Error Connecting to Command Relay Server When Upgrading Cisci Router Firmware
Cisco IOS devices typically use their wink memory to store the IOS image. On well-nigh routers, this flash retentiveness tin exist hands replaced. On some switches, it is integrated in the device and can’t be replaced.
In this lesson, I’ll show you some different options how to copy a new IOS epitome to your Cisco IOS router or switch. I will use a Cisco 2800 IOS router in these examples.
First, head over to Cisco.com > Support > Download and grab the IOS image that yous want. For example:
If you hover your mouse over the filename, you will meet some extra information:
In a higher place you tin run into the file name and MD5 checksum. The checksum can be used to check if the file that you lot downloaded is the same or has changed. I’ll testify you this later.
Once you downloaded the IOS prototype, check if yous have enough space left on your flash memory:
R1#show flash:
-#- --length-- -----date/time------ path ane 1119 Sep 29 2015 eleven:11:52 +00:00 r1-r2-r3.cfg ii 1184 Dec three 2014 xv:xiv:06 +00:00 R1-R2-ASA1-ASA2.cfg 3 1125 December 23 2014 13:41:32 +00:00 ASA1-R1-R2-R3.cfg five 76 Jul 17 2014 12:09:ten +00:00 System Volume Information/IndexerVolumeGuid 6 1060 Aug 11 2015 12:53:50 +00:00 mpls-pe-ce-basic-addressing.cfg 7 1213 Sep 30 2015 15:05:02 +00:00 router-on-a-stick.cfg viii 67926080 Apr 2 2015 14:21:46 +00:00 c2800nm-adventerprisek9-mz.151-4.M10.bin 3862364160 bytes available (137428992 bytes used)
On my flash retention, there are a bunch of configuration files and the current IOS image. There are 3862364160 bytes bachelor (3862 MB) and so nosotros have plenty of space.
When we want to copy something to or from this router, we have to use the
copy
command:
R1#re-create ?
/erase Erase destination file system. /error Let to copy error file. /noverify Don't verify prototype signature before reload. /verify Verify image signature before reload. archive: Copy from archive: file system cns: Copy from cns: file system
flash: Copy from wink: file arrangement
ftp: Copy from ftp: file system
http: Copy from http: file system https: Copy from https: file organisation nil: Copy from goose egg: file organisation nvram: Copy from nvram: file system pram: Copy from pram: file organisation rcp: Re-create from rcp: file organization running-config Copy from current system configuration
scp: Re-create from scp: file system
startup-config Re-create from startup configuration arrangement: Re-create from organisation: file organisation tar: Copy from tar: file system
tftp: Copy from tftp: file system
tmpsys: Copy from tmpsys: file arrangement xmodem: Copy from xmodem: file arrangement ymodem: Re-create from ymodem: file arrangement
We have a lot of options. The most common options for copying an IOS prototype are:
- TFTP
- FTP
- SCP
I will explain all three options to you.
Newer routers as well support copying from USB sticks. This volition show up every bit usbflash: in the filesystem overview.
TFTP
TFTP (Niggling File Transfer Protocol) is similar to FTP just much simpler, like a lite weight version. Information technology doesn’t back up authentication or encryption and uses UDP for transmission. I will utilise the following topology:
We need a TFTP server application, a groovy choice here isTFTPD32. Yous can download it for free and it’south an executable, no need to install annihilation.
Once y’all downloaded TFTPD32, start it:
And you will see the main screen:
Make sure you select the right directory where you downloaded your IOS image and if yous have multiple network interfaces, select the correct interface.
The copy command works in both directions. I can copy to and from the TFTP server. Here’s how to re-create the current IOS image to the TFTP server:
R1#copy wink: tftp:
Source filename []?
c2800nm-adventerprisek9-mz.151-iv.M10.bin
Address or proper noun of remote host []?
192.168.1.200
Destination filename
[c2800nm-adventerprisek9-mz.151-four.M10.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 67926080 bytes copied in 312.508 secs (217358 bytes/sec)
When you employ the copy flash: tftp: control, information technology will ask you for the IP address and filename. When you see something between [] (brackets), you tin merely hitting the enter button. For example, since I specified the source proper noun, the router assumes I desire to employ the aforementioned file name for the destination. Don’t type “y” or “yes” hither or that will become the destination filename.
