Xem mẫu
- Dưới đây là một qui trình nâng cấp, qui trình này chưa có phần cập nhật activation-
key.
Upgrading an Image from an Administrative Session
1. Make sure an image server is available.
The server should have the firewall image available for downloading, either by TFTP,
FTP, HTTP, or HTTPS.
2. Make sure you have sufficient space on the flash file system.
An ASA allows one or more image files as well as other files to be stored in flash, as long
as you have sufficient space to contain them all. When a new image or file is
downloaded, it is stored in flash with a specific filename. A file is overwritten only if an
existing file in flash has an identical filename. You can use the following command to
check the available (free) space in the flash memory:
Firewall# dir flash:/
For example, suppose a new firewall image is available on a server. The image file size is
4,995,512 bytes. First, the amount of free flash memory is checked, giving the following
output:
Firewall# dir flash:/
Directory of flash:/
6 -rw- 4976640 10:04:50 Nov 12 2004 image.bin
10 -rw- 1575 23:05:09 Sep 30 2004 old_running.cfg
12 -rw- 3134 23:30:24 Nov 08 2004 admin.cfg
13 -rw- 1401 14:12:31 Oct 20 2004 CustomerA.cfg
14 -rw- 2515 23:29:28 Nov 08 2004 border.cfg
17 -rw- 1961 13 22 Oct 25 2004 datacenter.cfg
23 -rw- 8596996 10:12:38 Nov 12 2004 asdm.bin
21 drw- 704 15:06:09 Nov 22 2004 syslog
32 -rw- 205 15:06:08 Nov 22 2004 stuff
16128000 bytes total (2466816 bytes free)
Firewall#
Clearly, 2,466,816 bytes free is insufficient to store the new image unless the existing
image (image.bin) is overwritten. On an FWSM or a PIX 6.3 platform, only one
operating system image and one PDM image can be stored in the flash file system at any
time. If a new image is downloaded, it automatically overwrites an existing image in
flash.
3. Make sure the firewall can reach the server:
- Firewall# ping [interface] ip-address
The server has IP address ip-address. The firewall should already have the necessary
routing information to reach the server. You can specify the firewall interface where the
server is located ("outside," for example) if the firewall cannot determine that directly.
For example, this firewall can reach the server at 192.168.254.2:
Firewall# ping 192.168.254.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/1/1 ms
Firewall#
4. (TFTP only) Identify a possible TFTP server:
Firewall(config)# tftp-server interface ip-address path
The TFTP server can be found at ip-address on the firewall interface named interface
(outside), for example. As of FWSM 3.1(1) and ASA 7.0(1), the interface parameter is
required. For prior releases, the firewall always assumes the inside interface is used for
TFTP. The only way to override this assumption is by specifying a firewall interface in
the tftp-server command. This interface is always used whenever files are copied to and
from a
TFTP server, even if the server address is different from the one configured with this
command.
The image files are stored in the path directory on the TFTP server. This path is relative
only to the TFTP process itself. For example, if the image files are stored in the topmost
TFTP directory (/tftpboot within the server's file system, for example), the path would
be /, or theroot of the TFTP directory tree.
The tftp-server command is optional because most of the TFTP parameters can be given
with the copy EXEC command when the image is downloaded.
5. Copy the image file from the server.
With any download method, the basic command syntax is:
Firewall# copy source flash:[image | pdm | filename]
- The image is downloaded and copied into flash memory as either an operating system
image or a pdm image. Only one of either image type can be stored in the firewall flash,
and their locations are automatically determined. In fact, PIX 6.3 restricts the image
transfer to these two file types.
ASA and FWSM platforms make use of their more flexible flash file systems. From the
system execution space, you can copy one or more image files into flash and then specify
which image the firewall should use. You can give the destination filename as an
arbitrary filename. You also can use the image or asdm keywords for backward
compatibility. In that case, the firewall uses the image filename configured with the boot
system or asdm image commands, respectively. Also, you can choose TFTP, FTP, or
HTTP as the copy method, as discussed in the following steps.
Use a TFTP server:
Firewall# copy tftp:[:[[//location][/pathname]] flash:
[image | pdm |
filename]
The image file is located on the TFTP server at location, which can be either a hostname
(already defined with a name command) or an IP address. The image file is referenced by
pathname, which can include any directory structure needed within TFTP, along with the
filename. (If the actual path name of the TFTP directory contains spaces, you should first
define the whole path name using the tftp-server command. Spaces are not allowed in the
pathname here.) If the location or pathname parameters are left out of this command, the
firewall prompts you for those values. If you add a colon after the tftp keyword, the
firewall picks up the remaining parameters configured with the tftp-server command.
For example, suppose a new operating system image named newimage.bin is located on
TFTP server 192.168.254.2. Recall that the firewall assumes that the TFTP server is
located on the inside interface by default. In this case, it is located on the outside
interface. You can download the new firewall image into flash memory using the
following commands:
Firewall# configure terminal
Firewall(config)# tftp-server outside 192.168.254.2 /
Firewall(config)# exit
Firewall# copy tftp://192.168.254.2/newimage.bin
flash:image
Address or name of remote host [192.168.254.2]?
Source filename [newimage.bin]?
Destination filename [image.bin]?
%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Accessing tftp://192.168.254.2/newimage.bin...!!!!!!!!!!!!!
[output omitted]
Writing file flash:/image.bin...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
4976640 bytes copied in 143.380 secs (34801 bytes/sec)
- Firewall#
nguon tai.lieu . vn
