-
Notifications
You must be signed in to change notification settings - Fork 1
/
mod3-09.html
408 lines (371 loc) · 20.5 KB
/
mod3-09.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Advanced Networking - Module 3 Chapter 9 - IOS Images and Licensing</title>
<meta name="description" content="Abilitante alle certificazioni Cisco CCENT e CCNA">
<meta name="author" content="Hacklab Cosenza">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="stylesheet" href="css/reveal.css">
<link rel="stylesheet" href="css/theme/black.css" id="theme">
<!-- Code syntax highlighting -->
<link rel="stylesheet" href="lib/css/zenburn.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
<!--[if lt IE 9]>
<script src="lib/js/html5shiv.js"></script>
<![endif]-->
</head>
<body>
<div class="reveal">
<!-- Any section element inside of this container is displayed as a slide -->
<div class="slides">
<section>
<h1>Advanced Networking</h1>
<h2>Routing & Switching:<h2>
<h2>Scaling Networks</h2>
<h3>Chapter 9: IOS Images and Licensing</h3>
<p>
<small><a href="http://hlcs.it">Hacklab Cosenza</a> / Centro di Ricerca su Tecnologia e Innovazione</small>
</p>
</section>
<section>
<h2>Cisco IOS Families and Trains</h2>
<p>Cisco IOS is the OS for almost all Cisco's networking devices, which enjoy a <strong>family of software releases</strong> in their lifespan.</p>
<p>The <em>versions</em> (12.3, 12.4, 15.0, 15.1, etc.) of Cisco IOS releases represent the <strong>advancement of the codebase</strong> as a whole.</p>
<p>IOS releases <strong>overlaps in terms of support</strong>: some time before a IOS version goes <strong>EOL</strong> (<em>end of life</em>), one or more <strong>new versions are introduced and supported</strong>.</p>
<p>Whithin each IOS release, <strong>new features will be implemented and bugs fixed</strong>. All this new code is not immediately included in the main code base, but is rather <em>branched out</em> in a "version of the version" called <em><strong>train</strong></em>.</p>
</section>
<section>
<section>
<h2>Cisco IOS 12.x Trains</h2>
<p><stron><em>Trains</em></stron> are used in IOS releases to identify and deliver a specific set of new features and bug fixes.</p>
<p>There can be multiple trains currently active, but we will focus on the <em>Mainline</em> (<strong>M train</strong>) and <em>Technology</em> (<strong>T train</strong>).</p>
</section>
<section>
<h2>Cisco IOS 12.x Trains</h2>
<ul>
<li>The <strong>M train</strong> is intended to be the <strong>most mature release</strong> Cisco can offer, and its <u>feature set never expands</u> during its lifetime. <u>Updates are released only to address bugs</u>.</li>
<li>The <strong>T train</strong>, gets <u>new features and bug fixes</u> (in sync with the M train) throughout its life, and is therefore <u>potentially less stable</u> than the mainline. At some point <u>the current T train release becomes the foundation for the next Mainline release</u>.</li>
<li>M train releases are also dubbed as <em>Maintenance Deployment</em> (MD) releases, as opposed to <em>Early Deployments</em> (ED) T train releases.</li>
</ul>
</section>
</section>
<section>
<h2>Cisco IOS 12.x Trains</h2>
<img src="http://i.imgur.com/7sL20CL.png">
<img src="http://i.imgur.com/4iYrQC0.jpg">
</section>
<section>
<section>
<h2>Cisco IOS 12.x Versioning</h2>
<ul>
<li>Mainline Train example: <strong>12.4(21a)</strong></li>
<ul>
<li><strong>12</strong> - Major version</li>
<li><strong>4</strong> - Minor version</li>
<li><strong>21</strong> - Maintenance Identifier</li>
<li><strong>a</strong> - Rebuild Identifier</li>
</ul>
<li>Technology Train example: <strong>12.4(20)T3</strong></li>
<ul>
<li><strong>12</strong> - Major version</li>
<li><strong>4</strong> - Minor version</li>
<li><strong>20</strong> - Maintenance Identifier</li>
<li><strong>T</strong> - Train Identifier</li>
<li><strong>3</strong> - Rebuild Identifier</li>
</ul>
</ul>
<p><small>The <strong>parenthesis are an obsolete notation</strong> and the aforementioned releases are also known as Cisco IOS 12.4.21a and 12.4.20T3, respectively.</small></p>
</section>
<section>
<h2>Cisco IOS 12.x Versioning</h2>
<p>All the <strong>numbers and identifiers in Cisco IOS versioning are shared</strong> across all trains. They increase as IOS develops, regardless of the train the IOS release will belong to.</p>
<p><strong><em>Rebuilds</em></strong> are IOS releases that are almost identical to the previous one and <u>only</u> focus on rapidly fixing a small number of important bugs (called <em>caveats</em> by Cisco).</p>
<p>Rebuilds are the releases containing the smaller changes, so <strong>they can be deployed by administrators right away</strong> with no need for deeper analysis.</p>
</section>
</section>
