第一篇:CISCO路由器IOS升级方法总结
CISCO路由器IOS升级方法总结
前不久,朋友在对一台带语音模快的CISCO2610进行IOS升级时,由于路由器的内存(flash)为8M,IOS软件为7M多,升级后路由器无法正常启动。启动后到rommon 1 >状态,请求帮助。由于本人长期从事计算机网络管理工作,在对CISCO路由器的长期日常维护和管理实践中积累了一定的经验。现总结归纳出CISCO路由器IOS映像升级的几种方法,供广大网络爱好者或同仁参考。在介绍CISCO路由器IOS升级方法前,有必要对Cisco路由器的存储器的相关知识作以简单介绍。路由器与计算机相似,它也有内存和操作系统。在Cisco路由器中,其操作系统叫做互连网操作系统(Internetwork Operating System),常简称为IOS.路由器的存储器主要有:
ROM:只读存储器包含路由器正在使用的IOS的一份副本;
RAM:IOS将随机访问存储器分成共享和主存。主要用来存储运行中的路由器配置和与路由协议有关的IOS数据结构;
FLASH(闪存):用来存储IOS软件映像文件,闪存是可以擦除内存,它能够用IOS的新版本覆写,IOS升级主要是闪存中的IOS映像文件进行更换。
NVRAM:非易失性随机访问存储器,用来存储系统的配置文件。
IOS升级方法一
在对能够正常启动的CISCO路由器的IOS进行升级时,比较简单。具体步骤如下:
1、寻找一种TFTP服务器软件(有CISCO公司的TFTPServer或3COM公司的3Cserver等,在升级较大IOS映象文件时,建议用3Cserver),安装在一台计算机上,将要升级的IOS映象文件拷贝到相关的目录中(例:D:),并运行TFTP服务器软件,通过菜单设置Root目录为拷贝IOS映象文件所在目录(如D:)。假设该计算机的IP地址为10.32.10.1;
2、连接路由器的console口与PC机的COM1(有文档说明),使用PC的超级终端软件访问路由器,将路由器的地址设为10.32.10.32(与计算机的IP地址同网段即可)。建议在进行IOS升级前将原有IOS文件备份下来,防止待升级的IOS文件存在问题不可用; 也可用Router#Show version)QUOTE:Router# dir flash:(查看目前IOS映象文件名,Directory of flash:/ 1-rw-5998292 C2600-I-MZ.122-11.BIN 8388608 bytes total(2390252 bytes free)
Router#copy flash tftp(备份IOS文件)Source filename []?c2600-i-mz.122-11.bin Address or name of remote host []? 10.32.10.1(指定TFTP服务器地址)
Destination filename [c2600-i-mz.122-11.bin]?
!!!!!!!!!!!!!!!!!!!!!
…
!!!!!!!!!!!!!!!!!!!!!
5998292 bytes copied in 324.071 secs(18509 bytes/sec)Router#
3、对路由器进行IOS升级;
QUOTE:Router#copy tftp flash Address or name of remote host []? 10.32.10.1(指定TFTP服务器地址)
Source filename []? c2600-i-mz.122-11.bin(需升级的新IOS映象文件名)
Destination filename [c2600-i-mz.122-11.bin]?
Do you want to over write? [confirm]
(确认)
Accessing tftp://10.32.10.1/c2600-i-mz.122-11.bin……
Erase flash: before copying? [confirm] Erasing the flash filesystem will remove all files!Continue? [confirm] Erasing device…… eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ……erasedee
Erase of flash: complete
:!!!!!!!Loading c2600-i-mz.122-11.bin from 10.32.10.1(via Ethernet0/0)!
!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!
[OKRestricted Rights clause at FAR sec.52.227-19 and subparagraph(c)(1)(ii)of the Rights in Technical Data and Computer Software clause at DFARS sec.252.227-7013.cisco Systems,Inc.170 West Tasman Drive San Jose,California 95134-1706 Cisco Internetwork Operating System Software,(11)IOS(tm)C2600 Software(C2600-I-M)Version 12.2T9,RELEASE SOFTWARE(fc1)
TAC Support: http://www.xiexiebang.com/tac
Copyright(c)1986-2003 by cisco Systems,Inc.Compiled Mon 23-Jun-03 15:42 by cmong Image text-base: 0x8000809C,data-base: 0x80A68B48 cisco 2610(MPC860)processor(revision 0x203)with 22528K/2048K bytes of memory Processor board ID JAD03483395(1128032249)
M860 processor: part number 0,mask 49 Bridging software.X.25 software,Version 3.0.0.1 Ethernet/IEEE 802.3 interface(s)
Serial(sync/async)network interface(s)
32K bytes of non-volatile configuration memory.8192K bytes of processor board System flash(Read/Write)
Press RETURN to get started!