If you are unable to connect to the TFTPD32 server, cheque your Windows firewall.
We can meet the transfer on our router or you can see information technology in TFTPD32:
Nosotros at present take a backup of our current IOS prototype. Allow’s copy the new prototype to the router:
R1#copy tftp: wink:
Address or proper noun of remote host []?
192.168.1.200
Source filename []?
c2800nm-adventerprisek9-mz.151-4.M12a.bin
Destination filename
[c2800nm-adventerprisek9-mz.151-4.M12a.bin]? Accessing tftp://192.168.one.200/c2800nm-adventerprisek9-mz.151-4.M12a.bin... Loading c2800nm-adventerprisek9-mz.151-4.M12a.bin from 192.168.1.200 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 67929600 bytes] 67929600 bytes copied in 316.628 secs (214541 bytes/sec)
The transfer has completed, let’s have a look at our flash retention:
R1#show flash: | include .bin
viii 67926080 Apr 2 2015 fourteen:21:46 +00:00 c2800nm-adventerprisek9-mz.151-iv.M10.bin 25 67929600 Nov 4 2016 12:11:22 +00:00 c2800nm-adventerprisek9-mz.151-4.M12a.bin
In a higher place we tin see the new IOS epitome.
The copy command besides allows you to enter parameters similar the IP address of the TFTP server and filenames. Here is an example:
R1#re-create tftp://192.168.i.200/c2800nm-adventerprisek9-mz.151-four.M12a.bin flash:
Destination filename [c2800nm-adventerprisek9-mz.151-4.M12a.bin]?
Higher up you lot can see that I already entered the IP address and filename. Once I striking enter, it will only ask me for the destination filename (which I as well could have entered). If y’all take to upgrade the IOS image on multiple devices, this is more convenient as you tin can only copy/paste the higher up line on all devices.
You can likewise turn a Cisco IOS router or switch into a TFTP server. You only need one command to accomplish this:
R1(config)#tftp-server flash:c2800nm-advipservicesk9-mz.124-24.T8.bin alias 2800-image.bin
The alias parameters lets you use a different name for the filename. In the example above, “2800-image.bin” refers to the bodily file on the flash of my router.
FTP
Copying to or from an FTP server is also no problem, we tin can do this with the same re-create command. Ane thing yous might have to bargain with is authentication. Almost FTP servers will require a username and countersign. Here is the topology I will use:
At that place are two things we can practise to supply a username and password. Here is option one::
R1(config)#ip ftp username admin
R1(config)#ip ftp password cisco
We can globally configure the username and password that we want to use for the FTP server. When you apply the re-create command, Cisco IOS will use these values for authentication.
Personally, I don’t like leaving this information in the running configuration. It’s besides possible to supply a username and countersign with the re-create command. Here is an example:
R1#copy ftp://admin:[email protected]/c2800nm-adventerprisek9-mz.151-4.M12a.bin flash:
Destination filename [c2800nm-adventerprisek9-mz.151-4.M12a.bin]? Accessing ftp://*****:*****@192.168.1.201/c2800nm-adventerprisek9-mz.151-4.M12a.bin... Loading c2800nm-adventerprisek9-mz.151-4.M12a.bin from 192.168.one.201 (via FastEthernet0/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 67929600 bytes] 67929600 bytes copied in 884.704 secs (76782 bytes/sec)
Above you lot tin see I embedded the username “admin”, the password “cisco” and the IP accost of my FTP server. This way is also easier, you can copy/paste this line on all devices that crave an IOS image upgrade.
SCP
Last but non least, we take SCP (Secure Re-create) which uses SSH. This is a neat method considering of two reasons:
- It allows y’all to use your router/switch as an SCP server.
- It uses encryption.
- You probably already have SSH configured on your router or switch.