<section>
<h2>Cisco IOS 12.x Feature Set</h2>
<img src="http://i.imgur.com/BNcXC3n.jpg">
<p><small><strong>Note</strong>: SSH available in every 12.4 image.</small></p>
<p>For the IOS 12.3 and 12.4 releases, <u>8 images were available</u>, each with a different set of features. 3 of these were deemed <em>premium packages</em> by Cisco.</p>
</section>
<section>
<section>
<h2>Cisco IOS 15 Trains</h2>
<p>Cisco IOS 12.4.24T was the last IOS 12 release. 13 and 14 were skipped, and <strong>Cisco IOS 15.0 was introduced</strong>.</p>
<p>For IOS 15, Cisco rethought the IOS release process to achieve:</p>
<ul>
<li>A more predictable schedule.</li>
<li>Simplified versioning.</li>
<li>Clearer guidelines for deploying, maintaining and upgrading.</li>
</ul>
</section>
<section>
<h2>Cisco IOS 15 Trains</h2>
<img src="http://i.imgur.com/x3aazdW.jpg">
<ul>
<li>There is now a <u>single train</u>, the <strong>M/T train</strong>.</li>
<li>M (<em>Extended Maintenance</em>) releases <u>every 16-20 months</u>.</li>
<li>An <u>M-release will include all the features and hardware support developed through the T-releases</u> (<em>Standard Maintenance</em>) during that 20-month timeframe.</li>
<li>Between M-releases there are <u>2-3 T-releases per year</u>.</li>
<li>After release, <u>an M-release only receives bug fixes</u> and the development of new functionality starts over in the next T-release.</li>
</ul>
</section>
</section>
<section>
<h2>Cisco IOS 15 Versioning</h2>
<ul>
<li>Example: <strong>Cisco IOS 15.0(1)M1</strong> and <strong>Cisco IOS 15.1(3)T1</strong></li>
<small><ul>
<li><strong>15.0/15.1</strong> - Major.Minor release numbers</li>
<li><strong>1/3</strong> - New Feature release number.</li>
<li><strong>M/T</strong> - Extended or Standard Maintenance.</li>
<li><strong>1/1</strong> - Rebuild Number</li>
</ul></small>
<li>(M) - <u>Based on the last T-release</u>, version has the feature release number bumped.</li>
<li>(M) - After release, <u>they remain stable and supported for an extended period</u> (about 4 years) only receiving bugfixes, identified by increasing rebuild numbers.</li>
<li>(T) - They are <u>used between M releases to develop and perfect new features</u> and hardware support.</li>
<li>(T) - After an M-release, <u>the next T-release has its minor release number bumped</u>.</li>
</ul>
</section>
<section>
<h2>Cisco IOS 15 Feature Set</h2>
<p>With IOS 15, Cisco has greatly <strong>simplified the process of choosing and acquiring a license</strong>.</p>
<ul>
<li><strong>Feature sets have been consolidated</strong> and reduced to 4.</li>
<img src="http://i.imgur.com/TCGYlxZ.jpg" style="width: 600px;">
<li>There is now a single, <strong><em>universal</em></strong> image/binary file for Cisco IOS that <strong>contains every feature</strong>.</li>
<li>The chosen feature set is <strong>activated though licensing</strong>, installing a license file provided by Cisco after purchasing the license. There is no need to install a different image.</li>
</ul>
</section>
<section>
<section>
<h2>Cisco IOS 12.x Image Files</h2>
<ul>
<li>Example: <strong>c2800nm-advipservicesk9-mz.124-6.T.bin</strong></li>
<li><strong><code>show flash</code></strong> can be used to view image filename.</li>
<ul>
<li><strong>c2800nm</strong> - The <u>hardware</u> this image can run on.</li>
<li><strong>advipservicesk9</strong> - The <u>feature set</u> the image provides.</li>
<li><strong>mz</strong> - If present, it indicates <u>memory location</u> and <u>compression format</u>.</li>
<ul>
<li>f = run from flash; m = from RAM; r = from ROM; l = relocatable; z = ZIP compressed; x = MZIP compr.</li>
<li>Note: Images are <strong>automatically unzipped</strong> before being loaded into memory.</li>
</ul>
<li><strong>124-6.T</strong> - IOS release <u>version</u>.</li>
<li><strong>bin</strong> - <u>File extension</u>, indicating this is an executable file.</li>
</ul>
</ul>
</section>
<section>
<h2>Cisco IOS 15.x Image Files</h2>
<ul>
<li>Example: <strong>c1900-universalk9-mz.SPA.152-4.M3.bin</strong></li>
<ul>
<li><strong>c1900</strong> - The <u>hardware platform</u> this image can run on.</li>
<li><strong>universalk9</strong> - <u>Image designation</u>. This is a universal image, and feature set are controlled through licenses.</li>
<ul>
<li><strong>universalk9_npe</strong> - A variant of the universal image that is compiled <u>without strong encryption features</u> to comply with import/export laws in certain countries.</li>
</ul>
<li><strong>mz</strong> - <u>Memory location</u> and <u>compression format</u>.</li>
<li><strong>SPA</strong> - The <u>image is digitally signed</u> by Cisco.</li>
<li><strong>152-4.M3</strong> - The <u>IOS release contained</u> by the image.</li>