*Mar 1 00:00:05.652: %PA-2-UNDEFPA: Undefined Port Adaptor type 100 in bay 1 *Mar 1 00:00:07.996: %LINK-3-UPDOWN: Interface Ethernet0/0,changed state to up *Mar 1 00:00:07.996: %LINK-3-UPDOWN: Interface Serial0/0,changed state to down *Mar 1 00:00:07.996: %LINK-3-UPDOWN: Interface Serial0/1,changed state to down *Mar 1 00:00:09.142: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,changed state to up *Mar 1 00:00:09.142: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,changed state to down *Mar 1 00:00:09.142: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,changed state to down *Mar 1 00:00:09.458: %SYS-5-CONFIG_I: Configured from memory by console *Mar 1 00:00:11.245: %LINK-5-CHANGED: Interface Serial0/1,changed state to administratively down *Mar 1 00:00:12.275: %SYS-5-RESTART: System restarted ——Cisco Internetwork Operating System Software,(11)IOS(tm)C2600 Software(C2600-I-M)Version 12.2T9,RELEASE SOFTWARE(fc1)
TAC Support: http://www.xiexiebang.com/tac
Copyright(c)1986-2003 by cisco Systems,Inc.Compiled Mon 23-Jun-03 15:42 by cmong *Mar 1 00:00:12.279: %SNMP-5-COLDSTART: SNMP agent on host NE16 is undergoing a cold start Router采用这种方法时,由于使用console口来传送,速率为9600bps,需要时间较长。因此可修改console口速率利用xmodem命令实现快速升级IOS.具体方法如下:
QUOTE:rommon 1 > confreg 回车
Configuration Summary enabled are:
load rom after netboot fails console baud: 9600
原始的速率9600bps boot: image specified by the boot system commands or default to: cisco2-C2600 do you wish to change the configuration? y/n [n]: y(选择 yes)
enable “diagnostic mode”? y/n [n]: n(选择 no)
enable “use net in IP bcast address”? y/n [n]: n(选择 no)
disable “load rom after netboot fails”? y/n [n]: n(选择 no)
enable “use all zero broadcast”? y/n [n]: n(选择 no)
enable “break/abort has effect”? y/n [n]: n(选择 no)
enable “ignore system config info”? y/n [n]: n(选择 no)
change console baud rate? y/n [n]: y(选择 yes)
enter rate: 0 = 9600,1 = 4800,2 = 1200,3 = 2400 4 = 19200,5 = 38400,6 = 57600,7 = 115200 [0]: 7(选择 7,用最大的11520 速率的xmodem传输)
change the boot characteristics? y/n [n]: n(选择 no)
Configuration Summary enabled are:
load rom after netboot fails console baud: 115200 boot: image specified by the boot system commands or default to: cisco2-C2600 do you wish to change the configuration? y/n [n]: n(选择 no)
You must reset or power cycle for new config to take effect rommon 2 > reset 回车注意:在按reset键前,需要修改串口速度(我的电脑——端口属性——串口速度调为115200),然后再修改超级终端里设置速率为115200,记住,一定要这么做,否则会出现乱码!然后关闭这个超级终端,重新建立一个超级终端连接,重新启动系统后,出现
QUOTE:rommon 1> 提示符然后,输入
QUOTE:rommon 1> xmodem-r
Do not start the sending program yet……
Invoke this application only for disaster recovery.Do you wish to continue? y/n [n]: y(选择 yes)
Ready to receive file ……
此时,在超级终端的菜单上的“传送”——“发送文件”——选择IOS映像文件所在地以及选择使用“xmodem”协议,点击“发送”即可。等待10-20分钟左右就可升级完3-6M的IOS文件!待升级完成后,请记住修改回计算机串口与超级终端、路由器confreg下的xmodem等传输速率为9600bps.方法如下:
QUOTE:Router>en 进入新IOS的特权模式
Router#reload 重启系统
Proceed with reload? [confirm] 回车
00:01:04: %SYS-5-RELOAD: Reload requested System Bootstrap,Version 11.3(2)XA4,RELEASE SOFTWARE(fc1)
Copyright(c)1999 by cisco Systems,Inc.TAC:Home:SW:IOS:Specials for info PC = 0xfff0a530,Vector = 0x500,SP = 0x680127b0 C2600 platform with 24576 Kbytes of main memory PC = 0xfff0a530,Vector = 0x500,SP = 0x80004684 monitor: command “boot” aborted due to user interrupt 30秒内按ctrl+break键 rommon 1 > confreg(输入“confreg”命令)
Configuration Summary enabled are:
load rom after netboot fails console baud: 115200
boot: image specified by the boot system commands or default to: cisco2-C2600 do you wish to change the configuration? y/n [n]: y(选择 yes)