I will show you how to configure your router as an SCP server and how to copy files to/from it. I’m going to use 2 routers for this:
R1 Configuration
First, we accept to configure SSH:
R1(config)#ip domain-proper name NETWORKLESSONS.LOCAL
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config)#crypto key generate rsa
The name for the keys will be: R1.NETWORKLESSONS.LOCAL Cull the size of the primal modulus in the range of 360 to 4096 for your Full general Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]:
1024
% Generating 1024 chip RSA keys, keys volition be non-exportable... [OK] (elapsed time was iii seconds) R1(config)#ip ssh version 2
Now we only need two additional commands for SCP. The first one is to enable the SCP server:
R1(config)#ip scp server enable
And nosotros need a user that has total access to the router:
R1(config)#username admin privilege xv password cisco
Let’s go along with R2, our SCP client.
R2 Configuration
R2 will be our SCP customer. Let’due south effort the copy command:
R2#copy scp: wink:
Address or name of remote host []? 192.168.1.1 Source username []? admin Source filename []? c2800nm-adventerprisek9-mz.151-4.M12a.bin Destination filename [c2800nm-adventerprisek9-mz.151-4.M12a.bin]? Password: !!!!!!!!!!! 67929600 bytes copied in 884.704 secs (76782 bytes/sec)
The copy command will ask for the remote IP address, username, password, and filename.
MD5 Verification
And then far we copied a couple of files simply how do we know that these files are valid? When we downloaded the Cisco IOS paradigm, I showed you the MD5 checksum that Cisco publishes on their website. We tin can verify this checksum on our router:
R1#verify /md5 flash:c2800nm-adventerprisek9-mz.151-iv.M12a.bin
.................Done! verify /md5 (flash:c2800nm-adventerprisek9-mz.151-4.M12a.bin) =
fcdaeb55b292534e97ecc29a394d35aa
This MD5 checksum is the same every bit the one we found on the Cisco website. This tells us that we have the same file as Cisco published and that the file has non been tampered with. If the checksum fails, possibly someone has added something nasty to the image.
Boot Organisation
Our router currently has 2 IOS images:
R1#show flash: | include .bin
8 67926080 Apr 2 2015 14:21:46 +00:00 c2800nm-adventerprisek9-mz.151-4.M10.bin 25 67929600 November iv 2016 12:11:22 +00:00 c2800nm-adventerprisek9-mz.151-4.M12a.bin
Which IOS image volition it select when the router boots? Deleting the old IOS image is one option simply in that location is some other way.
Most routers will select the get-go filename that they find on the flash memory and then in our case, it means information technology would boot the older IOS image. We can change this with the
boot sytem
command:
R1(config)#kicking system flash:c2800nm-adventerprisek9-mz.151-4.M12a.bin
Permit’due south reload the router:
R1#reload
System configuration has been modified. Save? [yes/no]:
yes
Building configuration... [OK]
Once the router has reloaded, verify that nosotros are running the new IOS image:
R1#show version Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-K), Version 15.1(4)M12a, RELEASE SOFTWARE (fc1) Technical Support: http://world wide web.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Tue 04-Oct-16 03:37 by prod_rel_team ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) R1 uptime is 14 minutes System returned to ROM past reload at fourteen:01:00 UTC Fri Nov iv 2016 System prototype file is
"wink:c2800nm-adventerprisek9-mz.151-4.M12a.bin"
Higher up we can run across nosotros booted the new Cisco IOS image.
Configurations
Want to take a wait for yourself? Here y’all will discover the final configuration of each device.
R1
hostname R1 ! boot organization flash:c2800nm-adventerprisek9-mz.151-4.M12a.bin ! ip cef ! ip domain name NETWORKLESSONS.LOCAL ! username admin privilege 15 countersign 0 cisco ! ip ssh version 2 ip scp server enable ! interface FastEthernet0/0 ip address 192.168.ane.1 255.255.255.0 duplex auto speed auto ! line vty 0 iv login local transport input ssh ! end
Conclusion
Y’all have now learned how to upgrade your Cisco IOS paradigm through TFTP, FTP and SCP. You have seen how this can be done from your figurer to your router/switch or betwixt ii routers. We also checked how to verify the integrity of the file with the MD5 checksum and how to configure your router to boot the new IOS image.
