Reload the FWSM to load the new maintenance software by entering the following command:

hostname# reload

Alternatively, you can log out of the FWSM in preparation for booting in to the maintenance partition; from the maintenance partition, you can install application software to both application partitions. To end the FWSM session, enter the following command:

hostname# exit

Logoff

[Connection to 127.0.0.31 closed by foreign host]
Router#

You might need to enter the exit command multiple times if you are in a configuration mode.

See the "Installing Application Software from the Maintenance Partition" section to reload the FWSM into the maintenance partition.


The following example shows the prompts for the TFTP server information:

hostname# upgrade-mp tftp
Address or name of remote host [127.0.0.1]? 10.1.1.5 
Source file name [cdisk]? mp.2-1-0-3.bin.gz
copying tftp://10.1.1.5/mp.2-1-0-3.bin.gz to flash
[yes|no|again]? yes
!!!!!!!!!!!!!!!!!!!!!!!
Received 1695744 bytes.
Maintenance partition upgraded.

Downloading and Backing Up Configuration Files

This section describes how to download and back up configuration files, and includes the following sections:

Viewing Files in Flash Memory

Downloading a Text Configuration to the Startup or Running Configuration

Downloading a Context Configuration to Disk

Backing Up the Configuration

Viewing Files in Flash Memory

You can view files in Flash memory and see information about the files.

To view the files in Flash memory, enter the following command:

hostname# dir disk:

For example:

hostname# dir

Directory of disk:/

9      -rw-  1411        08:53:42 Oct 06 2005  old_running.cfg
10     -rw-  959         09:21:50 Oct 06 2005  admin.cfg
11     -rw-  1929        08:23:44 May 07 2005  admin_backup.cfg

To view extended information about a specific file, enter the following command:

hostname# show file information [path:/]filename

The default path is the root directory of the internal Flash memory (disk:/).

For example:

hostname# show file info admin.cfg

disk:/admin.cfg:
  type is ascii text
  file size is 959 bytes

Downloading a Text Configuration to the Startup or Running Configuration

You can download a text file from the following server types to the single mode configuration or the multiple mode system configuration:

TFTP

FTP

HTTP

HTTPS

For a multiple mode context, see the "Downloading a Context Configuration to Disk" section.


Note When you copy a configuration to the running configuration, you merge the two configurations. A merge adds any new commands from the new configuration to the running configuration. If the configurations are the same, no changes occur. If commands conflict or if commands affect the running of the context, then the effect of the merge depends on the command. You might get errors, or you might have unexpected results.


To copy the startup configuration or running configuration from the server to the FWSM, enter one of the following commands for the appropriate download server:

To copy from a TFTP server, enter the following command:

hostname# copy tftp://server[/path]/filename {startup-config | running-config}

To copy from an FTP server, enter the following command:

hostname# copy ftp://[user[:password]@]server[/path]/filename[;type=xx] 
{startup-config | running-config}

The type can be one of the following keywords:

ap—ASCII passive mode

an—ASCII normal mode

ip—(Default) Binary passive mode

in—Binary normal mode

You can use ASCII or binary for configuration files.

To copy from an HTTP or HTTPS server, enter the following command:

hostname# copy http[s]://[user[:password]@]server[:port][/path]/filename 
{startup-config | running-config}

For example, to copy the configuration from a TFTP server, enter the following command:

hostname# copy tftp://209.165.200.226/configs/startup.cfg startup-config

To copy the configuration from an FTP server, enter the following command:

hostname# copy ftp://admin:letmein@209.165.200.227/configs/startup.cfg;type=an 
startup-config

To copy the configuration from an HTTP server, enter the following command:

hostname# copy http://209.165.200.228/configs/startup.cfg startup-config

Downloading a Context Configuration to Disk

To copy context configurations to disk, including the admin configuration, enter one of the following commands for the appropriate download server from the system execution space:

To copy from a TFTP server, enter the following command:

hostname# copy tftp://server[/path]/filename disk:[path/]filename

To copy from a FTP server, enter the following command:

hostname# copy ftp://[user[:password]@]server[/path]/filename disk:[path/]filename

To copy from an HTTP or HTTPS server, enter the following command:

hostname# copy http[s]://[user[:password]@]server[:port][/path]/filename 
disk:[path/]filename

Backing Up the Configuration

To back up your configuration, use one of the following methods:

Backing up the Single Mode Configuration or Multiple Mode System Configuration

Backing Up a Context Configuration in Flash Memory

Backing Up a Context Configuration within a Context

Copying the Configuration from the Terminal Display

Backing up the Single Mode Configuration or Multiple Mode System Configuration

In single context mode or from the system configuration in multiple mode, you can copy the startup configuration or running configuration to an external server or to the local Flash memory:

To copy to a TFTP server, enter the following command:

hostname# copy {startup-config | running-config} tftp://server[/path]/filename

To copy to a FTP server, enter the following command:

hostname# copy {startup-config | running-config} 
ftp://[user[:password]@]server[/path]/filename

To copy to local Flash memory, enter the following command:

hostname# copy {startup-config | running-config} disk:[path/]filename

Be sure the destination directory exists. If it does not exist, first create the directory using the mkdir command.

Backing Up a Context Configuration in Flash Memory

In multiple context mode, copy context configurations that are on the local Flash memory by entering one of the following commands in the system execution space:

To copy to a TFTP server, enter the following command:

hostname# copy disk:[path/]filename tftp://server[/path]/filename

To copy to a FTP server, enter the following command:

hostname# copy disk:[path/]filename ftp://[user[:password]@]server[/path]/filename

To copy to local Flash memory, enter the following command:

hostname# copy disk:[path/]filename disk:[path/]newfilename

Be sure the destination directory exists. If it does not exist, first create the directory using the mkdir command.

Backing Up a Context Configuration within a Context

In multiple context mode, from within a context, you can perform the following backups:

To copy the running configuration to the startup configuration server (connected to the admin context), enter the following command:

hostname/contexta# copy running-config startup-config

To copy the running configuration to a TFTP server connected to the context network, enter the following command:

hostname/contexta# copy running-config tftp:/server[/path]/filename

Copying the Configuration from the Terminal Display

To print the configuration to the terminal, enter the following command:

hostname# show running-config

Copy the output from this command, then paste the configuration in to a text file.