enable “diagnostic mode”? y/n [n]: n(选择 no)
enable “use nn IP bcast address”? y/n [n]: n(选择 no)
disable “load rom after netboot fails”? y/n [n]: n(选择 no)
enable “use all zero broadcast”? y/n [n]: n(选择 no)
enable “break/abort has effect”? y/n [n]: n(选择 no)
enable “ignore system config info”? y/n [n]: n(选择 no)
change console baud rate? y/n [n]: y(选择 yes)
enter rate: 0 = 9600,1 = 4800,2 = 1200,3 = 2400 4 = 19200,5 = 38400,6 = 57600,7 = 115200 [7]: 0(选择 0,改回用标准速率速率9600的xmodem传输)
change the boot characteristics? y/n [n]: n(选择 no)
Configuration Summary enabled are:
load rom after netboot fails console baud: 9600 boot: image specified by the boot system commands or default to: cisco2-C2600 do you wish to change the configuration? y/n [n]: n You must reset or power cycle for new config to take effect rommon 2 > 此时手工改回计算机串口与超级终端2者传输速率为9600 然后敲入:
QUOTE:rommon 2 >reset
最好关掉电源后,重新启动。利用xmodem命令实现路由器IOS升级速度较慢,往往等上很长时间,为了快速升级,可以采用下列方法。
(二)通过tftpdnld命令升级IOS,具体步骤如下:
1、用Cisco原配的线缆连接路由器的console口与PC机的COM1,使用PC机的超级终端软件访问路由器;用一根双绞线连接路由器的eth0/0口与PC机的网卡。
2、将路由器的eth0/0口IP地址设为10.32.10.32;PC机的IP地址设为10.32.10.1.将要升级的IOS映象文件拷贝到相关的目录中,并运行TFTP服务器软件,通过菜单设置Root目录为拷贝IOS映象文件所在目录。
3、通过set 命令查看配置参数
QUOTE:rommon 2 > set PS1=rommon!> BOOT= BSI=0 RET_2_RTS= ?=0
4、在 rommon 状态下输入:(注意大小写)
QUOTE:rommon 3 >IP_ADDRESS=10.32.10.1(路由器的ip地址)
rommon 4 >IP_SUBNET_MASK=255.255.255.0(路由器的掩码)
rommon 5 >DEFAULT_GATEWAY=10.32.10.32(缺省网关,是pc机的ip地址)rommon 6 >TFTP_SERVER=10.32.10.32(是pc机的ip地址)
rommon 7 >TFTP_FILE=C2600-I-MZ.122-11.BIN(上传ios文件的名称)
rommon 8>sync(保存参数配置)
rommon 9 >set(查看)
PS1=rommon!> BOOT= IP_ADDRESS=10.32.10.1 IP_SUBNET_MASK=255.255.255.0 DEFAULT_GATEWAY=10.32.10.32 TFTP_SERVER=10.32.10.32 TFTP_FILE=C2600-I-MZ.122-11.BIN BSI=0 RET_2_RTS= ?=0 rommon 10 >tftpdnld执行tftpdnld命令进行ios升级,有时可能会报错或命令不执行,这时只要用sync命令保存配置后,重新启动路由器(最好关掉电源再开机)后,再执行tftpdnld命令就可以了。
QUOTE:rommon 10 >tftpdnld(传送文件)出现提示选择y IP_ADDRESS: 10.32.10.1 IP_SUBNET_MASK: 255.255.255.0 DEFAULT_GATEWAY: 10.32.10.32 TFTP_SERVER: 10.32.10.32 TFTP_FILE: C2600-I-MZ.122-11.BIN Invoke this command for disaster recovery only.WARNING: all existing data in all partitions on flash will be lost!Do you wish to continue? y/n: [n]:
y
!!!!!!!!!!!!!!!Receiving C2600-I-MZ.122-11.BIN from 10.32.10.32!
!!!!!!!!!!!!!!!!!!!!
…
!!!!!!!!!!!!!!!!!!!!!
File reception completed.Copying file C2600-I-MZ.122-11.BIN to flash.Erasing flash at 0x607c0000 program flash location 0x605b0000 rommon 11> 在rommon 11>提示符下键入reset,或重新启动路由器(power-cycle),进入正常引导状态,即:
rommon 11 >reset 笔者在Cisco2500、2600、7200等系列路由器上均实际操作过,以上为在Cisco2610路由器上实际操作捕获或截屏,所配地址只是特例,大家可根据实际需要予以修改。最后建议:大家在作正常路由器系统升级时,为防止不正确操作等引起的升级失败,请先把路由器原有的系统备份下来。
第二篇:路由器IOS升级方法总结
IOS升级方法一
在对能够正常启动的CISCO路由器的IOS进行升级时,比较简单。具体步骤如下:
1、寻找一种TFTP服务器软件(有CISCO公司的TFTPServer或3COM公司的3Cserver等,在升级较大IOS映象文件时,建议用3Cserver),安装在一台计算机上,将要升级的IOS映象文件拷贝到相关的目录中(例:D:),并运行TFTP服务器软件,通过菜单设置Root目录为拷贝IOS映象文件所在目录(如D:)。假设该计算机的IP地址为10.32.10.1;
2、连接路由器的console口与PC机的COM1,使用PC的超级终端软件访问路由器,将路由器的地址设为10.32.10.32(与计算机的IP地址同网段即可)。建议在进行IOS升级前将原有IOS文件备份下来,防止待升级的IOS文件存在问题不可用;
QUOTE: Router# dir flash:(查看目前IOS映象文件名,也可用Router#Show version)
Directory of flash:/
1-rw-5998292 C2600-I-MZ.122-11.BIN
8388608 bytes total(2390252 bytes free)
Router#copy flash tftp(备份IOS文件)
Source filename []?c2600-i-mz.122-11.bin
Address or name of remote host []? 10.32.10.1(TFTP服务器地址)Destination filename [c2600-i-mz.122-11.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!„
!!!!!!!!!!!!!!!!!!!!!!!!!!!