<li><strong>bin</strong> - File <u>extension</u>.</li>
</ul>
</ul>
</section>
</section>
<section>
<h2>Managing IOS Images</h2>
<p>In large networks, it could be useful to deploy a <strong>TFT Server to store every IOS image and configuration files</strong>.</p>
<p>The server can be <strong>used for backup</strong>, in the event an image file on a flash card is corrupted or configuration is lost.</p>
<p>Also, devices can be configured to <strong>boot searching the IOS on a TFTP server</strong>: <em>one image to boot them all...</em></p>
<p>After <strong>verifying connectivity</strong> (<code>ping</code>) to the TFTP server and/or ensuring the flash card has <strong>sufficient space</strong> to store the image (<code>show flash</code>), it can be copied:</p>
<ul>
<li>to the server - <strong><code>copy flash: tftp:</code></strong></li>
<li>from the server - <strong><code>copy tftp: flash:</code></strong></li>
</ul>
</section>
<section>
<h2>System Boot</h2>
<p>The <strong>bootstrap of a Cisco devices search <code>boot system</code> commands in the startup configuration to decide which IOS image to load</strong>.</p>
<p>This means that <u>after copying a new image onto the flash, to boot it the device needs to be configured</u> to do so.</p>
<p><strong>Multiple <code>boot system</code> commands can be entered</strong>, so that if the first image fails to be loaded, the second one can be tried until a successful boot is achieved.</p>
<pre><code class="no-highlight">Router# configure terminal
Router(config)# boot system flash0://[image file]
Router(config)# boot system tftp://[image file]
Router(config)# exit
Router# copy running-config startup-config
Router# reload</code></pre>
</section>
<section>
<section>
<h2>Cisco Licensing Process</h2>
<p>New Cisco devices ship <strong>the same universal images pre-installed.</strong> The available feature sets (<em>technology packages</em>) for Cisco IOS 15 are <strong>IP Base, Data, Unified Communications (UC), Security (SEC)</strong>.</p>
<p>Every package is <strong>activated only after purchasing and installing a license</strong>.</p>
<p><u>When purchasing a device, choosing a feature set is mandatory</u>, so the devices can be <strong>shipped with the corrisponding licenses pre-installed and activated</strong>.</p>
</section>
<section>
<h2>Cisco Licensing Process</h2>
<ol start="1">
<li><strong>Buy a package or feature set</strong></li>
<ul>
<li>After the purchase, the customer receives from Cisco a <em>Product Activation Key</em> (PAK), an 11-digit alphanumeric key that is <strong>valid as recept and is used to obtain the license</strong>.</li>
<li>PAK is tied to a specific package and can generate the purchased number of license, but <strong>it's till not tied to a specific device</strong>.</li>
</ul>
</ol>
</section>
<section>
<h2>Cisco Licensing Process</h2>
<ol start="2">
<li><strong>Obtain the corresponding license</strong></li>
<ul>
<li>By acquiring a <em>Software Activation License</em>, which comes <strong>in the form of a file</strong>. This can be done through:</li>
<ul>
<li><strong>Cisco License Manager (CLM)</strong> - A standalone, freeware application, able to <strong>generate and centrally manage license for multiple devices</strong> in a network.</li>
<li><strong>Cisco License Registration Portal</strong> - A web site for <strong>registering licenses on an individual basis</strong>.</li>
</ul>
</ul>
</ol>
</section>
<section>
<h2>Cisco Licensing Process</h2>
<ol start="2">
<li><strong>Obtain the corresponding license</strong></li>
<ul>
<li><em>(cont.)</em>:</li>
<li>For both, an <em>Unique Device Identifier</em>(UDI) is required together with a PAK to <strong>tie the license to a specific device</strong>.</li>
<li><u>UDI is a combination</u> of the <em>Product ID</em> (PID, a number identifying the type of the device), the Serial Number (SN, unique to the device) and the hardware revision.</li>
<li>UDI can be found with the <strong><code>show license udi</code></strong> command or by the <strong>pull-out label</strong> on the device itself.</li>
<li>The license (XML, .lic) file will be <strong>sent by email</strong>.</li>
</ul>
</ol>
</section>
<section>
<h2>Cisco Licensing Process</h2>
<ol start="3">
<li><strong>Installing the License</strong></li>
<ul>
<li>The steps to install a <strong>permanent license</strong> (which <u>won't expire for the lifetime of the device</u>) are:</li>
</ul>
<pre><code class="no-highlight">Router# license install flash0:seck9-C1900-SPE150_K9-FAB12340099.xml
Installing licenses from “seck9-C1900-SPE150_K9-FAB12340099.xml"
Installing...Feature:seck9...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
Router#
*May 18 19:24:57.391: %LICENSE-6-INSTALL: Feature seck9 1.0
was installed in this device.
