Just got in a new Cisco ISR 4431 and needed to upgrade IOS-XE out of the box. Cisco has been nice enough to include a 1Gb USB flash drive with their new ISRs, making the software upgrade process a cinch. Here are the steps involved to install a new version of IOS-XE via USB drive.
- Download your chosen version of IOS-XE from cisco.com. Keep in mind there are often may different trains and revisions of code available.
- To help you decide which version of code is right for you, there’s the cisco IOS feature navigator found here.
- To help differentiate the different designations of code, i.e., MD, ED, GD, take a look here.
- Typically I opt for a gold star release, which are cisco recommended releases “based on software quality, stability and longevity.”
- Copy the downloaded image to your USB drive and insert it into the ISR
- Copy the IOS-XE image from the usb to the ISR’s bootflash
- Enter global configuration mode and set the ISR to boot from the new image
boot system flash bootflash:isr4400-universalk9.03.13.05.S.154-3.S5-ext.SPA.bin
- Verify the correct boot system parameters
- Save your configuration
copy running-config startup-config
- Reload the ISR
- When the device finishes reloading, verify that the device is running the correct version of IOS-XE
This type of software installation is referred to as a consolidated package. Cisco also supports the installation of individual packages from an IOS-XE image. To see Cisco’s full documentation for software configuration on an ISR 4400 as well as instructions for consolidated and individual package installs please see here.
I don’t know about you, but self-signed certificates seem to trigger my IT OCD. When possible, I like to replace self-signed certs with one signed by our Active Directory CA. Here are the steps involved to replace the self-signed certificate on Cisco’s FirePOWER Management Center/SourceFire Defense Center with one signed by your internal Active Directory Certificate Authority.
- In Defense Center, go to System -> Configuration -> HTTPS Certificate
- Click “Generate New CSR”
- Fill out the Certificate Signing Request information, paying attention to the common name field. The common name should match the address you use to access defense center, e.g., defensecenter.domain.org
- Click generate, and copy/paste the certificate request output to notepad
- Next, navigate to your Certificate Services website and click “Request a Certificate”
- Click “Submit an advanced certificate request”
- Under “Saved Request,”paste your certificate request output from earlier and select the Web Server certificate template. Click Submit
- Download your newly generated certificate (Base64 encoded) and open it with your text editor of choice
- Copy the output of your cert and go back to Defense Center. Navigate to System -> Configuration -> HTTPS Certificate
- Click Import HTTPS Certificate and paste your certificate information into “Server Certificate”
- Click “Save” and you should now see your new certificate installed.
- Reload Defense Center and you should now trust the web server (assuming of course you trust the root CA)
On Windows I love the lightweight and open source TFTPD32, but there may come a time when you find youself needing to transfer some files and all you have is your trusty mac.
Luckily there’s a built in tftp daemon that you can use in a pinch.
By default tftpd uses the following folder:
which is hidden in finder, but can be accessed by using “go to folder” or hitting Command+Shift+G and entering /private/tftpboot
To launch the daemon run the following commands:
sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist
sudo launchctl start com.apple.tftpd
Be sure Read/Write/eXecute permissions are set on the tftpboot folder and any files you wish to transfer:
sudo chmod 777 /private/tftpboot
sudo chmod 777 /private/tftpboot/*
If you’ll be transferring a file TO your TFTP server, the file will technically need to exist on the server beforehand so create it with touch. For example:
sudo touch /private/tftpboot/running-config
sudo chmod 777 /private/tftpboot/running-config
If you’d like a graphical front end for launching tftp then check out the great TftpServer.
Now go ahead and get transferring.
Recently picked up a new usb cable for connecting to my network devices and needed a refresher on connecting to the console.
After installing device drivers (if necessary) and connecting the cable to your mac, open up a terminal and list the contents of your dev directory, filtering for devices with usb in their name.
Find the proper tty device and use screen to open a connection on the port. You can specify the speed of 9600 but screen will use that value by default.
screen /dev/tty.usbmodem1421 9600
You should now find yourself on the console of your network device. To quit screen hold
control-a and then hit