5998292 bytes copied in 324.071 secs(18509 bytes/sec)
Router#
3、对路由器进行IOS升级;
QUOTE: Router#copy tftp flash
Address or name of remote host []? 10.32.10.1(TFTP服务器地址)
Source filename []? c2600-i-mz.122-11.bin(需升级的新IOS映象文件名)
Destination filename [c2600-i-mz.122-11.bin]?
Do you want to over write? [confirm]
Accessing tftp://10.32.10.1/c2600-i-mz.122-11.bin...Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files!Continue? [confirm]
Erasing device...eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee...erasedee
Erase of flash: complete
Loading c2600-i-mz.122-11.bin from 10.32.10.1(via Ethernet0/0):!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!„
!!!!!!!!!!!!!!!!!!!
[OKRestricted
Rights clause at FAR sec.52.227-19 and subparagraph
(c)(1)(ii)of the Rights in Technical Data and Computer
Software clause at DFARS sec.252.227-7013.cisco Systems, Inc.170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS(tm)C2600 Software(C2600-I-M), Version 12.2(11)T9, RELEASE SOFTWARE(fc1)
TAC Support: http://www.xiexiebang.com/tac
Copyright(c)1986-2003 by cisco Systems, Inc.Compiled Mon 23-Jun-03 15:42 by cmong
Image text-base: 0x8000809C, data-base: 0x80A68B48
cisco 2610(MPC860)processor(revision 0x203)with 22528K/2048K bytes of memory
Processor board ID JAD03483395(1128032249)
M860 processor: part number 0, mask 49
Bridging software.X.25 software, Version 3.0.0.1 Ethernet/IEEE 802.3 interface(s)
Serial(sync/async)network interface(s)
32K bytes of non-volatile configuration memory.8192K bytes of processor board System flash(Read/Write)
Press RETURN to get started!
*Mar 1 00:00:05.652: %PA-2-UNDEFPA: Undefined Port Adaptor type 100 in bay 1
*Mar 1 00:00:07.996: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Mar 1 00:00:07.996: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
*Mar 1 00:00:07.996: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
*Mar 1 00:00:09.142: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up
*Mar 1 00:00:09.142: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down
*Mar 1 00:00:09.142: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
*Mar 1 00:00:09.458: %SYS-5-CONFIG_I: Configured from memory by console
*Mar 1 00:00:11.245: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down
*Mar 1 00:00:12.275: %SYS-5-RESTART: System restarted--Cisco Internetwork Operating System Software
IOS(tm)C2600 Software(C2600-I-M), Version 12.2(11)T9, RELEASE SOFTWARE(fc1)
TAC Support: http://www.xiexiebang.com/tac
Copyright(c)1986-2003 by cisco Systems, Inc.Compiled Mon 23-Jun-03 15:42 by cmong
*Mar 1 00:00:12.279: %SNMP-5-COLDSTART: SNMP agent on host NE16 is undergoing a cold start
Router> 采用这种方法时,由于使用console口来传送,速率为9600bps,需要时间较长。因此可修改console口速率利用xmodem命令实现快速升级IOS。具体方法如下:
QUOTE: rommon 1 > confreg 回车
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]: y(选择 yes)
enable “diagnostic mode”? y/n [n]: n(选择 no)
enable “use net in IP bcast address”? y/n [n]: n(选择 no)
disable “load rom after netboot fails”? y/n [n]: n(选择 no)
enable “use all zero broadcast”? y/n [n]: n(选择 no)
enable “break/abort has effect”? y/n [n]: n(选择 no)
enable “ignore system config info”? y/n [n]: n(选择 no)
change console baud rate? y/n [n]: y(选择 yes)
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
= 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 7(选择 7,用最大的11520
速率的xmodem传输)
change the boot characteristics? y/n [n]: n(选择 no)
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 115200
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]: n(选择 no)
You must reset or power cycle for new config to take effect
rommon 2 > reset 回车
注意:在按reset键前,需要修改串口速度(我的电脑---端口属性----串口速度调为115200),然后再修改超级终端里设置速率为115200,记住,一定要这么做,否则会出现乱码!然后关闭这个超级终端,重新建立一个超级终端连接,重新启动系统后,出现 QUOTE: rommon 1> 提示符
然后,输入
QUOTE: rommon 1> xmodem-r
Do not start the sending program yet...Invoke this application only for disaster recovery.Do you wish to continue? y/n [n]: y(选择 yes)
Ready to receive file...此时,在超级终端的菜单上的“传送”---“发送文件”----选择IOS映像文件所在地以及选择使用“xmodem”协议,点击“发送”即可。等待10-20分钟左右就可升级完3-6M的IOS文件!待升级完成后,请记住修改回计算机串口与超级终端、路由器confreg下的xmodem等传输速率为9600bps。
方法如下:
QUOTE: Router>en 进入新IOS的特权模式
Router#reload 重启系统
Proceed with reload? [confirm] 回车