UDI=1900-SPE150/K9:FAB12340099; StoreIndex=15:Primary
License Storage
*May 28 19:24:57.615: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL:
Module
name = c1900
Next reboot level = seck9 and License = seck9
R2# reload</code></pre>
<p>The steps <strong>don't need to be repeated after upgrading</strong> IOS.</p>
</ol>
</section>
</section>
<section>
<section>
<h2>License Management</h2>
<p>Licenses can be <strong>permanent or evaluation</strong>. To display license status of each technology package (mind their names, they are use in licensing commands):</p>
<pre><code class="no-highlight">Router# show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: datak9
Period left: 8 weeks 4 days
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA accepted
License Count: Non-Counted
License Priority: Low
Index 4 Feature: SSL_VPN
Period left: Not Activated
Period Used: 0 minute 0 second</code></pre>
</section>
<section>
<h2>Evaluation Licenses</h2>
<p><strong>Evaluation Right-to-use (RTU)</strong> licenses allows customers to try features for some time (typically 60 days). To accept an evaluation license for a technology package:</p>
<pre><code class="no-highlight">Router# license boot module {module_name} technology-package {package_name}
Router# reload</code></pre>
<p>To avoid having to accept the EULA of a license prior to activating it (useful for <strong>automated licensing</strong>), use:</p>
<pre><code class="no-highlight">Router(config)# license accept end user agreement</code></pre>
<p>To <strong>backup all licenses</strong> for a device:</p>
<pre><code class="no-highlight">Router# license save {file-sys://license_file.lic}</code></pre>
<p>Later they can be <strong>restored in one go</strong> with <code>license install</code>.</p>
</section>
<section>
<h2>Uninstalling Licenses</h2>
<pre><code class="no-highlight">Router(config)# license boot module [name] technology-package [package] disable
Router(config)# exit
Router# reload
[Simulated reload]
Router# license clear [package]
Router# configure terminal
Router(config)# no license boot module [name] technology-package [package] disable
Router(config)# exit
Router# reload</code></pre>
</section>
</section>
<section>
<h1>End of Lesson</h1>
</section>
<section>
<h2>Linkography</h2>
<ul>
<li><a href="http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-software-releases-listing.html">Networking Software - Cisco IOS</a> (Cisco IOS home page) @ Cisco.com</li>
<li><a href="http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-4-mainline/whitepaper_C11-719867.html">Cisco IOS Software Reference Guide</a> @ Cisco.com</li>
<li><a href="http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-release-15-0-1-m/qa_c67_561940.html">Cisco IOS Software Release 15 M and T Q&A</a> @ Cisco.com</li>
<li><a href="http://packetlife.net/media/library/21/Cisco_IOS_Versions.pdf">Cisco IOS versions cheat sheet</a> @ Packet Life</li>
</ul>
</section>
</div>
</div>
<script src="lib/js/head.min.js"></script>
<script src="js/reveal.js"></script>
<script>
// More info https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: true,
transition: 'slide', // none/fade/slide/convex/concave/zoom
// More info https://github.com/hakimel/reveal.js#dependencies
dependencies: [
{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
{ src: 'plugin/zoom-js/zoom.js', async: true },
{ src: 'plugin/notes/notes.js', async: true }
]
});
</script>
</body>
</html>