My cisco 2950 came with an older IOS version 12.1, but more importantly, one that does not support encryption, and thus I cannot use SSH. I need to upgrade the code aka IOS Image on this switch to enable SSH. So here we go, I’ll be referencing the following guide : http://kb.promise.com/KnowledgebaseArticle10139.aspx throughout this how to article. Note: You should be in enable/privilege 15 mode for the duration of this article.
Existing version info
switch-2950-1.tuxlabs.com#show version Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(19)EA1c, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2004 by cisco Systems, Inc. Compiled Mon 02-Feb-04 23:29 by yenanh Image text-base: 0x80010000, data-base: 0x8058A000 ROM: Bootstrap program is C2950 boot loader switch-2950-1.tuxlabs.com uptime is 1 hour, 38 minutes System returned to ROM by power-on System image file is "flash:/c2950-i6q4l2-mz.121-19.EA1c.bin" cisco WS-C2950T-24 (RC32300) processor (revision P0) with 20808K bytes of memory. Processor board ID FOC0812T17M Last reset from system-reset Running Enhanced Image 24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:0F:8F:DB:4E:00 Motherboard assembly number: 73-6114-10 Power supply part number: 34-0965-01 Motherboard serial number: FOC0812243L Power supply serial number: DAB080842YJ Model revision number: P0 Motherboard revision number: A0 Model number: WS-C2950T-24 System serial number: FOC0812T17M Configuration register is 0xF switch-2950-1.tuxlabs.com#
Cisco Image & TFTP Server
I had to register for the Cisco site to download the latest image, with support for encryption. This is the image I will be installing : c2950-i6k2l2q4-mz.121-22.EA14.bin
After the image is downloaded, we need to configure the TFTP server. Mac OS X comes with tftpd automatically. You are going to want to place the imagine in /private/tftpboot. After you have copied the image there, make absolutely sure you update the permissions. Otherwise, your tftp request will timeout from your device.
➜ ~ sudo chmod 766 /private/tftpboot/* ➜ ~ ls -l /private/tftpboot total 7272 -rwxrw-rw-@ 1 root wheel 3722814 Sep 7 23:21 c2950-i6k2l2q4-mz.121-22.EA14.bin ➜ ~
After you update the permissions you are ready to start TFTP.
➜ ~ netstat -atp UDP | grep tftp ➜ ~ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid ➜ ~ netstat -atp UDP | grep tftp udp4 0 0 *.tftp *.* udp6 0 0 *.tftp *.* ➜ ~
Great TFTP is running. Now we are ready to request it from the Cisco switch, aka the client in this scenario.
Copy TFTP Flash
switch-2950-1.tuxlabs.com#copy tftp flash Address or name of remote host []? 192.168.1.123 Source filename []? c2950-i6k2l2q4-mz.121-22.EA14.bin Destination filename [c2950-i6k2l2q4-mz.121-22.EA14.bin]? Accessing tftp://192.168.1.123/c2950-i6k2l2q4-mz.121-22.EA14.bin... Loading c2950-i6k2l2q4-mz.121-22.EA14.bin from 192.168.1.123 (via Vlan1): !!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!O!OO!OO!OOOOO!OOOO! %Error copying flash:/c2950-i6k2l2q4-mz.121-22.EA14.bin (No space left on device) switch-2950-1.tuxlabs.com#
Uh oh shaggy ! I am out of space. After doing a ‘dir flash’ I saw that really I had no choice, but to delete my existing flash image to make room for the new one. Feels dangerous and scary, but luckily this is my lab environment 🙂
Deleting From Flash
switch-2950-1.tuxlabs.com#delete flash://c2950-i6q4l2-mz.121-19.EA1c.bin Delete filename [c2950-i6q4l2-mz.121-19.EA1c.bin]? Delete flash:/c2950-i6q4l2-mz.121-19.EA1c.bin? [confirm] switch-2950-1.tuxlabs.com#
Copy TFTP Flash Again (This time with our fingers crossed)
switch-2950-1.tuxlabs.com#copy tftp flash Address or name of remote host [192.168.1.123]? Source filename [c2950-i6k2l2q4-mz.121-22.EA14.bin]? Destination filename [c2950-i6k2l2q4-mz.121-22.EA14.bin]? Accessing tftp://192.168.1.123/c2950-i6k2l2q4-mz.121-22.EA14.bin... Loading c2950-i6k2l2q4-mz.121-22.EA14.bin from 192.168.1.123 (via Vlan1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 3722814 bytes] 3722814 bytes copied in 143.080 secs (26019 bytes/sec) switch-2950-1.tuxlabs.com#
Whew…close one 🙂 To be on the safe side we can verify our image like this.
switch-2950-1.tuxlabs.com#verify /md5 c2950-i6k2l2q4-mz.121-22.EA14.bin .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Done! verify /md5 (flash:c2950-i6k2l2q4-mz.121-22.EA14.bin) = 8d3250ee253b81b7fe2762e281773fbc switch-2950-1.tuxlabs.com#
Next we make our new flash image bootable.
switch-2950-1.tuxlabs.com#config t
switch-2950-1.tuxlabs(config)#boot system flash:c2950-i6k2l2q4-mz.121-22.EA14.bin
switch-2950-1.tuxlabs(config)#exit
switch-2950-1.tuxlabs.com#show boot
BOOT path-list: flash:c2950-i6k2l2q4-mz.121-22.EA14.bin
Config file: flash:/config.text
Private Config file: flash:/private-config.text
Enable Break: no
Manual Boot: no
HELPER path-list:
NVRAM/Config file
buffer size: 32768
switch-2950-1.tuxlabs.com#wr mem
Building configuration...
[OK]
switch-2950-1.tuxlabs.com#
Great, that looks good, now we are ready to reload our switch !
switch-2950-1.tuxlabs.com#reload Proceed with reload? [confirm] Connection closed by foreign host. ➜ ~
Once the switch comes back to life, validate the version info.
switch-2950-1.tuxlabs.com#show version Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by cisco Systems, Inc. Compiled Tue 26-Oct-10 10:35 by nburra Image text-base: 0x80010000, data-base: 0x80680000 ROM: Bootstrap program is C2950 boot loader switch-2950-1.tuxlabs.com uptime is 2 minutes System returned to ROM by power-on System image file is "flash:c2950-i6k2l2q4-mz.121-22.EA14.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C2950T-24 (RC32300) processor (revision P0) with 19911K bytes of memory. Processor board ID FOC0812T17M Last reset from system-reset Running Enhanced Image 24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:0F:8F:DB:4E:00 Motherboard assembly number: 73-6114-10 Power supply part number: 34-0965-01 Motherboard serial number: FOC0812243L Power supply serial number: DAB080842YJ Model revision number: P0 Motherboard revision number: A0 Model number: WS-C2950T-24 System serial number: FOC0812T17M Configuration register is 0xF switch-2950-1.tuxlabs.com#
We went from 2004, to 2010…but 2010 is the latest image available for my ancient switch ! Awesome. Now we are ready to enable SSH in the next article !
Thanks for reading,
Jason Riedel