00:01:04: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE(fc1)
Copyright(c)1999 by cisco Systems, Inc.TAC:Home:SW:IOS:Specials for info
PC = 0xfff0a530, Vector = 0x500, SP = 0x680127b0
C2600 platform with 24576 Kbytes of main memory
PC = 0xfff0a530, Vector = 0x500, SP = 0x80004684
monitor: command “boot” aborted due to user interrupt 30秒内按ctrl+break键
rommon 1 > confreg(输入“confreg”命令)
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 115200
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]: y(选择 yes)
enable “diagnostic mode”? y/n [n]: n(选择 no)
enable “use nn IP bcast address”? y/n [n]: n(选择 no)
disable “load rom after netboot fails”? y/n [n]: n(选择 no)
enable “use all zero broadcast”? y/n [n]: n(选择 no)
enable “break/abort has effect”? y/n [n]: n(选择 no)
enable “ignore system config info”? y/n [n]: n(选择 no)
change console baud rate? y/n [n]: y(选择 yes)
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
= 19200, 5 = 38400, 6 = 57600, 7 = 115200 [7]: 0(选择 0,改回用标准速率速率9600的xmodem传输)
change the boot characteristics? y/n [n]: n(选择 no)
Configuration Summary
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-C2600
do you wish to change the configuration? y/n [n]: n You must reset or power cycle for new config to take effect
rommon 2 > 此时手工改回计算机串口与超级终端2者传输速率为9600
然后敲入
QUOTE: rommon 2 >reset 最好关掉电源后,重新启动。利用xmodem命令实现路由器IOS升级速度较慢,往往等上很长时间,为了快速升级,可以采用下列方法。
二)通过tftpdnld命令升级IOS,具体步骤如下:
1、用Cisco原配的线缆连接路由器的console口与PC机的COM1,使用PC机的超级终端软件访问路由器;用一根双绞线连接路由器的eth0/0口与PC机的网卡。
2、将路由器的eth0/0口IP地址设为10.32.10.32;PC机的IP地址设为10.32.10.1。将要升级的IOS映象文件拷贝到相关的目录中,并运行TFTP服务器软件,通过菜单设置Root目录为拷贝IOS映象文件所在目录。
3、通过set 命令查看配置参数
QUOTE: rommon 2 > set
PS1=rommon!>
BOOT=
BSI=0
RET_2_RTS=
?=0
4、在 rommon 状态下输入:(注意大小写)QUOTE: rommon 3 >IP_ADDRESS=10.32.10.1(路由器的ip地址)
rommon 4 >IP_SUBNET_MASK=255.255.255.0(路由器的掩码)
rommon 5 >DEFAULT_GATEWAY=10.32.10.32(缺省网关,是pc机的ip地址)
rommon 6 >TFTP_SERVER=10.32.10.32(是pc机的ip地址)
rommon 7 >TFTP_FILE=C2600-I-MZ.122-11.BIN(上传ios文件的名称)
rommon 8>sync(保存参数配置)
rommon 9 >set(查看)
rommon 10 > set
PS1=rommon!>
BOOT=
IP_ADDRESS=10.32.10.1
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=10.32.10.32
TFTP_SERVER=10.32.10.32
TFTP_FILE=C2600-I-MZ.122-11.BIN
BSI=0
RET_2_RTS=
?=0
rommon 11 >tftpdnld 执行tftpdnld命令进行ios升级,有时可能会报错或命令不执行,这时只要用sync命令保存配置后,重新启动路由器(最好关掉电源再开机)后,再执行tftpdnld命令就可以了。QUOTE: rommon 11 >tftpdnld(传送文件)出现提示选择y
IP_ADDRESS: 10.32.10.1
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.32.10.32
TFTP_SERVER: 10.32.10.32
TFTP_FILE: C2600-I-MZ.122-11.BIN
Invoke this command for disaster recovery only.WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y
Receiving C2600-I-MZ.122-11.BIN from 10.32.10.32!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
„
!!!!!!!!!!!!!!!!!!!!!
File reception completed.Copying file C2600-I-MZ.122-11.BIN to flash.Erasing flash at 0x607c0000
program flash location 0x605b0000
rommon 13 >
在rommon 13 >提示符下键入reset,或重新启动路由器(power-cycle),进入正常引导状态,即:
Router> 笔者在Cisco2500、2600、7200等系列路由器上均实际操作过,以上为在Cisco2610路由器上实际操作捕获或截屏,所配地址只是特例,大家可根据实际需要予以修改。最后建议:大家在作正常路由器系统升级时,为防止不正确操作等引起的升级失败,请先把路由器原有的系统备份下来。
第三篇:路由器IOS升级方法总结
路由器IOS升级方法总结
本人长期从事计算机网络管理工作,在对CISCO路由器的长期日常维护和管理实践中积累了一定的经验。现总结归纳出CISCO路由器IOS映像升级的几种方法,供广大网络爱好者或同仁参考。在介绍CISCO路由器IOS升级方法前,有必要对Cisco路由器的存储器的相关知识作以简单介绍。路由器与计算机相似,它也有内存和操作系统。在Cisco路 由器中,其操作系统叫做互连网操作系统(Internetwork Operating System),常简称为IOS。路由器的存储器主要有: ROM:只读存储器包含路由器正在使用的IOS的一份副本;
RAM:IOS将随机访问存储器分成共享和主存。主要用来存储运行中的路由器配置和与路由协议有关的IOS数据结构;
FLASH(闪存):用来存储IOS软件映像文件,闪存是可以擦除内存,它能够用IOS的新版本覆写,IOS升级主要是闪存中的IOS映像文件进行更换。NVRAM:非易失性随机访问存储器,用来存储系统的配置文件。
IOS升级方法一
在对能够正常启动的CISCO路由器的IOS进行升级时,比较简单。具体步骤如下:
1、寻找一种TFTP服务器软件(有CISCO公司的TFTPServer或3COM公司的3Cserver等,在升级较大IOS映象文件时,建议用3Cserver),安装在一台计算机上,将要升级的IOS映象文件拷贝到相关的目录中(例:D:),并运行TFTP服务器软件,通过菜单设置Root目录为拷贝IOS映象文件所在目录(如D:)。假设该计算机的IP地址为10.32.10.1;
2、连接路由器的console口与PC机的COM1,使用PC的超级终端软件访问路由器,将路由器的地址设为10.32.10.32(与计算机的IP地址同网段即可)。建议在进行IOS升级前将原有IOS文件备份下来,防止待升级的IOS文件存在问题不可用; QUOTE: Router# dir flash:(查看目前IOS映象文件名,也可用Router#Show version)
Directory of flash:/
1-rw-5998292 C2600-I-MZ.122-11.BIN
8388608 bytes total(2390252 bytes free)
Router#copy flash tftp(备份IOS文件)
Source filename []?c2600-i-mz.122-11.bin
Address or name of remote host []? 10.32.10.1(TFTP服务器地址)
Destination filename [c2600-i-mz.122-11.bin]?
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
…
!!!!!!!!!!!!!!!!!!!!!!!!!!!
5998292 bytes copied in 324.071 secs(18509 bytes/sec)
Router#
3、对路由器进行IOS升级; QUOTE: Router#copy tftp flash
Address or name of remote host []? 10.32.10.1(TFTP服务器地址)
Source filename []? c2600-i-mz.122-11.bin(需升级的新IOS映象文件名)
Destination filename [c2600-i-mz.122-11.bin]?
Do you want to over write? [confirm]
Accessing tftp://10.32.10.1/c2600-i-mz.122-11.bin...Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files!Continue? [confirm]
Erasing device...eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee...erasedee
Erase of flash: complete
Loading c2600-i-mz.122-11.bin from 10.32.10.1(via Ethernet0/0):!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
…
!!!!!!!!!!!!!!!!!!!
[OK-5998292 bytes]
Verifying checksum...OK(0xA0C0)
5998292 bytes copied in 318.282 secs(18846 bytes/sec)
Router# IOS升级方法二
由于升级失败后或者路由器的config-register寄存器值为0x2101时,开启路由器时、或者在开启(某些型号)Cisco路由器的电源开关后30秒内按下Ctrl+break键,中断路由器的正常启动,路由器都会进入rom监视模式,即Router(boot)>,在这种情形下,对路由器的IOS进行升级,也比较简单。首先进入特权模式下,即
QUOTE: Router(boot)>en
Router(boot)# 其他升级步骤同方法一,即:执行copy tftp flash命令,对IOS进行升级。升级完成后,不要忘了修改config-register寄存器值为0x2102(恢复正常值)。QUOTE: Router(boot)# t
Router(boot)(config)# config-register 0x2102
Router(boot)(config)#exit
Router(boot)#wr
Router(boot)#reload
重启即可。
第四篇:cisco 路由器 EZvpn 总结
实验拓扑图:
PC2192.168.150.2/24分支机构PC1192.168.100.0/24E0/3:.1R1192.168.100.2/24192.168.1.0/24E0/0:.1公司总部192.168.150.0/24192.168.2.0/24E0/3:.1E0/1:.2E0/0:.1E0/1:.2192.168.200.0/24E0/3:.1PC3R2R3192.168.200.2/24
实现目标
分支机构为不固定IP地址,分支机构和公司总部实现VPN互联。分支机构能够获取公司总部的网络资源。
基本配置:
EZvpn network-extension 模式 R1基本配置: R1# R1#show run
Building configuration...Current configuration : 1010 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R1!boot-start-marker boot-end-marker!noaaa new-model memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!!!interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex!interface Ethernet0/1 noip address shutdown half-duplex!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.100.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.2!ipnat inside source list 1 interface Ethernet0/0 overload!access-list 1 permit any!!control-plane!!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4 login!end
R1#
R2的基本配置: R2# R2#show run
Building configuration...Current configuration : 825 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R2!boot-start-marker boot-end-marker!noaaa new-model memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!!!interface Ethernet0/0 ip address 192.168.2.1 255.255.255.0 half-duplex!interface Ethernet0/1 ip address 192.168.1.2 255.255.255.0 half-duplex!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.150.1 255.255.255.0 half-duplex!ip http server noip http secure-server!ip forward-protocol nd!!
!control-plane!!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4 login!end R2#
R3的基本配置: R3# *Mar 1 00:13:56.891: %SYS-5-CONFIG_I: Configured from console by console R3# R3#show run Building configuration...Current configuration : 1010 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R3!boot-start-marker boot-end-marker!noaaa new-model memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!!!interface Ethernet0/0 noip address shutdown half-duplex!interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.200.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1!ipnat inside source list 1 interface Ethernet0/1 overload!access-list 1 permit any!!control-plane!!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4 login!end
联通性测试: 在R1上测试:
在R3上测试:
在PC1上测试
在PC2上测试
在PC3上测试
设定公司总部R3为Ezvpn Server,则R3上配置如下 R3# R3#show run
Building configuration...Current configuration : 1505 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R3!boot-start-marker boot-end-marker!aaa new-model!aaa authorization network ezvpnauthor local!aaa session-id common memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!
!cryptoisakmp policy 1 authentication pre-share group 2!cryptoisakmp client configuration group group1 key cisco!cryptoipsec transform-set mysetesp-des esp-md5-hmac!crypto dynamic-map dymap 1 set transform-set myset reverse-route!crypto map vpnmapisakmp authorization list ezvpnauthor crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic dymap!!
interface Ethernet0/0 noip address shutdown half-duplex!interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex crypto map vpnmap!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.200.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!
ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1!ipnat inside source list 1 interface Ethernet0/1 overload!access-list 1 permit any!!control-plane!!!!!
line con 0 exec-timeout 0 0 line aux 0 linevty 0 4!End
公司分部R1为remote角色,在Ezvpn Remote 上面配置 R1# R1#sho run
Building configuration...Current configuration : 1244 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R1!boot-start-marker boot-end-marker!noaaa new-model memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!!!!
cryptoipsec client ezvpn client1 connect auto group group1 key cisco mode network-extension peer 192.168.2.2 xauthuserid mode interactive!!!interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex cryptoipsec client ezvpn client1!interface Ethernet0/1 noip address shutdown half-duplex!
interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.100.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex cryptoipsec client ezvpn client1 inside!ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.2!ipnat inside source list 1 interface Ethernet0/0 overload!access-list 1 permit any!
!control-plane!!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4 login!end
R1#
查看R1的vpn状态
在PC1上测试
我们发现,vpn隧道虽然建立起来了,但是,外网和总部内网都ping不通了。这是由于PC1的数据都经由隧道了,包括访问公网的数据包,都被导入隧道中。我们将隧道进行分离,让访问公网的数据能正常被NAT成R1的公网地址。
R3#
show run Building configuration...Current configuration : 1568 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R3!boot-start-marker boot-end-marker!aaa new-model!aaa authorization network ezvpnauthor local!aaa session-id common memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!
!cryptoisakmp policy 1 authentication pre-share group 2!cryptoisakmp client configuration group group1 key cisco acl 100!cryptoipsec transform-set mysetesp-des esp-md5-hmac!crypto dynamic-map dymap 1 set transform-set myset reverse-route!crypto map vpnmapisakmp authorization list ezvpnauthor crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic dymap!!
!interface Ethernet0/0 noip address shutdown half-duplex!interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex crypto map vpnmap!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.200.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1!ipnat inside source list 1 interface Ethernet0/1 overload!access-list 1 permit any access-list 100 permit ip 192.168.200.0 0.0.0.255 any!!control-plane!!!!
!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4!end
R3#
在R1上重建VPN
在R1上查看Vpn状态,我们发现,隧道被成功分离,只有去往192.168.200.0/24的数据才会经由隧道。
这个时候,我们在PC1上进行测试
发现,可以正常访问公网,但是还不能访问vpn对端内网,怎么回事呢?我们查看R3的NAT表。
在R3上面查看NAT表
发现,R3内网192.168.200.2机器icmp reply 全部被NAT成R3的公网接口192.168.2.2地址了。
在R3上修正NAT问题 R3# R3#show run Building configuration...Current configuration : 1678 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R3!boot-start-marker boot-end-marker!aaa new-model!aaa authorization network ezvpnauthor local!aaa session-id common memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!
!cryptoisakmp policy 1 authentication pre-share group 2!cryptoisakmp client configuration group group1 key cisco acl 100!cryptoipsec transform-set mysetesp-des esp-md5-hmac!crypto dynamic-map dymap 1 set transform-set myset reverse-route!crypto map vpnmapisakmp authorization list ezvpnauthor crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic dymap!!
!interface Ethernet0/0 noip address shutdown half-duplex!interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex crypto map vpnmap!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.200.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1!ipnat inside source list 111 interface Ethernet0/1 overload!access-list 1 permit any access-list 100 permit ip 192.168.200.0 0.0.0.255 any access-list 111 deny
ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 111 permit ip any any!!control-plane!!!
!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4!end
R3#
我们通过ACL,先限制源地址192.168.200.0去往192.168.100.0地址进行NAT转换,然后允许其它流量转换。在PC1上重新测试
在PC3上进行测试
OK,VPN实现成功,总部和分支机构内部访问外网和对端网络都正常。
Ezvpn Client模式 R3上配置 R3# R3#show run
Building configuration...Current configuration : 1811 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R3!boot-start-marker boot-end-marker!aaa new-model!aaa authorization network ezvpnauthor local!aaa session-id common memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!
!cryptoisakmp policy 1 authentication pre-share group 2!cryptoisakmp client configuration group group1 key cisco poolezvpnpool acl 100!cryptoipsec transform-set set1 esp-des esp-md5-hmac!crypto dynamic-map dymap 1 set transform-set set1 reverse-route!crypto map vpnmapisakmp authorization list ezvpnauthor crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic dymap!
!interface Ethernet0/0 noip address shutdown half-duplex!interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex crypto map vpnmap!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.200.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!ip local pool ezvpnpool 10.10.10.1 10.10.10.100 ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1!ipnat inside source list 111 interface Ethernet0/1 overload!access-list 1 permit any access-list 100 permit ip 192.168.200.0 0.0.0.255 any access-list 111 deny
ip 192.168.200.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 111 deny
ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 111 permit ip any any!!control-plane!!
!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4!end
R3#
R1上的配置 R1#show run
Building configuration...Current configuration : 1396 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R1!boot-start-marker boot-end-marker!noaaa new-model memory-sizeiomem 5!ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!!!!!
cryptoipsec client ezvpn client1 connect auto group group1 key cisco mode client peer 192.168.2.2 xauthuserid mode interactive cryptoipsec client ezvpn client connect auto mode network-extension xauthuserid mode interactive!!!interface Loopback0 ip address 10.10.10.1 255.255.255.255!interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex cryptoipsec client ezvpn client1!interface Ethernet0/1 noip address shutdown half-duplex!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.100.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex cryptoipsec client ezvpn client1 inside!ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.2!ipnat inside source list 1 interface Ethernet0/0 overload!access-list 1 permit any!!control-plane!!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4 login!end
R1#
在R1上查看vpn状态
我们看到,当R1为client模式的时候,它将获取地址池中的一个地址,为10.10.10.7,所有vpn流量,都会用这个地址进行nat转换。我们看R1上的show ipnat translation
在R1上测试网络连通性
在R3上测试联通性
由于R1内部机器地址都会被NAT成10.10.10.7,所以,对于R3内部用户来说是不可访问的。
配置xauth认证 R3的配置 R3# R3#show run
Building configuration...Current configuration : 1941 bytes!version 12.4 service timestamps debug datetimemsec service timestamps log datetimemsec no service password-encryption!hostname R3!boot-start-marker boot-end-marker!aaa new-model!aaa authentication login ezvpnlogin local aaa authorization network ezvpnauthor local!aaa session-id common memory-sizeiomem 5!
ipcef noip domain lookup!ipauth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3!!!!!!!!username cisco password 0 cisco!
!!cryptoisakmp policy 1 authentication pre-share group 2!cryptoisakmp client configuration group group1 key cisco poolezvpnpool acl 100!cryptoipsec transform-set set1 esp-des esp-md5-hmac!crypto dynamic-map dymap 1 set transform-set set1 reverse-route!crypto map vpnmap client authentication list ezvpnlogin crypto map vpnmapisakmp authorization list ezvpnauthor crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic dymap!!interface Ethernet0/0 noip address shutdown half-duplex!interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ipnat outside ip virtual-reassembly half-duplex crypto map vpnmap!interface Ethernet0/2 noip address shutdown half-duplex!interface Ethernet0/3 ip address 192.168.200.1 255.255.255.0 ipnat inside ip virtual-reassembly half-duplex!ip local pool ezvpnpool 10.10.10.1 10.10.10.100 ip http server noip http secure-server!ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.2.1!ipnat inside source list 111 interface Ethernet0/1 overload!access-list 1 permit any access-list 100 permit ip 192.168.200.0 0.0.0.255 any access-list 111 deny
ip 192.168.200.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 111 deny
ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 111 permit ip any any!!control-plane!!!!!line con 0 exec-timeout 0 0 line aux 0 linevty 0 4!end
R3#
R1上的过程
提示输入crypto ipsec client ezvpnxauth,并输入用户名和密码,VPN则认证成功。另外,cisco VPN Clint 支持Ezvpn client模式。
新建连接信息如下图所示:
第五篇:路由器及IOS简介
路由器及IOS简介
1.路由器简介
(1)CPU:中央处理单元,和计算机一样,它是路由器的控制和运算部件。
(2)RAM/DRAM:内存,用于存储临时的运算结果,例如,路由表、arp表、快速交换缓存、缓冲数据包、数据队列,以及当前配置。众所周知,RAM中的数据在路由器断电后是丢失的。
(3)FLASH:可擦除、可编程的ROM,用于存放路由器的IOS,FLASH的课擦除特性允许我们更新、升级IOS。而不是更换路由器内部的芯片。路由器断电后,FLASH的内容不会丢失。当FLASH容量较大时,可以存放多个IOS版本。
(4)NVRAM:非易失性RAM,用于存放路由器的配置文件,路由器断电后,NVRAM中的内容仍然保持。
(5)ROM:只读存储器,存储了路由器的开机诊断程序、引导程序和特殊版本的IOS软件(用于诊断等有限用途),当ROM中软件升级时需要更换芯片。
2.IOS简介
路由器也有自己的操作系统,通常称为IOS(internetwork operating system)。和计算机上的Windows一样,IOS是路由器的灵魂,所有配置是通过IOS完成的。
图1“show”命令现实路由器的各种信息
图2配置文件的流动
ROM
FLASHTFTPROM
CONSOLE
图3路由器启动过程示意图